Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AWS monitoring]: Add CloudTrail use case for Amazon Data Firehose #3819

Closed
alaudazzi opened this issue Apr 22, 2024 · 4 comments
Closed

[AWS monitoring]: Add CloudTrail use case for Amazon Data Firehose #3819

alaudazzi opened this issue Apr 22, 2024 · 4 comments
Assignees
@alaudazzi
Labels
Docset:Integrations Request

Comments

@alaudazzi
Copy link
Contributor

alaudazzi commented Apr 22, 2024
edited
Loading

Description

Add a new section on how to collect CloudTrail events and send them to an Elastic Cloud deployment using Amazon Data Firehose.

Resources

Initial content has been drafted in zmoog/public-notes#80. The procedure needs to be tested.

Which documentation set does this change impact?

Stateful and Serverless

Feature differences

None

What release is this request related to?

N/A

Collaboration model

The documentation team

Point of contact.

@zmoog
@alaudazzi alaudazzi self-assigned this Apr 22, 2024
@alaudazzi alaudazzi mentioned this issue Apr 23, 2024
Merged
@alaudazzi
Copy link
Contributor Author

alaudazzi commented Apr 23, 2024
edited
Loading

@zmoog
While testing the procedure you drafted in zmoog/public-notes#80, I created this draft PR to check how this fits within the overall doc structure.

Note about the drawings: I find them really cool and very useful, however, I'm not sure about the accessibility/readability of the font.

@alaudazzi
Copy link
Contributor Author

I went through the steps and we might want to clarify the following points:

  1. how to use the AWS KMS alias. Without that, you cannot move to the next panel.
  2. encryption policy -- when I clicked Create trail after the Review and Create, I got this message:
    InsufficientEncryptionPolicyException
    Insufficient permissions to access S3 bucket aws-cloudtrail-logs-627286350134-b09fb06a or KMS key arn:aws:kms:eu-north-1:627286350134:key/38ce7701-5485-4275-827a-c853d7cb1b61.

@zmoog
Copy link
Contributor

zmoog commented Apr 24, 2024

Note about the drawings: I find them really cool and very useful, however, I'm not sure about the accessibility/readability of the font.

Good point! I'll review the ones who survive the edits from this perspective.

how to use the AWS KMS alias. Without that, you cannot move to the next panel.

Got it.

I edited that section in the issue thread so clarify what's expected from the user at that point.

Encryption options
When exporting data from CloudTrail to S3, it is recommended to enable "Log file SSE-KMS encryption". You can pick your > preferred option using an existing or creating a new AWS KMS key.

Novice users can probably opt for creating a new key for simplicity. More experienced user probably have their opinions and maybe event company policy mandating how to set up AWS KMS keys and probably don't need much guidance.

@alaudazzi
Copy link
Contributor Author

Content finalized with #3823. Closing.

This was referenced May 13, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alaudazzi alaudazzi

Labels
Docset:Integrations Request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zmoog @alaudazzi