StackZone Feature: Security Shared Topic
Core Accounts Security Feature
Eduardo Van Cauteren
Last Update hace 2 años
StackZone enables your DevSecOps team notifications by creating a multi-account Amazon SNS Topic aggregator that gives them full visibility of alerts across all your organization, services and accounts.
Amazon Simple Notification Service (Amazon SNS) is a managed service that provides message delivery from publishers to subscribers (also known as producers and consumers). An Amazon SNS topic is a logical access point that acts as a communication channel. A topic lets you group multiple endpoints (such as AWS Lambda, Amazon SQS, HTTP/S, or an email address).
How to enable and configure Shared Topic
After logging into StackZone console, locate Provisioning at the left side menu and click on Core Accounts then click on Security; once there, locate the Shared Topic card. Remember to enable the Edit mode from the top-right corner toggle, in order to make changes.
Once there, click on the card toggle to enable the Shared Topic feature then fill in the email fields with the desired email addresses for notifications to be sent. Check the following screenshot as reference:
Unless you actually need to receive notifications about all changes performed in your account, we recommend leaving the Subscribe to All Change Events option disabled.
Once the previous step is completed, click on Save Settings button then go to Provisioning -> Status and click on the Deploy button to push the changes to AWS.
Notice that the deployment process will take some time to finish from the AWS side.
After the configuration deployment process is finished, you can check that the topic has been created by login into the StackZone Security Account in the AWS Console and going to Amazon SNS -> Topics and look for the StackZone-Aggregate-Security-Notifications one.
You will find a screen like the following one in which you need to confirm the email address in order to start receiving security notifications.
Subscribing to the topic by adding and confirming your email address is crucial to start receiving security findings and notifications that otherwise will be missed.
An example of notifications you can receive are GuardDuty findings on resources that may be compromised and should be investigated in order to improve the security on your infrastructure.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here