fbpx
Back Arrow Back to All Integrations

AWS: Kinesis Data Stream and IAM

AWS: Kinesis Data Stream and IAM

Configuring AWS Kinesis Data Stream and IAM

 

Click here for the most updated version of this documentation.

 

Before configuring AWS Security Logging for Blumira, we recommend reviewing Blumira’s Getting Started Guide for AWS.
In order to enable broad Blumira coverage for AWS, you will want to follow these configurations steps:

  1. Configure AWS Kinesis Data Stream and IAM (Continue Below)
  2. Configure AWS CloudTrail
  3. Configure AWS CloudWatch
  4. Configuring AWS VPC Flow Logs
  5. Configure AWS GuardDuty

 

The following guidance will help avoid dependency conflicts in an AWS environment that has not been configured for monitoring. If your environment has already been configured for monitoring and you wish to avoid duplicate roles, groups, or resources; feel free to use those instead so long as your environment meets the above reference architecture to correctly permission and route log flows into a AWS Kinesis Data Stream.

 

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.

 

Free Trial

Configuring AWS Kinesis Data Stream

To configure the Kinesis Data Stream:

  1. From the AWS Console, validate that we are operating in the region in which you want to configure AWS logging.
  2. From the Kinesis service, select Kinesis Data Streams, and then click Create data stream.

  1. Type a name for the stream in the Data stream name box.
    Tip: We recommend using the format “company name-region.”
  2. Under Data stream capacity, select the number of open shards (we recommend that you start with one).
  4. Click Create data stream
  5. Under Stream details, copy and save the stream’s Amazon resource name (ARN) for use in the steps below.

    Configuring the AWS Identity and Access Management policy

    After you configure the Kinesis data stream, you must configure the Identity and Access Management (IAM) policy to allow Blumira to ingest your log data from the stream. You will need the ARN value gathered in the previous step.

    To configure the IAM policy for Blumira:

    1. Under Set user details, type the name you want to use for Blumira access in the User name box.
    2. Under Select AWS access type, select the Programmatic access checkbox.

  1. Click Next: Permissions.
  2. Click Create policy.
  3. Enter Service: Kinesis; Access List; and Read and specify the ARN for the data stream.
  4. When prompted, type a name for the policy.
  5. Complete the AWS IAM role configuration with the default options.
  6. Save the secret access key and access key ID to be used in the AWS Cloud Connector in Blumira.

Integrating with AWS using a Cloud Connector

Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration’s configuration parameters, you can then enable Blumira to collect your logs.

To configure your integration with Blumira Cloud Connector:

  1. In the Blumira app, go to the Cloud Connectors page (Settings > Cloud Connectors).
  2. Click + Add Cloud Connector.
  3. In the Available Cloud Connectors window, click the connector that you want to add.
  4. If you want to change the name of the Cloud Connector, type the new name in the Cloud Connector Name box.
  5. Enter the API credentials that you collected in the “Before you begin” section above.
  6. Click Connect.
  7. On the Cloud Connectors screen, under Current Status, you can view the configuration’s progress. When the configuration completes, the status changes to Online (green dot).
    Important: If you previously deployed a Module for this integration, then you must remove it via the Sensors page (Settings > Sensors) to avoid log duplication.

Next Steps

After you integrate with AWS Kinesis Data Stream and IAM, go to the following sections to continue integrating with AWS:

  1. Configure AWS CloudTrail
  2. Configure AWS CloudWatch
  3. Configuring AWS VPC Flow Logs
  4. Configure AWS GuardDuty