Skip to content

AWS

AWS is a one of the main cloud provider, supported by Amazon. It offers services for storage (S3, Glacier, EBS, ...), for networking (Snowball, CloudFront, ...), for computing (EC2, ECS, EKS, ...) and others. This module provides triggers to collect events from AWS

Configuration

Name Type Description
aws_access_key string The identifier of the access key
aws_secret_access_key string The secret associated to the access key
aws_region_name string The area hosting the AWS resources

Triggers

Fetch CloudTrail logs (deprecated)

Get the last records from CloudTrail (deprecated in flavor of Fetch new CloudTrail records on S3)

Arguments

Name Type Description
frequency integer Batch frequency in seconds
bucket_name string The bucket that contains CloudTrail logs
prefix string Limits the response to keys that begin with the specified prefix
chunk_size integer The size of chunks for the batch processing

Outputs

Name Type Description
records array A list of CloudTrail log records
records_path string The filename containing the records

Fetch Flowlog records (deprecated)

Get the last records from FlowLog (deprecated in flavor of Fetch new logs on S3)

Arguments

Name Type Description
frequency integer Batch frequency in seconds
bucket_name string The bucket that contains Flowlog records
prefix string Limits the response to keys that begin with the specified prefix
chunk_size integer The size of chunks for the batch processing

Outputs

Name Type Description
records array A list of Flowlog records
records_path string The filename containing the records

Fetch new logs on S3

Get line-oriented records from new S3 objects based on notifications

Arguments

Name Type Description
frequency integer Batch frequency in seconds
queue_name string The name of the SQS queue that received the notifications of the creation of S3 objects
chunk_size integer The size of chunks for the batch processing
separator string The separator used between each records (default: the linefeed character '\n')
skip_first integer The number of records to skip at the begining of each S3 object (default: 0)
ignore_comments boolean Flag to ignore commented lines (starting with the character #; default: false)
delete_consumed_messages boolean Flag to delete consuming messages (default: false)
intake_server string Server of the intake server (e.g. 'https://intake.sekoia.io')
intake_key string Intake key to use when sending events

Fetch new Parquet records on S3

Get records from new S3 Parquet objects based on notifications

Arguments

Name Type Description
frequency integer Batch frequency in seconds
queue_name string The name of the SQS queue that received the notifications of the creation of S3 objects
delete_consumed_messages boolean Flag to delete consuming messages (default: false)
chunk_size integer The size of chunks for the batch processing
intake_server string Server of the intake server (e.g. 'https://intake.sekoia.io')
intake_key string Intake key to use when sending events

Fetch new CloudTrail records on S3

Get Cloudtrail records from new S3 objects based on notifications

Arguments

Name Type Description
frequency integer Batch frequency in seconds
queue_name string The name of the SQS queue that received the notifications of the creation of S3 objects
delete_consumed_messages boolean Flag to delete consuming messages (default: false)
chunk_size integer The size of chunks for the batch processing
intake_server string Server of the intake server (e.g. 'https://intake.sekoia.io')
intake_key string Intake key to use when sending events

Fetch new messages from the SQS

Get messages from SQS

Arguments

Name Type Description
frequency integer Batch frequency in seconds
queue_name string The name of the SQS queue
delete_consumed_messages boolean Flag to delete consuming messages (default: false)
chunk_size integer The size of chunks for the batch processing
intake_server string Server of the intake server (e.g. 'https://intake.sekoia.io')
intake_key string Intake key to use when sending events

Extra

Module AWS v1.15