New Relic provides an integration for your AWS Verified Access logs.
AWS Verified Access is a tool that provides secure access to corporate applications without requiring a VPN.
Any time someone attempts to access your corporate application, a log is created, and they can be forwarded to New Relic via AWS Kinesis Firehose.
This integration monitors your Verified Access activity, including top denied IP addresses, overall count of denied and granted activity, and more.
To use Kinesis Firehose, you must have a Kinesis Data Firehose delivery stream already created. If you do not, you can create one by going to Amazon Kinesis Firehose feature from your AWS console, and creating a delivery stream with
Destination: New Relic.
To set up this integration:
- From your AWS console, navigate to the AWS VPC Service.
- From the left panel, under the AWS Verified Access dropdown, select
Verified Access instances.
- Select the ID of the instance you would like to configure.
- Select the
Verified Access instance logging configurationtab.
Modify Verified Access instance logging configuration.
- Select the
Deliver to Amazon Kinesis Data Firehosetoggle.
- Select a delivery stream configured to point to New Relic.
You can query and explore your data in our logs UI, using a filter of
metadata.product.name = Verified Access.
This table describes the data reported from Verified Access logs. For example logs, see the AWS Verified Access log examples doc.
The name of the activity for Verified Access.
Log category. In this case it will usually be
Names the class of the log.
Provides information about the device attempting to access the application, like the IP address.
The duration of the request.
The time that the the request ended.
Information about the request to access the application, like method, port, and hostname.
The response code from the request.
Information about the identity of the user attempting to access the application.
Identifier for the log.
The defines the source IP and port of the originating request.
The status of the attempted login, should be
The name of the type of access log.