Collector "AWS-VPC-Endpoint" Configuration Manual¶
Before reading this document, please read:
Tip
Before using this collector, you must install the "Integration Core Core Package" and its accompanying third-party dependency packages.
1. Configuration Structure¶
The configuration structure of this collector is as follows:
| Field | Type | Required | Description |
|---|---|---|---|
regions |
list | Required | List of regions to be collected |
regions[#] |
str | Required | Region ID. For example: 'cn-north-1'See appendix for the complete list |
2. Configuration Example¶
Collect instance data for the Beijing region
Configuration Filter (Optional)¶
This collector script supports custom filters, allowing users to filter target resources based on object attributes. The filter function returns True or False.
-
True: The target resource should be collected.
-
False: The target resource should not be collected.
Supported object attributes for filtering:
| Attribute | Description |
|---|---|
| VpcId | VPC ID |
| VpcEndpointId | Endpoint ID |
| State | Endpoint status |
| VpcEndpointType | Endpoint ID |
| ServiceName | Name of the service associated with the endpoint |
| PrivateDnsEnabled | (Interface endpoint) Indicates whether the VPC is associated with a private hosted zone |
| RequesterManaged | Indicates whether the endpoint is managed by its service |
| OwnerId | ID of the Amazon Web Services account that owns the endpoint |
# Example: Enable the filter to filter based on the VpcEndpointId and State attributes of the object. The configuration format is as follows:
def filter_instance(instance):
'''
return True|False
'''
instance_id = instance['VpcEndpointId']
state = instance['State']
if instance_id in ['xxx'] and state in ['xxx']:
return True
return False
###### Do not modify the following contents #####
from integration_core__runner import Runner
import integration_aws_vpc_endpoint__main as main
@DFF.API('AWS-VPC Endpoint Collection', timeout=3600, fixed_crontab='* * * * *')
def run():
collectors = [
main.DataCollector(account, collector_configs, filters=[filter_instance]),
]
Runner(collectors).run()
3. Data Reporting Format¶
After data is successfully synchronized, you can view the data in the "Infrastructure - Resource Catalog" of TrueWatch.
An example of the reported data is as follows:
{
"measurement": "aws_vpc_endpoint",
"tags": {
"OwnerId" : "xxxx",
"PrivateDnsEnabled": "False",
"RegionId" : "cn-north-1",
"RequesterManaged" : "False",
"ServiceName" : "com.amazonaws.cn-north-1.s3",
"State" : "available",
"VpcEndpointId" : "vpce-xxx",
"VpcEndpointType" : "Gateway",
"VpcId" : "vpc-xxx",
"name" : "vpce-xxx"
},
"fields": {
"CreationTimestamp" : "2023-11-22T06:19:15Z",
"DnsEntries" : "[(Interface endpoint) DNS entries of the endpoint]",
"Groups" : "[(Interface endpoint) Information about security groups associated with the network interface]",
"NetworkInterfaceIds": "[(Interface endpoint) Network interfaces of the endpoint]",
"PolicyDocument" : "{Policy document associated with the endpoint (if applicable)}",
"RouteTableIds" : "[(Gateway endpoint) IDs of the route tables associated with the endpoint]",
"SubnetIds" : "[(Interface endpoint) Subnets of the endpoint]",
"Tags" : "[Tags assigned to the endpoint]",
"message" : "{Instance JSON data}"
}
}
Note
The fields in tags and fields may change with subsequent updates.
4. IAM Policy Permissions¶
Note
If users use the method of bringing in IAM roles to collect resources, certain operation permissions need to be enabled.
This collector requires the following permissions:
ec2:DescribeVpcEndpoints
X. Appendix¶
Please refer to the official AWS documentation: