fbpx
Back Arrow Back to All Integrations

AWS: Kinesis Data Stream and IAM

AWS: Kinesis Data Stream and IAM

Configuring AWS Kinesis Data Stream and IAM

Before configuring AWS Security Logging for Blumira, we recommend reviewing Blumira’s Getting Started Guide for AWS.
In order to enable broad Blumira coverage for AWS, you will want to follow these configurations steps:

  1. Configure AWS Kinesis Data Stream and IAM (Continue Below)
  2. Configure AWS CloudTrail
  3. Configure AWS CloudWatch
  4. Configuring AWS VPC Flow Logs
  5. Configure AWS GuardDuty

 

The following guidance will help avoid dependency conflicts in an AWS environment that has not been configured for monitoring. If your environment has already been configured for monitoring and you wish to avoid duplicate roles, groups, or resources; feel free to use those instead so long as your environment meets the above reference architecture to correctly permission and route log flows into a AWS Kinesis Data Stream.

 

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.

 

Free Trial

Configure Kinesis Data Stream

  1. From the AWS Console, validate that we’re operating in the region in which we wish to configure AWS logging
  2. Then from the Kinesis service, select Kinesis Data Streams and then click Create data stream:
  3. Name the stream (in our example, we suggest “company name-region”)
  4. Configure the number of open shards (this can be adjusted later so it’s recommended to start with just one)
  5. Click Create data stream
  6. Note (and save) the Amazon resource name (ARN) of the stream

IAM Configuration for the Blumira Data Stream

Next, let’s configure the IAM policy that will allow Blumira to ingest your log data from the Kinesis data stream.

  1. Add a new user with the Programmatic Access permission:
  2. Click Next:Permissions and select Create policy
  3. Enter Service: Kinesis; Access List; and Read and specify the ARN for the data stream
  4. Provide a name for the policy when prompted
  5. Complete finishing the AWS IAM role configuration with the default options
  6. Save the secret and access keys and provide them to Blumira for log ingestion.

Configuring Blumira

After you have your AWS API information, you must configure Blumira to collect AWS logs. You can do this through a Cloud Connector or an AWS Module, if you want to use an existing sensor.

You can use the sections below to guide you through either process.

Adding a Cloud Connector with AWS

Cloud Connectors automate the configuration of your AWS integration without requiring you to use a sensor. After you obtain the AWS API parameters, you can then enable Blumira to collect AWS logs.

  1. In the Blumira app, go to the Cloud Connectors page (Infrastructure > Cloud Connectors).
  2. Click + Add Cloud Connector.
  3. In the Available Cloud Connectors window, click the connector that you want to add.
  4. If you want to change the name of the Cloud Connector, type the new name in the Cloud Connector Name box.
  5. (Optional) Type a name for this log deployment in the Log Source Name box. This name is what will appear in the “device_address” column in the results of your event data queries. If you might have additional modules collect logs for different integrations in the future, this will help you distinguish them.
  6. Enter the API credentials that you collected in the section above.
  7. Click Connect.
    On the Cloud Connectors screen, under Current Status, you can view the configuration’s progress. When the configuration completes, the status changes to Online (green dot).
  8. Important: If you previously deployed a Module for this integration, then you must remove it via the Sensors page (Infrastructure > Sensors) to avoid log duplication.

Adding and Configuring the AWS Kinesis Module on the Blumira Sensor

To collect AWS logs on an existing or new sensor in the sensor UI, you must add the AWS Module (note that the typical “Logger” module must also be present on this sensor for logs to flow; it will be listed at the bottom of your sensor detail page, if present [1]).

To add the AWS Kinesis Module:

  1. Log in to app.blumira.com and navigate to Infrastructure > Sensors in the left hand navigation
  2. Create a sensor if you haven’t already done so.
  3. Click on your sensor, then on the Add Module button
  4. Choose AWS Kinesis Module from the list of modules
  5. Fill in the fields as shown below.
  6. Note that Log Source Name is an optional name of your own choosing to help keep logs from different modules apart when building reports.

Now that you’ve configured your AWS Kinesis data stream and IAM with Blumira, continue to the next step: Configure AWS CloudTrail >