Preparing Custom Apps for AWS

Create a dedicated AWS account and set up logging.

1. Depending on whether you want Oracle CASB Cloud Service to use IAM users or IAM roles to monitor your AWS instances, set up a dedicated AWS account for use with your AWS CustomApp by perform the steps in:

   • Using an IAM User: Creating and Registering a Dedicated Service User — if you want Oracle CASB Cloud Service to use IAM users.

   • Using an IAM Role: Creating a Dedicated Service Role — if you want Oracle CASB Cloud Service to use IAM roles.

2. In the AWS console, select Services, Cloudwatch, Logs.
3. Create a log group named CASB_customapp_group

Formatting Logs for Cloudwatch

Ensure that Cloudwatch logs are formatted properly for Oracle CASB Cloud Service to process.

The logs from Cloudwatch cannot be processed if they are not properly formatted. The sample log listing below illustrates the expected format – bolded items indicate the information that Oracle CASB Cloud Service extracts. For information on formatting logs, see the AWS documentation.

{
   "urlIn": "/api/v2/users/user/b00d8543-3fbf-414a-9dfe-58dcadfe9ce3",
   "timeIn": 1467547359746,
   "timeOut": 1467547359750,
   "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36",
   "ipAddress": "198.179.137.241",
   "filterTracers": [
     {
       "filterName": "frontendPreFilter",
       "timeIn": 1467547359746,
       "timeOut": 0,
       "status": -1
     },
     {
       "filterName": "userProfilev2Service",
       "timeIn": 1467547359746,
       "timeOut": 1467547359749,
       "status": -1
     },
     {
       "filterName": "sendErrorFilter",
       "timeIn": 1467547359746,
       "timeOut": 1467547359749,
       "status": 401,
       "url": "/api/v2/users/user/b00d8543-3fbf-414a-9dfe-58dcadfe9ce3"
     }
   ]
 }