Skip to main content
All CollectionsGetting StartedData Sources Configuration
Mapping an AWS Subscription Using Faddom
Mapping an AWS Subscription Using Faddom
Alex Patnick avatar
Written by Alex Patnick
Updated over a week ago

Faddom can monitor traffic on your Amazon AWS environment.
To do so you need to select the AWS region and VPC you want to monitor.

Creating an IAM User

To enable discovery of AWS, you need to create a user for Faddom with the required permissions. Faddom requires read only access to your AWS environment. Once the IAM user is created, you will need to create Access Key and Secret Key for it. See AWS Account and Access Keys
You can use the following JSON policy which contains the minimum required permissions to define the IAM policy for the user:

 {  
   "Version": "2012-10-17",                             
   "Statement": [                                        
      {                                                  
      "Sid": "FaddomAWSDiscoveryPermissions",           
        "Effect": "Allow",                               
        "Action": [                                      
          "ce:GetDimensionValues",                      
            "ce:GetCostAndUsage",                      
          "ec2:DescribeVolumes",
            "ec2:DescribeInstances",                     
            "ec2:DescribeVpcs",                          
            "ec2:DescribeVpcPeeringConnections",         
            "ec2:DescribeFlowLogs",                      
            "ec2:DescribeNatGateways",                   
            "ec2:DescribeNetworkInterfaces",             
            "ec2:DescribeSubnets",                       
            "ecs:DescribeTaskDefinition",                
            "ecs:DescribeTasks",                         
            "ecs:DescribeClusters",                      
            "ecs:DescribeServices",                      
            "ecs:ListClusters",                          
            "ecs:ListServices",                          
            "ecs:ListTasks",                             
            "elasticloadbalancing:DescribeLoadBalancers",
            "elasticloadbalancing:DescribeTargetGroups", 
            "pricing:GetProducts",                       
            "rds:DescribeDBInstances",                   
          "elasticloadbalancing:DescribeTags",
"cloudwatch:ListMetrics",
        "s3:ListAllMyBuckets"
          ],                                             
          "Resource": "*"                                
        }                                                
    ]                                                    

For help on creating IAM users, see the AWS documentation here.
For help on creating IAM policies from json files, see the AWS documentation here.

AWS VPC Logs

Faddom can use the VPC Flow Logs feature of AWS to map your cloud environment, which are used in place of NetFlow and sFlow for on-prem. In order to read the flow logs they need to be published to an S3 bucket to which Faddom has access. The permissions needed are s3:ListBucket and s3:GetObjects. You need to use the AWS Default Format and ensure the log files are in text format. For further information see the the AWS documentation

{
    
   "Version": "2012-10-17",
   "Statement": [
      {
        "Sid": "FaddomS3Permissions",           
        "Effect": "Allow",                               
        "Action": [                             
              "s3:GetObject",
              "s3:ListBucket"
      ],
       "Resource": [
            "arn:aws:s3:::[FLOW_LOGS_BUCKET]/*",
            "arn:aws:s3:::[FLOW_LOGS_BUCKET]"
            ]
        }
    ]
}

* Note: replace {FLOW_LOGS_BUCKET} with the bucket name to which flow logs are stored

Connecting Faddom to AWS

Once you have an access key for the user, enter it in the credentials

1.png

Once inserted, you will then be able to click on SET CREDENTIALS

AWS Region

Here you will be able to select the Region you wish to map and the list of VPCs will be inserted. You can add as many VPCs as you wish. If you wish to add Map Multiple Regions and Accounts you will need to repeat the above process with the same credentials.

2.png

.

Map Multiple Regions and Accounts

If you wish to map multiple regions within the same account or multiple accounts, you will need to enter the credentials each time.

If it is for multiple regions for one account you can use the same credentials (providing IAM user has permissions to desired regions).

For multiple accounts, you will need to create an IAM user for each account and repeat the process.

To add additional credentials you click on the '+' icon and the drop down displays 'New AWS Credentials'. This changes when you enter a Display Name.

3.png

AWS VPC Logs

Faddom can use the VPC Flow Logs feature of AWS to map your cloud environment, which are used in place of NetFlow and sFlow for on-prem. In order to read the flow logs they need to be published to an S3 bucket to which Faddom has access. The permissions needed are s3:ListBucket and s3:GetObjects. You need to use the AWS Default Format and ensure the log files are in text format For further information see the the AWS documentation
Logging IP traffic using VPC Flow Logs
Publish flow logs to Amazon S3

4.png

Collating Flow Logs Into One Data Source

If you have multiple accounts, you can set up the flow logs to be stored in a single S3 bucket on one of the accounts. This can then be setup on Faddom to read all the flow logs stored in the S3 bucket. In this case, Faddom only requires the credentials of the account hosting the S3 bucket.

5.png

Default Credentials

These are the credentials of the server Faddom is deployed on. This is useful when Faddom is deployed in AWS as it will default to the IAM role and credentials assigned to the EC2 instance.

6.png
Did this answer your question?