Skip to main content

AQUILA - AWS Integration

Overview


The AWS Integration enables the collection of logs and metrics from your Amazon Web Services (AWS) environment. This integration helps centralize security and operational data for monitoring, investigation, and reporting.

Note: Using this integration will generate additional CloudWatch API request charges on your AWS account.

Data Streams


The AWS integration collects two main types of data:

  1. Logs – Records of events that occur within your AWS account.
    Examples:

    • Every request received by CloudFront

    • Actions performed by AWS users or roles

    • API activity captured by CloudTrail

  2. Metrics – Real-time insights into the performance and health of AWS services.
    Examples:

    • CPU utilization of EC2 instances

    • S3 storage usage

    • RDS performance metrics

    • AWS cost and usage breakdowns

Requirements


Before configuring the AWS integration, ensure you have:

  1. AWS Credentials – To connect to your AWS account.

  2. AWS Permissions – To grant access to the necessary AWS API calls.

AWS Credentials

  1. Access Keys
    Long-term credentials associated with an IAM user or the AWS root account.

    • access key id – First part of the access key

    • secret access key – Second part of the access key

  2. IAM Role ARN
    An IAM Role ARN defines permissions without requiring long-term credentials.
    When assumed, the role provides temporary security credentials.
    Recommended for secure integrations and cross-account access.

EC2 Instance IAM Role
If the AQUILA Agent runs on an EC2 instance with an attached IAM role, the agent can authenticate automatically.
Uses temporary credentials from the Instance Metadata Service (IMDS).
Preferred method for security and automation.

AWS Permissions


The IAM user or role must be granted the following permissions:

  • ce:GetCostAndUsage

  • cloudwatch:GetMetricData

  • cloudwatch:ListMetrics

  • ec2:DescribeInstances

  • ec2:DescribeRegions

  • iam:ListAccountAliases

  • inspector2:ListFindings

  • logs:DescribeLogGroups

  • logs:FilterLogEvents

  • organizations:ListAccounts

  • rds:DescribeDBInstances

  • rds:ListTagsForResource

  • s3:GetBucketLocation

  • s3:GetObject

  • s3:ListBucket

  • sns:ListTopics

  • sqs:ChangeMessageVisibility

  • sqs:DeleteMessage

  • sqs:GetQueueAttributes

  • sqs:ListQueues

  • sqs:ReceiveMessage

  • sts:AssumeRole

  • sts:GetCallerIdentity

  • tag:GetResources

To configure the AWS Integration:

Please provide the following information to CyTech Support: 

  • Access key ID
  • Secret Access Key

  • Region

  • CloudTrail Log Group ARN

 

 

If you need further assistance, kindly contact our support at support@cytechint.com for prompt assistance and guidance.

Back to top