Uploading AWS CloudFormation Templates

Role Availability Read-Only Investigator Analyst Manager

Through USM Anywhere you can generate the Amazon Web Service (AWS) Amazon Web Services (AWS) is a suite of cloud computing services from Amazon that make up an on-demand platform giving users access to their computing resources. CloudFormation templates that you need to begin gathering data from your Amazon Simple Storage Service (S3) buckets. See Downloading an Existing AWS Cloud Connector Template for more information.

To upload an AWS CloudFormation template

  1. Open you AWS Management Console page and go to CloudFormation.

  2. Click Create stack > With new resources (standard).

  3. Select Upload a template file and then click Choose file to select the template you have downloaded from USM Anywhere.

    AWS CloudFormation, upload a template file

  4. Click Next.

  5. In the stack name, enter a name for your stack.

  6. Use the bucketArns field to enter the Amazon S3 buckets names where you currently store security logs.

    There are two options:

    • Enter the existing Amazon S3 bucket Amazon Resource Names (ARNs) that contain the logs you would like to monitor. You can enter several ARNs separated by commas.

      Important: If you choose this option, you must enable the event notifications. See To enable the event notifications for Amazon S3 buckets you have selected for more information.

    • Leave this field empty and a new Amazon S3 bucket will be automatically created.

    AWS CloudFormation, specify stack details

    Note: If you later decide to enter new or additional Amazon S3 buckets, you can come here and add them.

  7. Click Next.

  8. (Optional.) If your organization requires tags, you may enter them at this point. You can also leave them blank.

  9. Click I acknowledge that AWS CloudFormation might create IAM resources with custom names.

  10. Click Create stack.

    AWS CloudFormation, stack created

To enable the event notifications for Amazon S3 buckets you have selected

Important: You must enable event notifications if you have entered your Amazon S3 bucket Amazon Resource Names (ARNs) in the bucketArns field. If you left this field empty, it is not necessary to enable the event notifications. If you don't do these instructions, USM Anywhere will not receive events from your Amazon S3 buckets.

  1. Open you AWS Management Console page and go to CloudFormation.

  2. Select the buckets you have entered previously in the bucketArns field.

  3. Click the Properties tab.

  4. Click Create event notification to enable the event notifications.

    AWS Cloud Formation, enable event notifications

  5. In the general configuration section, enter an event name.

  6. In the event types section, select the All object create events option.

  7. In the destination section, click the SNS topic option, and then select attcs-s3-connector.

    AWS CloudFormation, specify SNS topic

  8. Click Save changes.

  9. Go to USM Anywhere to enable the AWS Cloud Connector.

    See Cloud Connector List View for more information.