Skip to main content

Cloud

Connector

This topic describes the purpose of the Illumio Cloud Connector feature, and provides a general example of how you would use it. For instructions on how to connect a specific a workflow and incident management tool, such as Slack, using the Connector page, see the applicable pop-up help in the user interface.

Apps Use Case and Example

This feature lets you connect workflow and incident management tools, such as messaging applications or others, to Illumio Cloud. For example, you might want to receive a notification in your messaging application when a policy changes, when a deployment is removed, or any other audit event.

The following steps illustrate how you might set up a connection to such an application.

  1. The first part of the sequence would be to browse to the Settings > Connector > Apps tab. From there, the pop-up help will give you instructions.

  2. Depending on your application, you may need to provide the following:

    • Channel Name (Illumio Cloud does not verify the name, so make sure it is correct.)

    • Webhook URL (This would be how Illumio Cloud knows where to deliver the message.)

  3. The dialog may have fields for other characteristics, depending on the application.

  4. When a channel is configured, it automatically starts receiving any subsequent policy provisioning alert. For any other alert type, the automation rule needs to be created.

  5. Policy provisioning alerts are sent to all configured channels. In other words, the same alert message is sent to all of them if all the channels were added.

  6. The next step would be to edit or delete your created channels if needed. Click the application tile to see a list of channels.

Different kinds of workflow and incident management tools will vary widely, so see the pop-up help in the user interface that is specific to that particular one.

Automation Use Case and Example

This feature lets you automate messaging after you have performed the above steps to connect workflow and incident management tools, such as messaging applications or others, to Illumio Cloud.

  1. The first step is to browse to the Settings > Connector > Automation tab.

  2. Click Add Rule and enter a name in the dialog that appears. In this example, you want to have Slack notify you of system audit events. You might name it 'Successful Policy Update to Slack.'

  3. Select one or more triggers by clicking Add Trigger and then selecting a trigger in the dropdown menu. In this case, you might pick something like 'policy is provisioned.'

  4. Select one or more actions by clicking Add Action and then selecting an action in the dropdown menu. In this example it might be 'send a Slack message.'

  5. Under Slack Channel, select a Slack channel, and under Message, enter a message.

  6. Under Date and Time, select either Send immediately, or Send later and specify a time and frequency.

  7. You may click Send Test to verify your system event Slack notification before you click Add Rule in the Add Rule dialog.

S3 Bucket Use Case and Example

This feature lets you connect Illumio Cloud to your AWS S3 buckets so that you can export Illumio Cloud traffic flows to your S3 buckets.

Exporting traffic flow logs sends enriched flow logs from Illumio Cloud to the storage destination in your account. Flows are sent in batches every 60 minutes as the flow logs are collected. This feature is not limited to the 10,000 flows maximum allotment in the Traffic dashboard. The flow logs sent to the S3 bucket will include all the Illumio Cloud-processed flows based on the filters set while configuring the export. 

During the flow processing, Illumio Cloud enriches these raw flow logs from the cloud providers with labels on the source and destination. This adds greater enrichment to the traffic flows which provides greater context for users to understand when viewing and investigating traffic through these flow logs. 

In some cases, cloud providers send only partial flow data to Illumio Cloud. When this happens, Illumio Cloud makes periodic requests back to the cloud provider for the full flow log. This process can take up to forty minutes to retrieve the full flow log. To reduce issues related to partial flow data or duplicate flows being sent, Illumio Cloud batches flow logs once it ensures that the full flow data is captured from the cloud provider.

Onboarding an S3 Bucket

Use these steps to onboard an S3 bucket:

  1. Log into the Illumio Console and navigate to the Settings > Connector tab.

  2. Click the S3 Bucket tile.

  3. Click Connect S3 Bucket.

  4. In the dialog that appears, choose the radio button for either onboarded or unknown AWS accounts and select entries for the following credentials:

    • Account ID

    • S3 Bucket ARN

    • Region

  5. Click Next.

  6. Select a Service Account.

  7. Select your preferred type of Integration. Illumio recommends creating a cloud formation stack. Create the appropriate roles in the AWS console, and when you are done, click Next in the Illumio Cloud dialog.

  8. Click Save. This completes the connection and takes you to a list of added S3 buckets.

You can delete S3 bucket connections by selecting one S3 bucket at a time from the list and clicking Remove.

Testing the Onboarded S3 Bucket Connection

Test your connection to ensure that Illumio Cloud exports traffic to your S3 bucket with the following steps:

  1. For the desired S3 bucket in the list, click Test Connection. You will get either a 'Connection Successful' or a 'Connection Failed' message.

  2. If you got a failure message, click Configure to change your selections as needed to successfully connect.

    • Verify that the provided account ID, bucket ARN, and region are correct

    • Once verified, grant access again by running the cloud formation template to grant Illumio Cloud access to the bucket

    • Save the changes and the test connection again. If the cloud formation template succeeded, the connection should work.

  3. If you got a success message, there is nothing more you need to do for that connection.

Exporting Traffic Data to an Onboarded S3 Bucket

Use the following steps to export data to your S3 buckets.

  1. On the Traffic page, filter your traffic as desired and click Export > Export to Connector.

  2. In the dialog that appears, choose the following selections:

    • Export Format: CSV or JSON

    • Connector: S3 Bucket

    • S3 Bucket: The S3 bucket of current interest

    • S3 Bucket Prefix Name: An optional prefix with meaning to you that will assist in sorting your exported collection of data

  3. If you wish, click Test Connection.

  4. When you are satisfied with your selections, click Save.

  5. After saving, view your Illumio Cloud traffic query export statuses in the Settings > Connector > S3 Bucket tab, under the specified bucket. Traffic data begins to appear in the AWS console S3 bucket on an hourly basis.

    Note that you can enable or disable traffic data export for a connector. To do this, find it in the connector list and click on it. In the panel that appears, select an export and click Enable or Disable, as appropriate. Disabling prevents export of any more flows for that specific configuration.