AWS CloudTrail Integration

Summary

AWS CloudTrail is AWS’ audit log for all API actions taken on resources. With access to your AWS CloudTrail events, Fugue can generate event-driven scans of your AWS accounts. This means that within minutes of a resource change, Fugue will detect this information (via AWS CloudTrail), trigger a scan to update resource state, and inspect the resource for any misconfigurations.

Integration Steps

For event-driven scans to be enabled for a Fugue environment, you need to have the following in a corresponding AWS account and region:

  • AWS CloudTrail enabled.

  • An IAM role and EventBridge rule to send AWS CloudTrail events from your AWS account to Fugue.

Set up AWS CloudTrail

Ensure that an existing AWS CloudTrail trail is configured to log management events in your region, or create a new trail. Fugue accepts region-specific, multi-region, and organization trails.

Provision CloudFormation Resources (AWS Console)

  1. Navigate to Fugue’s integrations GitHub repository here and download the fugue-aws-cloudtrail-integration.yml file.

  2. In the AWS console, navigate to the CloudFormation service.

  3. Click Create stack > With new resources (standard).

  4. In Prerequisite-Prepare template, select Template is ready.

  5. In Specify template, select Upload a template file.

  6. Click Choose file and upload the fugue-aws-cloudtrail-integration.yml file (from step 1).

  7. Click Next, and enter a Stack name.

  8. Enter the following ARNs in the EventBusArn field: arn:aws:events:us-east-1:370134896156:event-bus/fugue-events

  9. On the AWS CloudFormation Create stack page, follow the prompts (defaults are fine) by clicking Next until you reach a page requesting acknowledgement for creating the required IAM resources.

  10. Click Create stack.

  11. Lastly, reach out to support@fugue.co to have event-driven scans enabled for your Fugue environment.