Blog

Automated Observable Setup for AWS Users

Automatically provision your AWS accounts with a new tool

Setting up Observable monitoring for an AWS account is pretty easy - you create a read-only IAM policy, attach it to a new role, and then make sure your VPCs are publishing Flow Logs. It's now slightly easier if you're a developer who is comfortable with the AWS CLI - our new aws-setup script automates the process.

Assuming you've got your AWS credentials in your environment or profile, retrieve the script from GitHub and run it:

$ git clone https://github.com/obsrvbl/aws-setup.git
$ cd aws-setup/
$ python onsetup.py 
 __   __   __   ___  __             __        ___ 
/  \ |__) /__` |__  |__) \  /  /\  |__) |    |__  
\__/ |__) .__/ |___ |  \  \/  /~~\ |__) |___ |___ 
      ___ ___       __   __        __             
|\ | |__   |  |  | /  \ |__) |__/ /__`            
| \| |___  |  |/\| \__/ |  \ |  \ .__/

Once it's running it will show you which permissions are needed for the Observable policy and role, check your VPCs for flow logs, and offer to create what's needed.

Check a region for VPC flows?
AWS region (us-east-1): 

AWS region    VPC ID    Flow Logs group
us-east-1    vpc-edda5b8a    None
us-east-1    vpc-34d33a50    None

For which VPCs should log groups be created? Note that AWS charges for log storage.
Create group for (VPC ID/all/none/missing): missing
Check another region? (no): no

After you answer the relevant questions the script will create the requested policy, role, and VPC Flow Log groups. Then you'll be ready to enter those into the Observable web portal to start monitoring:

Logging vpc vpc-cafecafe to flowlogsGroup in us-east-1
Logging vpc vpc-efacefac to flowlogsGroup in us-east-1

All finished. Copy the Role ARN below to enter into the Observable web portal:
arn:aws:iam::123456789012:role/observableNetworksRole

Take note of any log groups above; you will enter them into the Observable web portal.

This script should be helpful in controlling human errors with role, policy, and log group creation; and is a fast way to set up lots of VPCs with flow logging. The documentation has more setup examples and usage notes. You can also read the source for the script on GitHub to verify what's being done for your account.

We also have some other open source AWS tools available on our GitHub page - if you're an AWS user we'd be pleased to get your feedback.

Detect Threats Faster – Start Your Free, No-Risk Trial