Integrating your AWS CloudTrail service with Workbench allows Expel to gain insight into the activities that are occurring within your AWS account and to effectively monitor for suspicious events on your behalf. To onboard successfully, you will need to create or leverage a trail and then make your S3 bucket available to Expel, which will enable us to access the event logs.
Setup Options
You have several options for onboarding. Click a link to get started:
- Manually configure your integration with a new trail.
- Manually configure your integration using an existing trail.
- Manually configure your integration using an existing trail with ControlTower.
- Automatically configure your integration with our Wizard. You may use a new trail or an existing trail; connection options include a Terraform module or a CloudFormation template (see below for more information).
About the Terraform Module
Expel has created an open-source, fully transparent Terraform module to create all of the necessary AWS resources for your integration and enable secure transfer of your CloudTrail logs to Workbench. A list of those resources can be found here.
By default, all methods of communication between Workbench and AWS or AWS resources are encrypted. All means of data storage (S3) also follow AWS best practices including enabling access logging, enabling bucket versioning, and allowing for zero public access.
About the CloudFormation Template
As an alternative to manual setup, Expel offers a CloudFormation template to perform the necessary AWS configurations for an organization or an individual account. Using a template does not run anything on your AWS account. Instead, the template populates CloudFormation with the appropriate steps, you review those steps, and then you decide whether or not to execute them.
For organizations, the template will create a stackset to configure the permissions on each of your accounts. The stackset can also be left in place to automatically run on any new accounts you create for your organization in the future.