Quickstart: AWS

How Fusion integrates to AWS

Netography Fusion has the following integration points to AWS:

  1. Fusion ingests VPC flow logs from AWS.

  2. Fusion ingests asset context from AWS for context enrichment.

  3. Fusion ingests Route 53 DNS resolver logs from AWS.

Video Guides

See the AWS πŸŽ₯ Video Guides to watch videos of the setup steps.

Steps to integrate to AWS

Each page in these instructions will walk you through the steps to integrate AWS with Netography Fusion using the AWS Console:

  • Create an S3 bucket

  • Create an SNS topic

  • Create an SQS queue - using the provided JSON to create an Advanced Access Policy

  • Subscribe the SQS queue to the SNS topic

  • Create custom IAM permissions using the provided JSON

  • Create an IAM user

  • Create an Access Key

  • Create an event notification for the SQS queue

  • Enable VPC flow logs via CloudShell using the provided CLI command

  • Add AWS VPC flow logs as a traffic source in Netography Fusion

  • Add permissions for context enrichment integration

  • Enable context integration

  • Enable DNS query logging in AWS

  • Add Route53 DNS query logs as a traffic source in Netography Fusion

Additional AWS setup options

The AWS quick start guide is for manually configuring your first AWS account to integrate into Fusion using the AWS console and CloudShell. If you have multiple accounts or want to explore other setup options, you can also integrate to AWS using CloudFormation, with Kinesis instead of S3, using AWS Transit Gateway flow logs instead of VPC flow logs.

πŸ€–Using Terraform to automate onboarding

Access Netography's Terraform automation at our GitHub repo: https://github.com/netography/neto-onboarding. For access to the repo, email [email protected]. with your GitHub ID or with a request for access to the latest release package.

Netography provides a Terraform project, neto-onboarding, that provides Netography Fusion Cloud Onboarding Automation for AWS Organizations, Azure Tenants, and GCP Organizations.

This automation provides the following capabilties, which you can use in whole or part:

  • Enables and configure AWS VPC flow logs, Azure VNet flow logs, and GCP VPC flow logs based on a simple policy and tags that defines which VPC/VNet are in scope.

  • Deploy all the infrastructure required to integrate to Fusion across multiple accounts (AWS), subscriptions (Azure), and projects (GCP) in a single deployment

  • Adds VPCs/VNets configured for flow logging to Netography Fusion as traffic sources.

  • Deploys a single AWS Lambda function, Azure Function, or Google Function that provides context enrichment across all the accounts/subscriptions/projects as an outbound push from your cloud to the Fusion API, eliminating the need to add context integrations from the Fusion portal, to grant Netography permissions to directly enumerate resource properties, or to add individual context integrations in Fusion for each cloud account.

  • Monitor for VPC/VNet changes and trigger enabling and configuring flow logs, and onboarding to Fusion new VPCs/VNets that are in scope, and offboarding VPCs/VNets that are removed or no longer in scope.

PreviousNeed More Help?NextVideo Guides

Last updated