Set up Amazon Simple Notification Service
If you have an AWS account, you can take advantage of Amazon Simple Notification Service (SNS) to publish notifications about Deep Security events and deliver them to subscribers.
To set up Amazon SNS, do the following:
Configure AWS authentication
To access Amazon SNS, Deep Security needs to be authenticated through either an AWS Identity and Access Management (IAM) role or AWS access keys.
Use an IAM role
If your Deep Security Manager is running on an AWS EC2 instance, you can use an IAM role for authentication. This method provides automatic credential rotation and improved security.
- In the AWS IAM console, create an IAM role with SNS publish permissions.
- Attach the following policy to the role:
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "sns:Publish" ], "Effect": "Allow", "Resource": "*" } ] }If you want to limit publishing rights to a single topic, you can replace
"Resource":"*"with"Resource":"TOPIC ARN". - Attach the IAM role to your Deep Security Manager EC2 instance.
When you configure event forwarding, Deep Security will automatically detect and use this IAM role for authentication.
Use AWS access keys
If your Deep Security Manager is not running on AWS EC2, or if you prefer to use access keys, create an AWS user with the appropriate permissions for SNS. Save the access key and secret key for the user, as you will need them to Enable SNS.
The AWS user needs the sns:Publish permission on all SNS topics to which Deep Security will publish. The following is an example of a policy with this permission:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
If you want to limit publishing rights to a single topic, you can replace "Resource":"*" with "Resource":"TOPIC ARN".
For more information, see Controlling user access to your AWS account and Amazon SNS API permissions: Actions and resources reference.
Create an Amazon SNS topic
In AWS, create an SNS topic where the events will be published. For instructions, see Creating an Amazon SNS topic. Save the SNS Topic ARN, as you will need it to Enable SNS.
Enable SNS
- In Deep Security Manager, go to Administration > System Settings > Event Forwarding.
- In the Amazon SNS section, select Publish Events to Amazon Simple Notification Service.
- Configure authentication based on the authentication method you selected:
- If an IAM role was used, Deep Security will automatically detect the IAM role attached to your EC2 instance. The Access key and Secret key fields can be left empty.
- If access keys were used, enter the Access key and Secret key of the AWS user.
- Enter the SNS Topic ARN to which events will be sent. This is the ARN that you previously saved.
- Select the types of events you want to forward to SNS. This automatically generates a JSON SNS configuration.
Note that IAM roles are recommended for EC2 deployments, as this provides automatic credential rotation, eliminates the need to manage static access keys, and improves security.
- Optionally, you can also click Edit JSON SNS configuration to edit the JSON SNS configuration directly if you want to filter the events in greater detail and configure the forwarding instructions for each filter. For details on the configuration language, see SNS configuration in JSON format.
If you edit the JSON, the event selection becomes unavailable. If you want to select or deselect any of the events, you can click Revert to basic SNS configuration, but any configurations you have made to the JSON SNS configuration will be discarded.
- Click Save.
Create subscriptions
Now that SNS is enabled and events are being published to the topic, go to the Amazon SNS console and subscribe to the topic to access the events. There are several ways that you can subscribe to events, including email, SMS, and Lambda endpoints.
Note that Lambda is not available in all AWS regions.