Set up an AWS API inventory integration

March 13, 2023
April 15, 2024

Integrating with AWS API inventory enables the scanning of API resources to populate into the FireTail platform.

1. Navigate to Integrations in the FireTail platform. Select the Create integration tab.

2. Click AWS API Inventory Scanning.

3. In the Name of Integration field, enter a name for the integration.

4. You can either:

  • Use a Launch CloudFormation template - this is a template that adds a role to the account.
  • Manually deploy. To do this, click Manual setup of IAM Role and follow the on-screen instructions.

5. When using the template, select the Launch IAM role CloudFormation template heading.

6. Log in to AWS and return to the FireTail platform.

7. Click Launch Cloudformation to launch the template. This opens in a new window.

8. Select the checkbox; I acknowledge that AWS CloudFormation might create IAM resources. Click Create stack.

9. When the CloudFormation Stack has a status of CREATE_COMPLETE, copy the FiretailRoleARN from the Outputs tab.

10. Return to the FireTail platform. Paste the copied value in the AWS role ARN field.

11. The integration is Enabled by default. To make the integration inactive, clear the check box.

12. Select an application from the dropdown, or click Create to create a new application. This is the application that will be associated with the integration. When you complete the integration this adds the discovered APIs from AWS under the FireTail application that you choose. Learn more about applications here.

13. Select the AWS Regions you want to be scanned.

14. Enter a Scan Frequency. This is how often the scan is done in seconds. The minimum is 900 seconds (15 minutes).

15. Filter on AWS resource (optional). Click Add key - Tags enable you to filter on the environment. Adding tags enables you to limit the scanning of AWS resources with the defined tags. For example, filter by env:prod to limit the scanning of AWS resources to your production environment.

16. Click Submit.

The discovered APIs can be viewed by navigating to the APIs tab in the FireTail platform.

When the APIs have been populated on the platform you can then set up API logging using the FireTail API Gateway logging in an AWS region integration.