Amazon Web Services
Amazon Web Services is so far the platform of choice for hosting applications and delegating IT administration tasks. It helps save on maintenance costs of on-premises servers and provides cloud computing resources to cater to your company's needs.
Cygna Auditor for AWS enables you to track changes to Amazon Identity and Access Management (IAM) configuration, an integral part of AWS infrastructure.
Start Collecting Data
By default, Cygna Auditor audits the entire IAM, but you can configure it to collect data from a single IAM as several collectors, for example, set up data collection for each AWS region within your IAM separately.
- On the Cygna Auditor home page, click the Auditor / Configuration tile and then drill-down to Amazon Web Service.
- Click
to add a new AWS configuration.
-
Complete the auditing configuration:
OPTION
DESCRIPTION
The General step
Enable this collection Select the toggle to turn on data collection. You can disable data polling at any time without deleting a collector. Name Add a name to distinguish one AWS collector from the other. This name will be used internally in Cygna Auditor Description (Optional) Add there any further details about the current configuration. The Amazon API Credentials step Access key
Secret key
Provide your AWS authentication keys, and check your AWS account for more information. Authorized region Select one or more Amazon regions where your services reside. These regions will be used to provide access to the AWS API and continue with the configuration steps. It must be regions authorized for the Amazon account. Verify connectivity Click to check that the services for Elastic Cloud Compute (EC2), Organizations, S3, and Cloud Trail are accessible. These functions are used during configuration and data collection. The connectivity is checked for the region you specified above.
If you have configured proxy settings, those settings will be used to test connectivity. If a proxy server is used without those proxy settings, access has to be provided outside of Cygna Auditor.
The Collector Settings step
Initial Collection Interval
Specify the length (in days) of the event backlog to collect the first time the collector runs.
Cloud Trail – The name of the cloud trail
Store Interval
Specify the amount of time (in seconds) the collector queues events for storage in the database. The default is recommended.
Cloud Trail
Provide a name of cloud trail in the Amazon Resource Name (ARN) format. Enter the whole name, or start typing and search for trails.
Verify Trail Access
(Optional) Check that the cloud trail and its associated S3 bucket are accessible before data collection with the credentials and region provided.
The Collection Schedule step
Add new schedule
Select to configure a new schedule. You can create several schedules if needed.
Enable scheduled job
Switch the toggle to "On".
Name
Specify a name of the schedule.
Description
Provide a description.
Frequency
Cygna Auditor provides multiple options: one-time, minutes, hours, days, Monday-Friday, weekly, bi-weekly, monthly, quarterly, annually. Select how often to perform data collection depending on your auditing needs.
Start date
Choose when to start collecting data: immediately or specify a date.
End date
Specify an end day for the data collection schedule if necessary or set to "Never".
The Ignored Events step
Ignored Events list
Add the names of events you wish to ignore during event collection.
By default, Cygna Auditor suggests to ignore some common “noise” events. These entries can be retained or discarded.
The Summary step
Summary
Review the data collection details before saving them.
Note: Make sure Cygna Auditor has access to *.amazonaws.com (GET and POST).