Amazon Web Services (AWS)

To monitor your AWS environment, Log360 Cloud requires a valid IAM user with necessary permissions. The solution will use the designated IAM user to collect logs from your AWS environment.

Pre- logging setup: Creating a new IAM user in the AWS console

Creating a new IAM user in the AWS console

An IAM user is an entity that you create in AWS to represent the person or service that uses it to interact with AWS

To create a new IAM user, follow these steps.

Login to the AWS console.
Go to AWS Services → Security, Identity and Compliance → IAM → Add User.
Give an appropriate User name and enable Programmatic access.
Click on Attach existing policies directly.
Click on Create Policy → Create your Own Policy.
Fill in the Policy Name field.
Depending on whether you want to manually or automatically configure CloudTrail, copy and paste the inline policies accordingly.

Auto-configuration: If you want Log360 cloud to configure CloudTrail, copy and paste the inline policy in the Policy Document box.
Manual configuration: If you wish to manually configure CloudTrail, copy and paste this inline policy in the Policy Document box.
Log Forwarding Configuration: If you wish to add an account for log forwarding, copy and paste this inline policy in the Policy Document box.

Click Create Policy.
Create the user and save the Access key and Secret key pair.

The generated access key and secret key pair should be used inside Log360 Cloud to configure the AWS account.

Inline Policy

 
{
    "Version":  "2012-10-17",
    "Statement":[
      {
   "Sid":"Stmt1486278063000",
   "Effect":"Allow",
   "Action":[
    "cloudtrail:DescribeTrails",
    "cloudtrail:GetTrailStatus",
    "cloudtrail:CreateTrail",
    "cloudtrail:DeleteTrail",
    "cloudtrail:StartLogging",
    "cloudtrail:StopLogging",
    "cloudtrail:UpdateTrail"
    ],
    "Resource":[
      "*"
    ]
  },
  {
    "Sid":"Stmt1486278045000",
    "Effect":"Allow",
    "Action": [
      "s3:PutBucketLogging",
      "s3:PutLifecycleConfiguration",
      "s3:GetBucketLogging",
      "s3:PutBucketAcl",
      "s3:PutBucketPolicy",
      "s3:CreateBucket",
      "s3:ListBucket",
      "s3:GetBucketAcl",
      "s3:GetBucketLocation",
      "s3:DeleteBucket",
      "s3:GetBucketPolicy",
      "s3:ListAllMyBuckets",
      "s3:PutObject",
      "s3:GetObjectAcl",
      "s3:GetObject",
      "s3:DeleteObject",
      "s3:GetObjectVersion"
    ],
    "Resource":[
      "*"
    ]
  },
  {
    "Sid":"Stmt1486278214000",
    "Effect":"Allow",
    "Action":[
      "sns:GetEndpointAttributes",
      "sns:GetSubscriptionAttributes",
      "sns:GetTopicAttributes",
      "sns:ListSubscriptions",
      "sns:ListSubscriptionsByTopic",
      "sns:ListTopics",
      "sns:Publish",
      "sns:Unsubscribe",
      "sns:SetTopicAttributes",
      "sns:DeleteTopic",
      "sns:CreateTopic",
      "sns:Subscribe",
      "sns:ConfirmSubscription",
      "sns:SetSubscriptionAttributes",
      "sns:AddPermission"
      ],
      "Resource": [
        "*"
  ]
  },
  {
    "Sid":"Stmt1486278276000",
    "Effect":"Allow",
    "Action": [
      "sqs:DeleteMessage",
      "sqs:DeleteMessageBatch",
      "sqs:GetQueueUrl",
      "sqs:ListQueues",
      "sqs:ReceiveMessage",
      "sqs:SendMessage",
      "sqs:CreateQueue",
      "sqs:DeleteQueue",
      "sqs:SetQueueAttributes",
      "sqs:AddPermission"
    ],
    "Resource": [
    "*"
    ]
  },
  {
    "Sid": "Stmt1490256161000",
    "Effect":"Allow",
    "Action": [
      "iam:GenerateCredentialReport",
      "iam:GetAccountAuthorizationDetails",
      "iam:GetCredentialReport"
    ],
    "Resource":[
      "*"
    ]
  },
  {
    "Sid": "Stmt1490256161001",
    "Effect": "Allow",
    "Action": [
      "elasticloadbalancing:*"
    ],
    "Resource": [
      "*"
    ]
  }
    ]
  }

Inline Policy

 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1486278063000",
      "Effect": "Allow",
      "Action": [
        "cloudtrail:DescribeTrails",
        "cloudtrail:GetTrailStatus"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "Stmt1486278045000",
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "Stmt1486278214000",
      "Effect": "Allow",
      "Action": [
        "sns:GetEndpointAttributes",
        "sns:GetPlatformApplicationAttributes",
        "sns:GetSMSAttributes",
        "sns:GetSubscriptionAttributes",
        "sns:GetTopicAttributes",
        "sns:ListEndpointsByPlatformApplication",
        "sns:ListPhoneNumbersOptedOut",
        "sns:ListPlatformApplications",
        "sns:ListSubscriptions",
        "sns:ListSubscriptionsByTopic",
        "sns:ListTopics",
        "sns:Publish"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "Stmt1486278276000",
      "Effect": "Allow",
      "Action": [
        "sqs:DeleteMessage",
        "sqs:GetQueueAttributes",
        "sqs:GetQueueUrl",
        "sqs:ListQueues",
        "sqs:ReceiveMessage",
        "sqs:SendMessage"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "Stmt1490256161000",
      "Effect": "Allow",
      "Action": [
        "iam:GenerateCredentialReport",
        "iam:GetAccountAuthorizationDetails",
        "iam:GetCredentialReport"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

Inline Policy

 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:CreateBucket",
        "s3:ListBucket",
        "s3:ListAllMyBuckets"
      ],
      "Resource": "*",
      "Effect": "Allow",
      "Sid": "Stmt1486278063000"
    }
  ]
}

Enter AWS credentials in Log360 Cloud

Go to the Log360 Cloud console.
Click on Settings > Account Settings
Click on Add Cloud Account
Select the Cloud Type as AWS.
Enter a Display name in the given box.
Enter the Access Key ID and Secret Access Key of the IAM user in the given fields.