Setting up Observable monitoring for an AWS account is pretty easy - you create a read-only IAM policy, attach it to a new role, and then make sure your VPCs are publishing Flow Logs. It's now slightly easier if you're a developer who is comfortable with the AWS CLI - our new aws-setup script automates the process.
Assuming you've got your AWS credentials in your environment or profile, retrieve the script from GitHub and run it:
$ git clone https://github.com/obsrvbl/aws-setup.git $ cd aws-setup/ $ python onsetup.py __ __ __ ___ __ __ ___ / \ |__) /__` |__ |__) \ / /\ |__) | |__ \__/ |__) .__/ |___ | \ \/ /~~\ |__) |___ |___ ___ ___ __ __ __ |\ | |__ | | | / \ |__) |__/ /__` | \| |___ | |/\| \__/ | \ | \ .__/
Once it's running it will show you which permissions are needed for the Observable policy and role, check your VPCs for flow logs, and offer to create what's needed.
Check a region for VPC flows? AWS region (us-east-1): AWS region VPC ID Flow Logs group us-east-1 vpc-edda5b8a None us-east-1 vpc-34d33a50 None For which VPCs should log groups be created? Note that AWS charges for log storage. Create group for (VPC ID/all/none/missing): missing Check another region? (no): no
After you answer the relevant questions the script will create the requested policy, role, and VPC Flow Log groups. Then you'll be ready to enter those into the Observable web portal to start monitoring:
Logging vpc vpc-cafecafe to flowlogsGroup in us-east-1 Logging vpc vpc-efacefac to flowlogsGroup in us-east-1 All finished. Copy the Role ARN below to enter into the Observable web portal: arn:aws:iam::123456789012:role/observableNetworksRole Take note of any log groups above; you will enter them into the Observable web portal.
This script should be helpful in controlling human errors with role, policy, and log group creation; and is a fast way to set up lots of VPCs with flow logging. The documentation has more setup examples and usage notes. You can also read the source for the script on GitHub to verify what's being done for your account.
We also have some other open source AWS tools available on our GitHub page - if you're an AWS user we'd be pleased to get your feedback.
Detect Threats Faster – Start Your Free, No-Risk Trial