TRACK CLOUDTRAIL EVENTS VIA SLACK
AWS CloudTrail Listener for Slack
Define & manage GorillaStack real-time workflows to monitor AWS CloudTrail via Slack.
Command and control GorillaStack automation from Slack. With ChatOps, you can be alerted, receive detailed information for each notification on demand without logging in to your cloud environment.
- Receive real-time alerts on suspicious CloudTrail events
- Notify the right user of each critical event
- Snooze and cancel your scheduled resource automation rules
Key Benefits To Track CloudTrail in Slack
Track Any CloudTrail Events in Slack
Receive alerts into your Slack environment as soon as events hit your CloudTrail log. Apply your own filters so that only important events show up in your feed.
Takes Seconds To Install
Use the AWS console or run a simple command in your AWS CLI to kick off your AWS Slack integration right away. Your whole team has access to the bot with just a couple of clicks.
Reach The Right Team Member
When you track a CloudTrail event using our AWS Slack integration, you can specify which channel or team member receives the alert – reduce noise and target the issue owner.
Get The Right Information
Whenever you get a high level notification, you can expand the raw event text snippet to explore more detailed information.
Not sure which events to track? We recommend monitoring these CloudTrail events for security.
Affordable Pricing
Try 14 days trial for free. Script-free. No credit card required.
ALERTS
Per AWS account/month
- Unlimited Alerts
- Unlimited Users
- Slack App Integration
- Email Integration
- Role Based Access Control
- Single Sign On (SAML 2.0)
- API Access and Terraform
- Pay via AWS Marketplace or Credit Card
ALERTS + REMEDIATION
Per AWS account/month
- Unlimited Alerts
- Unlimited Users
- Slack App Integration
- Email Integration
- Role Based Access Control
- Single Sign On (SAML 2.0)
- API Access and Terraform
- Pay via AWS Marketplace or Credit Card
- Remediation Actions
Frequently Asked Questions (FAQs)
About Real-Time Events
You can use GorillaStack to filter and alert on any CloudTrail event.
For more information on the kinds of events you may wish to consider, you can read about high priority CloudTrail security events.
Receive notifications in real time as CloudTrail events take place. Typically a system event will write to CloudTrail in less than 10 seconds.
Pricing
Yes, you can pay for us via the AWS marketplace, GorillaStack will appear as an item on your bill every month.
We do! If you want to pay a year up front, we'll give you 2 months for free, you can get in contact at any time. Also, call us if you're a not-for-profit, we'll assess these on a case-by-case basis.
Getting Started
AWS Accounts are linked to GorillaStack by deploying a CloudFormation template. When deployed this CloudFormation template:
- Creates an IAM role for cross-account access. GorillaStack assumes this role when collecting data and executing actions and the role's IAM permissions control GorillaStack's level of privilege
- Creates a Lambda Function which has the sole responsibility of posting back to GorillaStack on successful or unsuccessful stack creation.
Azure subscriptions are linked by running a script in the Azure cloud shell.
The GorillaStack bill is only calculated based on the infrastructure that is linked to GorillaStack. If you don’t connect any AWS accounts we won’t charge you for coverage.
An AWS Account is linked to GorillaStack by deploying a CloudFormation template.
This CloudFormation template creates a role for cross-account access, containing IAM permissions which control what GorillaStack can do within a linked account.
Within GorillaStack you can enable and disable Rule Triggers and Actions to only allow what you want to use. When you make changes to enabled Rule Triggers and Actions we generate a unique CloudFormation template, containing only the IAM permissions you need.
To leverage all Triggers and Actions in GorillaStack Cost Optimization, a linked account needs to allow the following IAM permissions:
autoscaling:DescribeAutoScalingGroups
autoscaling:UpdateAutoScalingGroup
dynamodb:DescribeTable
dynamodb:ListTables
dynamodb:ListTagsOfResource
dynamodb:UpdateTable
ec2:DeleteSnapshot
ec2:DeleteVolume
ec2:DescribeAddresses
ec2:DescribeInstances
ec2:DescribeSnapshots
ec2:DescribeTags
ec2:DescribeVolumes
ec2:RebootInstances
ec2:ReleaseAddress
ec2:StartInstances
ec2:StopInstances
ecs:DescribeServices
ecs:ListClusters
ecs:ListServices
ecs:UpdateService
rds:DescribeDBInstances
rds:DescribeDBSnapshots
rds:ListTagsForResource
rds:StartDBInstance
rds:StopDBInstance
sns:ConfirmSubscription
sns:ListTopics
sns:Subscribe
sns:Unsubscribe
Yes.
We provide the option of customizing the template using the GorillaStack interface to restrict the available permissions to just the Rules Engine Actions and Triggers that you need (no CloudFormation knowledge needed!). This can be done on first-time Account Setup, or by updating the setup for already linked accounts.