Aqua CSPM Events provides real-time visibility into the API activity happening inside of your AWS account. To read more about Events, see Real-Time Events Overview.
Setting Up Events
Follow the below steps to configure Events for your AWS account
- Step 1: Ensure your AWS account is connected
- Step 2: Begin the Events connection process
- Step 3: Complete the Events connection process
- Step 4: Validate the Events connection
Step 1: Ensure your AWS account is connected
- Follow the onboarding steps to ensure your AWS account is connected to Aqua CSPM
- Ensure that your account appears on the Cloud Accounts page and is "enabled" for scanning
Step 2: Begin the Events connection process
- From the Aqua CSPM console, navigate to the Event Connection Wizard
- Select your account from the drop-down list
If your account is not in the list, repeat step 1 to ensure it is properly connected and scanning.
Step 3: Complete the Events connection process
- Follow the steps on the connection wizard to deploy the Event monitoring resources in your account.
In AWS, Events uses CloudFormation templates that must be deployed in each region you wish to monitor. Aqua recommends using CloudFormation Stack Sets to simplify this deployment across all regions at once.
Step 4: Validate the Events connection
- Once you complete the deployment, you can monitor the Events page for any new events produced in your AWS account.
- To trigger a test event, try adding a security group rule to an existing security group and then deleting it. This will trigger the Events service and save the event.