Table of Contents

Amazon Kinesis Data Firehose for detail logging in AWS WAF

Amazon Web Services (AWS) provides various tools which you can use to monitor AWS WAF (Web Application Firewall).
In our previous blog, we have seen how we can centrally configure and manage AWS WAF rules across multiple accounts and applications using AWS Firewall Manager.
AWS now provides a new service for detailed logging called Amazon Kinesis Data Firehose,  which is a fully managed service for delivering real-time streaming data to destinations such as Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon Elasticsearch Service (Amazon ES), and Splunk.
Amazon Kinesis Data Firehose stores all logs in the S3 bucket. These detailed logs give us more information about why certain rules are triggered and why certain rules are blocked with our specific ACL (Access Control List) rules.
For Amazon S3 destinations, streaming data is delivered to your S3 bucket. If data transformation is enabled, you can optionally back up source data to another Amazon S3 bucket.This is done in two steps assuming WAF is already implemented (if not, first implement WAF with the help of our blog):

  1. Adding Kinesis Data Firehose stream and choosing the destination for the data from Amazon S3, Amazon Elasticsearch, and Amazon Redshift.
  2. From existing WAF configurations, and enabling detailed logs using Firehose instance.

Implementation
Follow these steps for implementing Amazon Kinetic Data Firehose:

  1. Select ‘Kinesis Data Firehose’ for a new instance.
  1. Add a unique name for Firehose
  1. Choose a source to send records to the delivery stream
  1. Transform source records
  1. Convert record format
  1. Select the destination
  1. Configure all setting as per our requirement for the S3 bucket and select ‘Enabled’
  1. Create IAM role with the following policy :

With the name firehose_delivery_role

  • iam:CreateServiceLinkedRole
  • firehose:ListDeliveryStreams
  • firehose:PutLoggingConfiguration

Select created IAM role firehose_delivery_role in the Kinesis Data Firehose instance creation

  1. Review all configurations and create a delivery stream

Finally, you will able to see the active firehose in the console.

  1. Enable logging

Navigate to the WAF console, choose the region where the WAF is configured in the Logging tab and configure the section for ‘Enable Logging’.We should now be seeing detail logging in Kinesis service:For testing our setup, we can use demo dataThat’s it. Have you already configured and started using Amazon Kinesis Data Firehose? What challenges did you face? What did you learn? If you need help, please leave a comment below and an AWS expert will get in touch with you.

Learn More about Encora

We are the software development company fiercely committed and uniquely equipped to enable companies to do what they can’t do now.

Learn More

Global Delivery

READ MORE

Careers

READ MORE

Industries

READ MORE

Related Insights

Online Travel Agencies: Some Solutions to changes in booking and commission attributions

Discover how we can simplify travel changes for both travelers and OTAs using blockchain and ...

Read More

The AI-Powered Journey: How AI is Changing the Face of Travel

As travel elevates itself into an experience where every journey is as unique as the travelers ...

Read More

Enhancing Operational Excellence with AI: A Game-Changer for the Hospitality Industry

By AI, the hospitality industry can offer the best of both worlds: the efficiency and ...

Read More
Previous Previous
Next

Accelerate Your Path
to Market Leadership 

Encora logo

Santa Clara, CA

+1 669-236-2674

letstalk@encora.com

Innovation Acceleration

Speak With an Expert

Encora logo

Santa Clara, CA

+1 (480) 991 3635

letstalk@encora.com

Innovation Acceleration