In this document you will learn how to install the nOps AWS Lambda Forwarder Agent to forward events from your AWS CloudTrail into nOps via:
Some of the requirements for installing the Lambda Forwarder Agent are:
AWS CloudTrail with an S3 bucket for CloudTrail logs must be configured before deploying this stack.
The S3 bucket for AWS CloudTrail, and nops-aws-forwarder should be within the same region.
API key from nOps. If you want to use an encrypted key, set up a symmetric encryption key within KMS in the same region of Lambda and provide the permission for Lambda execution's role later.
The recommended way to install the Lambda Forwarder Agent is to use the CloudFormation stack, but if for some reason the installation fails or you don’t want to use CloudFormation, you can also install the agent manually.
In order to start the installation process, log into your admin AWS account/role and click deploy the nOps AWS Lambda Forwarder CloudFormation stack to start the deployment of the Forwarder Agent.
Note: To take a look at the CloudFormation template, see nOps AWS Lambda Forwarder CloudFormation YAML Template.
When you click the deployment link, you will be redirected to AWS > CloudFormation > Stacks > Create stack.
In the Create stack page:
Fill in pnOpsApiKey or pnOpsKmsAPIKey, pCTForwarderReleaseVersion, and pCloudtrailBucketName. All other parameters are optional.
Click Create stack, and wait for the creation to complete:
You can find the installed forwarder Lambda function under the stack's "Resources" tab with logical ID rLambdaForwarder:
If you use a KMS-encrypted API key, provide the access permission for the Lambda role for KMS Key
Repeat steps 1 to 4 in another region if you operate in multiple AWS regions with a single-region trail.
If you can't install the Forwarder Agent using the provided CloudFormation template or you don’t want to use CloudFormation, you can install the Forwarder Agent manually:
Create a Python 3.9 Lambda function using nops-aws-forwarder-deployment-package-<VERSION>.zip from the latest releases.
Save your nOps API key to Lambda's environment variable NOPS_API_KEY or encrypted KMS key as NOPS_KMS_API_KEY.
Add the s3:GetObject permission to the Lambda execution role.
If you use a KMS-encrypted API key, provide access permission for the Lambda role for the KMS key.
To update to a new version, run the following: