Amazon Web Services

Amazon Web Services is so far the platform of choice for hosting applications and delegating IT administration tasks. It helps save on maintenance costs of on-premises servers and provides cloud computing resources to cater to your company's needs.

Cygna Auditor for AWS enables you to track changes to Amazon Identity and Access Management (IAM) configuration, an integral part of AWS infrastructure. For a list of monitored events and objects, see AWS Key Events & Activities.

Start Collecting Data

By default, Cygna Auditor audits the entire IAM, but you can configure it to collect data from a single IAM as several collectors, for example, set up data collection for each AWS region within your IAM separately.

  1. On the Cygna Auditor home page, click the Auditor / Configuration tile and then drill-down to Amazon Web Service.
  2. Click to add a new AWS configuration.

  3. Complete the auditing configuration:

    OPTION

    DESCRIPTION

    The General step
    Enable this collection Select the toggle to turn on data collection. You can disable data polling at any time without deleting a collector.
    Name Add a name to distinguish one AWS collector from the other. This name will be used internally in Cygna Auditor
    Description (Optional) Add there any further details about the current configuration.
    The Amazon API Credentials step

    Access key

    Secret key

    		 Provide your AWS authentication keys, and check your AWS account for more information.
    Authorized region Select one or more Amazon regions where your services reside. These regions will be used to provide access to the AWS API and continue with the configuration steps. It must be regions authorized for the Amazon account.
    Verify connectivity

    Click to check that the services for Elastic Cloud Compute (EC2), Organizations, S3, and Cloud Trail are accessible. These functions are used during configuration and data collection. The connectivity is checked for the region you specified above.

    If you have configured proxy settings, those settings will be used to test connectivity. If a proxy server is used without those proxy settings, access has to be provided outside of Cygna Auditor.

    The Collector Settings step

    Initial Collection Interval

    Specify the length (in days) of the event backlog to collect the first time the collector runs.

    Cloud Trail – The name of the cloud trail

    Store Interval

    Specify the amount of time (in seconds) the collector queues events for storage in the database. The default is recommended.

    Cloud Trail

    Provide a name of cloud trail in the Amazon Resource Name (ARN) format. Enter the whole name, or start typing and search for trails.

    Verify Trail Access

    (Optional) Check that the cloud trail and its associated S3 bucket are accessible before data collection with the credentials and region provided.

    The Collection Schedule step

    Add new schedule

    Select to configure a new schedule. You can create several schedules if needed.

    Enable scheduled job

    Switch the toggle to "On".

    Name

    Specify a name of the schedule.

    Description

    Provide a description.

    Frequency

    Cygna Auditor provides multiple options: one-time, minutes, hours, days, Monday-Friday, weekly, bi-weekly, monthly, quarterly, annually. Select how often to perform data collection depending on your auditing needs.

    Start date

    Choose when to start collecting data: immediately or specify a date.

    End date

    Specify an end day for the data collection schedule if necessary or set to "Never".

    The Ignored Events step

    Ignored Events list

    Add the names of events you wish to ignore during event collection.

    By default, Cygna Auditor suggests to ignore some common “noise” events. These entries can be retained or discarded.

    The Summary step

    Summary

    Review the data collection details before saving them.

Note: Make sure Cygna Auditor has access to *.amazonaws.com (GET and POST).