Note: It may take up to 20 mins to enable EagleEye on your AWS Cloud Account (including Stack Set creation).
EagleEye is a robust security monitoring capability that shields your cloud infrastructure from security threats and compliance risks with real-time continuous monitoring and threat alerts. EagleEye helps you achieve data loss prevention, threat monitoring, compliance management, and tracking security risks across your AWS (Amazon Web Services). (Coming soon for MS Azure & Google Cloud)
When you implement EagleEye Monitoring, it will deploy the stack of the following resources in your AWS environment:
- CloudWatch Events
- CloudWatch Scheduler
- Lambda Functions (two)
- SQS
- SNS
All the resources mentioned above are billable.
Below is the block diagram explaining the flow of the events, if “Bucket versioning is turned off”, and how the alert is generated via EagleEye.
Note: EagleEye now supports EC2 alerts too, although the changes made in EC2 should be within the same region where the stack has been deployed. Also, we have added an SQS in the eagle eye stack so that all the events generated within a time frame are filtered and only relevant critical alerts are notified to the users.
Prerequisites #
Before you enable the EagleEye feature (Recommended) on Cloudnosys for your AWS Account, you need to have:
- An account on Cloudnosys (https://cloudnosys.com/docs/sign-up/)
- AWS Cloud Account added to Cloudnosys (https://cloudnosys.com/docs/aws-setup/)
- Permission to deploy stack set and CFTs
- Basic understanding of AWS cloud services (Cloud Formation, SNS, SQS, CloudWatch, Lambda etc.)
Begin enabling #
1. Click on Cloud Accounts in your Cloudnosys Dashboard
2. Navigate to the account in which you want to enable live monitoring and click the Disabled button.
3. It would take you to the setup screen named EagleEye.
4. The very first step in enabling Live Monitoring is to create two IAM roles, namely the Administrator Role and the Execution Role.
5. Click on the Administrator Role button, it would automatically start downloading the file.
Create Stack for Administrator Role #
6. Log into your AWS console using the URL https://console.aws.amazon.com
7. Write “CloudFormation” in the search bar.
8. Click on Create stack button and the ‘Create Stack’ screen would appear.
9. Click on Choose File button and attach the recently downloaded administrator policy. Click Next.
10. In the next screen that appears, specify a particular name to your stack name and click Next.
11. Click the Next button Configure Stack Options screen.
12. In the review screen, click on the checkbox under the capabilities heading and click Create Stack.
Create Stack for Executive Role #
13. After the successful creation of your administrator stack, move back to your Cloudnosys tab and click on the Execution Role button to download the execution policy & click Next.
14. Navigate to the AWS console and click on the Create stack button to create a stack for the execution role.
15. Click on the Choose File button, select the recently downloaded execution policy, and click Next.
16. Specify a name and account ID to your Stack in the next screen and click Next.
17. Click the Next button on the Configure Stacks Options screen.
18. In the review screen, click on the checkbox under the Capabilities section and click the Create stack button.
19. Move to your Cloudnosys dashboard and click on Next.
Create StackSet #
20. In the next screen on Cloudnosys dashboard, click on Download Template.
21. Now navigate to your AWS Console, click on CloudFormation, and a drop-down menu would appear. Select Stack sets.
22. Click on the Create stack button.
23. Click on the checkbox “upload Amazon S3 template”. Click on the Browse button to attach the template (you just downloaded it from Cloudnosys dashboard) then click Next.
24. Specify StackSet details and click Next
25. Click the Next button on the Configure Stacks Options screen. In “Set Deployment Options”, enter a valid account ID.
Note: Enter the Target Account ID if creating a Role for another account, else enter your own Account ID.
26. Select your desired Region from the drop-down and click Add.
27. Click Next on the Options screen.
28. In the review screen, click on the checkbox under the capabilities heading and click Submit Button.
29. Select interval, then Click Next & then Done on the finish screen
Last Steps #
30. Go to your Cloud Accounts screen on Cloudnosys dashboard, the status of live monitoring would be changed to Pending, and after a few minutes (time depends on regions selected), it would change to Enabled.
31. Once the EagleEye becomes Enabled, you will be receiving notifications of any modifications in the cloud infrastructure!
32. Now you can choose from our two new options while checking the Disable boxes, as shown below:
- Disable Temporarily: It works for pausing this feature from real-time alerts and can be resumed back just by clicking on the enable button.
- Disable Permanently: This option completely stops the alerts from being generated for which the user has to delete the stack and follow the initial steps to deploy it again and then enable the EagleEye feature.