Amazon Web Services

Amazon Web Services is so far the platform of choice for hosting applications and delegating IT administration tasks. It helps save on maintenance costs of on-premises servers and provides cloud computing resources to cater to your company needs.

Cygna Auditor for AWS enables you to track changes to Amazon Identity and Access Management (IAM) configuration, that is an integral part of AWS infrastructure. For a list of monitored events and objects, see AWS Key Events & Activities.

Start Collecting Data

By default, Cygna Auditor audits the entire IAM but you can configure it to collect data from a single IAM as several collectors, for example, set up data collection for each AWS region within your IAM separately.

  1. On the Cygna Auditor home page, click the Configuration tile and then drill-down to Amazon Web Services Configuration.
  2. Click to add a new AWS configuration.
  3. Complete the auditing configuration:

    OPTION

    DESCRIPTION

    The General step

    Enable this collection Select the toggle to turn on data collection. You can disable data polling any time without deleting a collector.
    Name Add a name to distinguish one AWS collector from the other. This name will be used internally in Cygna Auditor
    Description (Optional) Add there any further details about current configuration.
    The Amazon API Credentials step

    Access key

    Secret key

    Provide your AWS authentication keys, check your AWS account for more information.
    Authorized region Select one or more Amazon regions where your services reside. These regions will be used to provide access to the AWS API and continue with the configuration steps. It must be regions authorized for the Amazon account.
    Verify connectivity

    Click to check that the AWS API functions for Elastic Cloud Compute (EC2) and Cloud Trail are accessible. These functions are used during configuration and data collection. The connectivity is checked for each region authorized for the account.

    If you have configured proxy settings, those settings will be used to test connectivity. If a proxy server is used without those proxy settings, access has to be provided outside of Cygna Auditor.

    The Collector Settings step

    Collection Interval

    Specify the duration (in minutes) between event collections.

    Initial Collection Interval

    Specify the length (in days) of the event backlog to collect the first time the collector runs.

    Cloud Trail – The name of the cloud trail

    Store Interval

    Specify the amount of time (in seconds) the collector queues events for storage in the database. The default is recommended.

    Cloud Trail

    Provide a name of cloud trail in the in Amazon Resource Name (ARN) format. Enter the whole name or start typing and search for trails.

    Verify Trail Access

    (Optional) Check that the cloud trail and its associated S3 bucket are accessible prior to data collection with the credentials and region provided.

    The Ignored Events step

    Ignored Events list

    Add the names of events you wish to ignore during event collection.

    By default, Cygna Auditor suggests to ignore some common “noise” events. These entries can be retained or discarded.

    The Summary step

    Summary

    Review the data collection details before saving them.

Note: Make sure Cygna Auditor has access to *.amazonaws.com (GET and POST).