- ARN username—dduong
- Address Manager URL—192.168.56.93
- Address Manager username —dduong
- AWS region name—us-west-1
- AWS account—938684065067
- Configuration name—us-west-1Note: If the BLUECAT CONFIGURATION field is empty, the configuration name is the AWS region name. In this example, us-west-1.
The example information produces the string dduong_192.168.56.93_dduong_us-west-1_938684065067_us-west-1. Cloud Discovery & Visibility produces the following hash from this information: 30d431e82a945cd7819fb3cce23c61a8.
echo -n <string> | md5sum
- Create a Standard SNS topic in your region with the name
BC-CDV-SNS-EC2-TOPIC-<hash string>. In the
following example, the topic created is
BC-CDV-SNS-EC2-TOPIC-30d431e82a945cd7819fb3cce23c61a8:When configuring the Standard SNS topic, use the following values for each associated key:
Key Value Type Standard Name BC-CDV-SNS-EC2-TOPIC-<hash string> In this example, BC-CDV-SNS-EC2-TOPIC-30d431e82a945cd7819fb3cce23c61a8
Encryption - optional Disabled Access policy - optional - Method: Basic
- Define who can publish messages to the topic: Only the topic owner
- Define who can subscribe to this topic: Only the topic owner
Delivery retry policy (HTTP/S) - optional Use the default delivery retry policy { "http": { "defaultHealthyRetryPolicy": { "numRetries": 3, "numNoDelayRetries": 0, "minDelayTarget": 20, "maxDelayTarget": 20, "numMinDelayRetries": 0, "numMaxDelayRetries": 0, "backoffFunction": "linear" }, "disableSubscriptionOverrides": false } }
Delivery status logging - optional Default - Create a Standard SQS queue in your region with a name in the following format:
BC-CDV-<hash string>. In the following
example, the queue created is
BC-CDV-30d431e82a945cd7819fb3cce23c61a8:When configuring the Standard SQS queue, use the following values for each associated key:
Key Value Type Standard Env Prod Queue name BC-CDV-<hash string> In this example, BC-CDV-30d431e82a945cd7819fb3cce23c61a8
Configuration Visibility timeout 30 seconds Message retention period 4 days Delivery delay 0 seconds Maximum message size 256 KB Receive message wait time 0 seconds Access policy - Define who can access your queue Method Basic Define who can send messages to the queue Only the queue owner Define who can receive messages from the queue Only the queue owner Optional Configuration Dead-letter queue Disable Delivery status logging - optional Default - Create a EventBridge Rule for AWS VPC, EC2 with a name in the following
format: BC-CDV-EC2-CW-<hash string>. Configure the
following policy with the target configured as the name of the EventBridge Rule
for AWS VPC, EC2:When configuring the EventBridge Rule, use the following values for each associated key:
Key Value Event Pattern { "source": [ "aws.ec2", "aws.elasticloadbalancing" ], "detail-type": [ "AWS API Call via CloudTrail" ], "detail": { "eventSource": [ "ec2.amazonaws.com", "elasticloadbalancing.amazonaws.com" ] } }
Targets BC-CDV-SNS-EC2-TOPIC-<hash string> In this example, BC-CDV-SNS-EC2-TOPIC-30d431e82a945cd7819fb3cce23c61a8
Name BC-CDV-EC2-CW-<hash string> In this example, BC-CDV-EC2-CW-30d431e82a945cd7819fb3cce23c61a8
State Enabled - Create a subscription with the previously configured topic, the protocol set as
Amazon SQS, and the endpoint set to the ARN of the previously
configured SQS.When configuring the subscription, use the following values for each associated key:
Key Value Topic ARN The topic ARN of topic name BC-CDV-SNS-EC2-TOPIC-<hash string> In this example, arn:aws:sns:us-west-1:<aws-account-id>:BC-CDV-SNS-EC2-TOPIC-30d431e82a945cd7819fb3cce23c61a8
Protocol Amazon SQS Endpoint The SQS ARN of queue name BC-CDV-<hash string> In this example, arn:aws:sqs:us-west-1:<aws-account-id>:BC-CDV-30d431e82a945cd7819fb3cce23c61a8
Enable raw message delivery Unchecked Subscription filter policy - optional None Redrive policy (dead-letter queue) - optional Disabled - If you are configuring visibility for AWS Route 53, create a Standard SNS topic
in the us-east-1 region with a name in the following format:
BC-CDV-SNS-R53-TOPIC-<hash string>. In the
following example, the topic created is
BC-CDV-SNS-R53-TOPIC-30d431e82a945cd7819fb3cce23c61a8:When configuring the Standard topic for AWS Route 53, use the following values for each associated key:
Key Value Type Standard Name BC-CDV-SNS-R53-TOPIC-<hash string> In this example, BC-CDV-SNS-R53-TOPIC-30d431e82a945cd7819fb3cce23c61a8
Encryption - optional Disabled Access policy - optional - Method: Basic
- Define who can publish messages to the topic: Only the topic owner
- Define who can subscribe to this topic: Only the topic owner
Delivery retry policy (HTTP/S) - optional Use the default delivery retry policy { "http": { "defaultHealthyRetryPolicy": { "numRetries": 3, "numNoDelayRetries": 0, "minDelayTarget": 20, "maxDelayTarget": 20, "numMinDelayRetries": 0, "numMaxDelayRetries": 0, "backoffFunction": "linear" }, "disableSubscriptionOverrides": false } }
Delivery status logging - optional Default - Create a EventBridge Rule for AWS Route53 with a name in the following
format: BC-DV-R53-CW-<hash string>. Configure the
following policy with the target configured as the name of the EventBridge Rule
for AWS Route53:When configuring the AWS Route 53 EventBridge Rule, use the following values for each associated key:
Key Value Event Pattern { "source": [ "aws.route53" ], "detail-type": [ "AWS API Call via CloudTrail" ], "detail": { "eventSource": [ "route53.amazonaws.com" ] } }
Targets BC-CDV-SNS-R53-TOPIC-<hash string> In this example, BC-CDV-SNS-R53-TOPIC-30d431e82a945cd7819fb3cce23c61a8
Name BC-CDV-CW-R53-RULE-<hash string> In this example, BC-CDV-CW-R53-RULE-30d431e82a945cd7819fb3cce23c61a8
State Enabled - Create a subscription with the previously configured topic, the protocol set as
Amazon SQS, and the endpoint set to the ARN of the previously
configured SQS.When configuring the Amazon Route 53 subscription, use the following values for each associated key:
Key Value Topic ARN The topic ARN of topic name BC-CDV-SNS-R53-TOPIC-<hash string> In this example, arn:aws:sns:us-west-1:<aws-account-id>:BC-CDV-SNS-R53-TOPIC-30d431e82a945cd7819fb3cce23c61a8
Protocol Amazon SQS Endpoint The SQS ARN of queue name BC-CDV-<hash string> In this example, arn:aws:sqs:us-west-1:<aws-account-id>:BC-CDV-30d431e82a945cd7819fb3cce23c61a8
Enable raw message delivery Unchecked Subscription filter policy - optional None Redrive policy (dead-letter queue) - optional Disabled
Once the configurations have been made in AWS, you can select the Enable Visibility after Discovery option. After the visibility task has run once, and the SQS, SNS, and EventBridge rules are defined in AWS, your AWS administrator can revert your AWS account permissions to read-only if you were granted temporary write access.