Integrations
AWS

AWS Integration

Enable Cloudtrail Logging

If CloudTrail logs have already been enabled in S3, you can ignore this step. Otherwise, go to the AWS Console, navigate to CloudFormation > Stacks, and click the Create stack dropdown.

From the Create stack dropdown, choose With new resources (standard).

CloudFormation Stack

A Create stack tab will open. In this tab, select the options as shown in the image.

CloudFormation Stack CloudFormation Stack

You need to upload a template file. To do this, download it from the install app section in Flyingduck AWS integration by clicking on the CloudFormation template.

flyingduck-aws-cloudtrail-s3.template
AWSTemplateFormatVersion: '2010-09-09'
Description: CloudFormation template for creating CloudTrail with S3 logging for management and write events.
 
Parameters:
  S3BucketName:
    Description: Name of the S3 bucket to store CloudTrail logs. (*Required)
    Type: String
    Default: ''
 
  CloudTrailName:
    Description: Name of the CloudTrail. (*Required)
    Type: String
    Default: ''  
 
Resources:
  S3Bucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Delete
    Properties:
      BucketName: !Ref S3BucketName
 
  S3BucketPolicy:
    DependsOn:
      - S3Bucket
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref S3Bucket
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Sid: AWSCloudTrailAclCheck20150319
            Effect: Allow
            Principal:
              Service: cloudtrail.amazonaws.com
            Action: 's3:GetBucketAcl'
            Resource: !Sub "arn:aws:s3:::${S3Bucket}"
 
          - Sid: AWSCloudTrailWrite20150319
            Effect: Allow
            Principal:
              Service: cloudtrail.amazonaws.com
            Action: 's3:PutObject'
            Resource: !Sub "arn:aws:s3:::${S3Bucket}/AWSLogs/${AWS::AccountId}/*"
            Condition:
              StringEquals:
                's3:x-amz-acl': 'bucket-owner-full-control'
 
  CloudTrail:
    Type: AWS::CloudTrail::Trail
    DependsOn:
      - S3BucketPolicy
    Properties:
      TrailName: !Ref CloudTrailName
      S3BucketName: !Ref S3Bucket
      IsLogging: true
      IsMultiRegionTrail: true
      EnableLogFileValidation: true
      IncludeGlobalServiceEvents: true
      IsOrganizationTrail: false
      EventSelectors:
        - IncludeManagementEvents: true
          ReadWriteType: WriteOnly
 
Outputs:
  S3BucketArn:
    Value: !GetAtt 
    - S3Bucket
    - Arn
  Version:
    Value: '0.0.1'

Use this S3BucketName for the AWS integration.

App install

Install App

Fill in the details and click the Continue button.

App install

API Key

If you have previously created an API Key, you can click on Skip. Otherwise, create a new API Key.
Provide a name for your new API Key and click on Generate API Key.

createapikey

A new API Key will be generated and displayed only once, so make sure to store it securely.

Generated API Key

Launch Stack

App install

After clicking Launch Stack, you will be navigated to AWS Console > CloudFormation > Stacks > Create stack.
Under Provide a stack name, FlyingDuck will automatically provide the stack name by default.

App install

In the Parameters section, you need to provide the value for the API Key.

App install

Choose the acknowledgment and then click the Create stack button.

App install

Upon creating the FlyingDuck-Integration stack, you will be directed to that section. In the Outputs tab, you'll find the FlyingDuckRoleArn.

App install

Copy the FlyingDuckRoleArn and paste it into the Launch Stack section in the Flyingduck AWS integration. Then, click the Continue button.

App install

Upon clicking the Continue button, the app will be installed.

App install

Lambda Function

App install

Azure DevOpsDuckDefender