Note: Please go to docs.rightscale.com to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > Guides > Dashboard Users Guide > Settings > Account > Actions > Enable Authorization Logging with an AWS SQS in RightScale

Enable Authorization Logging with an AWS SQS in RightScale

Objective

To send authorization events to an SQS queue managed in RightScale.

Table of Contents

Prerequisites

  • This feature will be enabled if you have an Enterprise RightScale Account.  If you do not have an Enterprise Account, but would like this feature enabled, contact your RightScale Sales Account Manager or the sales department at sales@rightscale.com.
  • You must have valid Amazon Web Service (AWS) credentials. See  Sign-up for Amazon Web Services (AWS).
  • 'actor' user role privileges are required to enable this feature

Overview

You can send authentication events through Amazon SNS each time a RightScale user authenticates against the RightScale Dashboard or API. Amazon's Simple Notification Services enables applications, end-users, and devices to instantly send and receive notifications from the cloud. The purpose of this tutorial is to show RightScale account managers how to monitor authentication events of RightScale's Dashboard and API and have those events sent to an SQS queue that is managed in RightScale.

Steps

If you would like to monitor your authentication events with an SQS through RightScale, you can follow the steps below.

  1. Go to Settings > Account Settings > Authorization Logging and select Edit. 
  2. Switch from 'disable' to 'enable.' The AWS Account ID associated with RightScale will automatically appear. 
  3. Make sure the AWS Account ID matches the Account ID in the AWS Console (to do this, you will need to log into the AWS Console and navigate to 'My account' and the number will be displayed below your name).
  4. Click Save.
  5. An AWS SNS Topic ARN will appear as well as the Status and Subscriber AWS Account Number.
     

screen_AuthorizationLogging.png

 

  1. Make note of the AWS account number from the AWS SNS Topic ARN
     

The AWS Account ID will be listed between the region and name of the Topic ARN: 

arn:aws:sns:us-east-1:[Your RightScale Generated AWS Account ID]:authorization-55806

NOTE: An AWS SNS Topic ARN consists of the region the Topic ARN was created in, the AWS Account ID, and the name of the Topic ARN. When Authorization Logging is enabled and saved, RightScale automatically generates this value. The AWS Account ID contained with the Topic ARN has no association with the AWS Account ID associated with your own AWS account. The AWS Account ID associated with your account is listed as Subscriber AWS Account Number.

NOTE: The AWS Account IDs above are blurred out for security purposes.

  1. Go to SQS Queue beta (Clouds > AWS Region > SQS Queue beta).
  2. Select Create Queue.
    • Enter the queue name. Note the name should contain no spaces and contain a maximum of 80 characters.
  3. Click on the queue name and go to the Permissions tab.

 

File:12-Guides/Dashboard_Users_Guide/Settings/Account/Actions/Enable_Authorization_Logging/screen_RS-SQS-Queue.png

  1. Click edit (the pencil icon) in the Permissions column. 
  2. Under Grantee, paste in the AWS account number that is apart of the AWS SNS Topic ARN.
     

File:12-Guides/Dashboard_Users_Guide/Settings/Account/Actions/Enable_Authorization_Logging_with_an_AWS_SQS_in_RightScale/screen_RightScale-SQS-Queue-for-SNS-Permissions.png

  1. Select 'SendMessage,' 'ReceiveMessage,' and 'GrantQueueURI.'
  2. Click Save.
  3. Go to the Info tab of your SQS Queue and make note of the the ARN under General
     

screen-SQS-Queue-for-SNS-Info.png

  1. Log in to your AWS Console and navigate to SNS. If you do not have this enabled for your account, see Amazon Simple Notification Services.
  2. Click My Subscriptions and you will need to enter the following information:
    • Topic ARN - This should be the AWS SNS Topic ARN created by RightScale when Authorization Logging was enabled (i.e. arn:aws:sns:us-east-1:[Your RightScale Generated AWS Account ID]:authorization-55806)
    • Protocol - Select SQS
    • Endpoint - This should be the ARN of the RightScale SQS Queue located in the Info tab in the General section. (i.e., arn:aws:sqs:ap-southeast-1:[A RightScale Generated AWS Account ID]:queue_name)
  3. Click Subscribe.

To test if authorization logging is properly configured, log out of the RightScale Dashboard and log back in. Then check the endpoint that you chose to see if AWS SNS sent a message.

You must to post a comment.
Last modified
22:52, 16 May 2013

Tags

Classifications

This page has no classifications.

Announcements

None


© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.