Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a new section on how to collect AWS Network Firewall using Firehose #3885

Merged
merged 4 commits into from
Jun 7, 2024
Merged

Add a new section on how to collect AWS Network Firewall using Firehose #3885

merged 4 commits into from
Jun 7, 2024

Conversation

alaudazzi
Copy link
Contributor

@alaudazzi alaudazzi commented May 13, 2024
edited

This PR:

Doc preview

Closes #3881

@alaudazzi alaudazzi added docs Improvements or additions to documentation enhancement New feature or request backport-8.13 Automated backport with mergify backport-8.14 Automated backport with mergify labels May 13, 2024
@alaudazzi alaudazzi self-assigned this May 13, 2024
@github-actions GitHub Actions
Copy link
Contributor

A documentation preview will be available soon.

Request a new doc build by commenting
  • Rebuild this PR: run docs-build
  • Rebuild this PR and all Elastic docs: run docs-build rebuild

run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.

If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.

@alaudazzi alaudazzi requested a review from zmoog May 13, 2024 14:54
@zmoog
Copy link
Contributor

zmoog commented May 14, 2024
edited

Here are a draft for the step four:

[discrete]
[[firehose-cloudtrail-step-four]]
== Step 4: Enable logging

The AWS Network Firewall logs has logging support built in. It supports sending logs to Amazon S3, Amazon CloudWatch, and Amazon Kinesis Data Firehose.

To enable logging to Amazon Data Firehose:

- In the AWS console, navigate to the AWS Network Firewall service.
- Select the firewall you want to enable logging for.
- In the *Logging* section, click *Edit*.
- Select the *Send logs to* option and choose *Kinesis Data Firehose*.
- Select the Firehose stream you created in the previous step.
- Click *Save*.

A note on the "Select the Send logs to option and choose Kinesis Data Firehose" step. Today, the AWS console still uses the old name "Kinesis Data Firehose" instead of the updated "Amazon Data Firehose".

CleanShot 2024-05-14 at 17 34 04@2x

So this is probably one of those cases where we need to abstract the guide away from the UI details.

zmoog
zmoog reviewed May 14, 2024
View reviewed changes
docs/en/observability/cloud-monitoring/aws/monitor-aws-firewall-firehose.asciidoc Outdated
Comment on lines 63 to 76
. Set up logging.
+
Open the *Logging* section to edit your firewall settings. If you want to quickly check your Network Firewall logs before setting up Firehose, you can enable logging on CloudWatch, and then inspect the log events:
+
[role="screenshot"]
image::firehose-firewall-logging.png[Firewall setup logging]

. Visit CloudWatch and open your log group. If everything is working correctly, you will get the list of log events:
+
[role="screenshot"]
image::firehose-cloudwatch-log-events.png[CloudWatch Log events]

[discrete]
[[firehose-firewall-step-three]]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you want to quickly check your Network Firewall logs before setting up Firehose, you can enable logging on CloudWatch, and then inspect the log events:

After rereading this part, I realized it isn't worth enabling logging on to CloudWatch. Enabling logging on CloudWatch brings value if we set up our test Network Firewall, and we want to double-check that our setup is sound and that it's actually logging data.

Since we assume the reader already has a working Network Firewall, I suggest setting up the logging to Firehose in step four.

@alaudazzi
Copy link
Contributor Author

Thank you for your comments @zmoog. I'll be on PTO for the next two weeks, in case you need support you can reach out to @dedemorton (thank you DeDe!)

@zmoog
Expand the aws network firewall guide
a1b6ad2 
- Drop how to create a network firewall; it's too complex to include
  in guide.
- Expand the guide with the missing content.
@mergify Mergify
Copy link
Contributor

mergify bot commented May 29, 2024

This pull request is now in conflict. Could you fix it @alaudazzi? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b network-firewall upstream/network-firewall
git merge upstream/main
git push upstream network-firewall

@zmoog zmoog marked this pull request as ready for review May 29, 2024 09:08
@zmoog zmoog requested a review from a team as a code owner May 29, 2024 09:08
@alaudazzi
Copy link
Contributor Author

@bmorelli25 @dedemorton
Thank you so much for your thorough review during my PTO -- appreciate it :-)

@zmoog
I integrated the comments and fixed a few minor things. If you are happy with the latest status of this doc, I'll go ahead and merge it.

@zmoog
Copy link
Contributor

zmoog commented Jun 5, 2024

If you are happy with the latest status of this doc, I'll go ahead and merge it.

LGTM!

I'll open a different PR to link to the Terraform files.

mdbirnstiehl
mdbirnstiehl approved these changes Jun 7, 2024
View reviewed changes
Copy link
Contributor

@mdbirnstiehl mdbirnstiehl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@alaudazzi alaudazzi merged commit 1f3f117 into elastic:main Jun 7, 2024
4 checks passed
mergify bot pushed a commit that referenced this pull request Jun 7, 2024
@alaudazzi @mergify
Add a new section on how to collect AWS Network Firewall using Fireho…
210c66d 
…se (#3885)

* Start initial structure

* Expand the aws network firewall guide

- Drop how to create a network firewall; it's too complex to include
  in guide.
- Expand the guide with the missing content.

* Integrate reviewer's feedback

---------

Co-authored-by: Maurizio Branca <maurizio.branca@gmail.com>
Co-authored-by: Brandon Morelli <brandon.morelli@elastic.co>
(cherry picked from commit 1f3f117)
@mergify mergify bot mentioned this pull request Jun 7, 2024
Open
mergify bot pushed a commit that referenced this pull request Jun 7, 2024
@alaudazzi @mergify
Add a new section on how to collect AWS Network Firewall using Fireho…
82cbad5 
…se (#3885)

* Start initial structure

* Expand the aws network firewall guide

- Drop how to create a network firewall; it's too complex to include
  in guide.
- Expand the guide with the missing content.

* Integrate reviewer's feedback

---------

Co-authored-by: Maurizio Branca <maurizio.branca@gmail.com>
Co-authored-by: Brandon Morelli <brandon.morelli@elastic.co>
(cherry picked from commit 1f3f117)
@mergify mergify bot mentioned this pull request Jun 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bmorelli25 bmorelli25 bmorelli25 left review comments

@dedemorton dedemorton dedemorton left review comments

@zmoog zmoog zmoog approved these changes

@mdbirnstiehl mdbirnstiehl mdbirnstiehl approved these changes

Assignees

@alaudazzi alaudazzi

Labels
backport-8.13 Automated backport with mergify backport-8.14 Automated backport with mergify docs Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[AWS monitoring]: Add AWS Network Firewall use case using Amazon Data Firehose
5 participants
@alaudazzi @zmoog @bmorelli25 @dedemorton @mdbirnstiehl