Sumologic

ArchSaber provides secure role based cross account integration with AWS to enable analytics over CloudWatch metrics.

aws integration

Creating the role

  1. From the IAM roles page, select the Create Role option. For the role type, select the option Another AWS account and fill in the following details

    • Account ID - 796940122999 (ArchSaber's AWS account ID)
    • Require external ID - enable this option and enter the external id associated to your account in your ArchSaber's AWS Integration config
    • Require MFA - disable this option
  2. Click on the Next: Permissions at the bottom followed by the Create policy option. Select the JSON option here and paste the below snippet as it is. Click on Review policy at bottom where you can assign it the name ArchSaberIntegrationPolicy.

  3. Go to the Create Role: Attach permissions policies page. Refresh the list and select the above created policy from the list and click on Next Review option. You can assign it the name ArchSaberIntegrationRole and create the role.
  4. Go to the above roles' summary page and copy the Role ARN value to fill it in the ArchSaber's AWS Integration config page and enable the integration.

Roles policy json

All actions granted here provide read-only access to ArchSaber.

{
    "Statement": [{
            "Action": [
                "apigateway:GET",
                "autoscaling:Describe*",
                "ce:Get*",
                "cur:Describe*",
                "cloudfront:GetDistributionConfig",
                "cloudfront:ListDistributions",
                "cloudtrail:Describe*",
                "cloudtrail:GetTrailStatus",
                "cloudtrail:LookupEvents",
                "cloudwatch:Describe*",
                "cloudwatch:Get*",
                "cloudwatch:List*",
                "codedeploy:List*",
                "dynamodb:Describe*",
                "dynamodb:List*",
                "ec2:Describe*",
                "ecs:Describe*",
                "ecs:List*",
                "elasticache:Describe*",
                "elasticache:List*",
                "elasticfilesystem:Describe*",
                "elasticloadbalancing:Describe*",
                "elasticmapreduce:Describe*",
                "elasticmapreduce:List*",
                "es:Describe*",
                "es:List*",
                "health:Describe*",
                "kinesis:Describe*",
                "kinesis:List*",
                "lambda:GetPolicy",
                "lambda:List*",
                "mq:Describe*",
                "mq:List*",
                "rds:Describe*",
                "rds:List*",
                "redshift:Describe*",
                "route53:List*",
                "sqs:ListQueues",
                "ses:Get*",
                "sns:List*",
                "sqs:List*",
                "tag:GetResources",
                "tag:GetTagKeys",
                "tag:GetTagValues",
                "xray:BatchGetTraces",
                "xray:Get*"
            ],
            "Effect"  : "Allow",
            "Resource": "*"
        },
        {
            "Action": [
                "pi:DescribeDimensionKeys",
                "pi:GetResourceMetrics"
            ],
            "Effect"  : "Allow",
            "Resource": "arn:aws:pi:*:*:metrics/*/*"
        }
    ],
    "Version": "2012-10-17"
}

results matching ""

    No results matching ""