Amazon Web Services (AWS) Deployment Configuration—Automatic Mode (Essentials Subscription)

Alert Logic updated the appearance of the Alert Logic console, though all functionality remains. If you chose to use the beta navigation, note that the documentation below describes the current Alert Logic console. For more information about the new navigation, see Dashboard Navigation Menu.

Alert Logic recommends Automatic Mode for AWS deployment creation if you want Alert Logic to deploy and maintain new VPC subnets used for scanning instances.

Deployment creation requires that you be logged into your Alert Logic account and the AWS account you want this deployment to monitor and protect.

If you manage more than one Alert Logic account, be sure you are logged into the correct account.

To start creating your AWS deployment:

  1. From the Alert Logic console, click CONFIGURATION, and then click Deployments.
  2. Click the add icon (), and then select Amazon Web Services (AWS).
  3. Type a name for your deployment, and then click SAVE AND CONTINUE.
  4. Select Automatic Mode, and then click SAVE & CONTINUE.

IAM policy and role creation

To protect your AWS deployment, you must set up an AWS IAM policy and role to allow Alert Logic access to your AWS account. Alert Logic provides an AWS CloudFormation template to automate creation of the correct policy and role for the deployment. You can also choose to manually set up the IAM policy and role.

Cross-account roles allow Alert Logic to access your AWS account. AWS role creation requires that you provide an AWS policy, a document that specifies the permissions assigned to the AWS role you create for Alert Logic to access to your AWS account.

Alert Logic recommends you set up AWS cross-account roles using the default procedures in the Alert Logic console, which allow Alert Logic to make all the necessary changes to your AWS account. The full permission policy documents do not allow Alert Logic to:

  • Retrieve secret keys or credentials from IAM
  • Retrieve data from data stores other than S3
  • Perform these actions from any other AWS account
  • Grant access to the protected account to any other AWS account or user
  • Modify IAM credentials or policies

IAM policy and role setup using AWS CloudFormation

Alert Logic recommends you use the Alert Logic CloudFormation template for quick, convenient IAM policy and role creation. The CloudFormation template creates the appropriate IAM role that allows your deployment access to your AWS assets.

Click CLOUDFORMATION SETUP, and then follow the instructions in the Alert Logic console and the AWS console.

IAM policy and role setup using manual IAM setup

Select manual IAM set up if your AWS account permissions allow you to create an IAM policy, but does not have the permissions to run CloudFormation.

Click MANUAL IAM SETUP, and then follow the instructions on the screen.

Enter your Role ARN

In the Alert Logic console, enter the ARN you copied from the AWS console after you created the IAM role.

Asset Discovery

Allow Alert Logic a moment to discover your assets. When discovery is complete, click CONTINUE. Alert Logic displays the assets discovered in your account in topology diagrams. To learn more about topology, click Topology.

Add external assets

You can add external assets by domain name or IP address.

External assets are also used for non-PCI external scans.

To add external assets:

  1. Click the Add icon () and choose the DNS name or IP address.
    • If you chose the DNS name, enter your fully-qualified domain name in the field.
    • If you chose IP address, name your external IP address, and then enter the IP address in the field.
  2. Click SAVE.

Scope of protection

Alert Logic discovers and organizes deployments into a visual topology where you can select the desired levels of protection for your assets.

You can define the scope of your protection per VPC or per region. Each VPC appears within its protected region. Click a region or individual VPC to set the service level or leave it unprotected, and then click SAVE. You must choose one of the following levels of coverage:

  • Unprotected
  • Alert Logic Essentials coverage

Configuration Topology

This topology diagram provides an overview of your scope of protection. You can see which assets are unprotected, or being scanned at the Essentials, Professional, or Enterprise levels.

The protection breakdown displays how many assets are unprotected, excluded, and protected, along with the number of protected assets in each level.

Update the Alert Logic appliance firewall rules

If you used a CloudFormation template or a Terraform template provided by Alert Logic for your appliance installation, you do not need to perform this step.

Ensure the proper inbound and outbound firewall rules are in place for the appliance. For information about firewall rules, see Alert Logic Firewall Rules.

Verify the health of your deployment

After you create your deployment, access the Health console in the Alert Logic console to determine the health of your networks, appliances, and agents, and then make any necessary changes.