Cloud flow logs setup

Suggest Edits

🤖
Using Terraform to automate onboarding
The instructions linked from this page are suitable for onboarding one or a small number of cloud accounts manually or using as a reference for building automation for larger scale deployment. In addition to these instructions, Netography provides a Terraform project, NetoOnboard, that provides Netography Fusion Cloud Onboarding Automation for AWS Organizations, Azure Tenants, and GCP Organizations.
This automation provides the following:

Enables and configure VPC flow logging based on a simple policy and tags that defines which VPC are in scope.

Deploy all the infrastructure required to integrate to Fusion across multiple accounts (AWS), subscriptions (Azure), and projects (GCP) in a single deployment

Adds VPCs configured for flow logging to Netography Fusion as traffic sources.

Deploys a single AWS Lambda function, Azure Function, or Google Function that provides context enrichment across all the accounts/subscriptions/projects as an outbound push from your cloud to the Fusion API, eliminating the need to add context integrations from the Fusion portal, to grant Netography permissions to directly enumerate resource properties, or to add individual context integrations in Fusion for each cloud account.

Monitor for VPC changes and trigger enabling and configuring flow logs, and onboarding to Fusion new VPCs that are in scope, and offboarding VPCs that are removed or no longer in scope.

For access to Netography's terraform onboarding automation contact Netography Support.

Configure cloud flow logs to be ingested by Fusion by following the instructions below.