AWS Actions

Actions for AWS S3 #

Lucidum allows you to automatically perform the following actions on assets that meet your criteria. You define the criteria for assets by creating a query.

• Send Data to AWS S3. Sends customized Lucidum data to AWS S3 for storage.

Actions for AWS EC2 #

Lucidum allows you to automatically perform the following actions on assets that meet your criteria. You define the criteria for assets by creating a query.

• AWS EC2 Actions. Perform one of the following actions. Specify the actions in the Details page.

  • Stop Instance. Stops all EC2 instances that match the query in the Filters page. For details on what happens when you stop an AWS instance, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#what-happens-stop/.

  • Start Instance. Starts all EC2 instances that match the query in the Filters page. For details on what happens when you start an AWS instance, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#what-happens-start/.

  • Tag Instance. Adds a tag (descriptive key: value pair) to all EC2 instances that match the query in the Filters page. For details on tagging, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html.

  • Untag Instance. Removes a tag (descriptive key: value pair) from all EC2 instances that match the query in the Filters page. For details on tagging, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html.

Use Cases #

• Send Data to AWS S3. Meet compliance requirements by saving multiple copies of your data.

• Stop Instance. You might want to stop an EC2 instance if:

  • the instance is under-used and the running cost of the instance is high

  • the instance has a critical vulnerability and requires remediation before it can be back on the network

• Start Instance. You might want to start an EC2 instance if:

  • the instance was stopped for maintenance or updates and can now rejoin the network

• Tag Instance. You might want to add a tag to an instance if:

  • your corporate policy requires tagging and you found an untagged instance

  • you want to add an additional tag to an instance

Prerequisites #

• To create actions that act upon AWS EC2 assets, you will require an Access Key ID and Access Key Secret for an AWS account that has AWS EC2 Full Access permission.

• To create actions that write data to AWS S3 assets, you will require an Access Key ID and Access Key Secret for an AWS account that has AWS S3 Full Access permission. The AmazonS3FullAccess policy looks like this:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*",
"s3-object-lambda:*"
],
"Resource": "*"
}
]
}

Workflows #

• Creating a new Configuration and a new Action
• Cloning an Existing Action
• Creating a new Action from the Location Results page
• Editing a Configuration
• Editing an Action
• Viewing Information about an Action

Configuration for an AWS Action #

• Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.

• AWS Access Key ID. AWS Access Key ID for a single AWS account with read and write access.

• Access Key Secret AWS Access Key Secret for a single AWS account with read and write access.

• AWS Session Token. Optional field. AWS session token for this session.

Create or Edit an AWS S3 Action #

To create an action for AWS:

1. In the Create a New Action page, in the General step, enter:

   

   • Action Type. Select an action from the pulldown options.

   • Configuration Name. Select an action configuration from the pulldown options.

   • Action Name. Identifier for the action. This name will appear in the Lucidum Action Center.

   • Description. Description of the action.

2. Click the Next (>) icon.

3. In the Filters page, click Configure Filters.

   

4. The Build a Query page appears.

   

5. In the Build a Query page, you define the query for the assets or users that the action will act upon.

6. Click Next.

7. In the Build a Current Query page, enter the fields, operators, and values for the query. For existing actions, the query is already loaded in this page.

   
8. For details on creating and editing queries in Lucidum, see the section on Building Queries.

   NOTE: To optimize performance, the default time range is Current. If you need to access historical data, contact Lucidum Custom Success for help on using historical data without affecting performance.

9. Click the Apply (page and pencil) icon.

10. Click the Next (>) icon.

11. In the Schedule step, enter:

    

    • Schedule Type. Define the schedule for the action. Choices are:

      • Recurrence. Specify a frequency for the recurring schedule.

      • After Data Ingestion. The action is executed after data ingestion, which happens at least once every 24 hours and can also be triggered manually.

    • Do not trigger the action unless. Specify the number of results from Filters as a prerequisite for executing the action.

12. Click the Next (>) icon.

13. The Details step differs depending on the action you choose in the General page.

14. If you choose:

    • AWS EC2 Actions

    in the Action Type field in the General page, the following fields appear in the Details page:

    

    • Output Fields. For the records selected with the Filters field, specify the columns to display. When creating or editing the query, you can select these fields in the Query Results page > Edit Column button.

    • EC2 Actions. Specify the EC2 action to execute. Choices are:

      • Stop Instance. Stops all EC2 instances that match the query in the Filters page. For details on what happens when you stop an AWS instance, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#what-happens-stop/.

      • Start Instance. Starts all EC2 instances that match the query in the Filters page. For details on what happens when you start an AWS instance, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#what-happens-start/.

      • Tag Instance. Adds a tag (descriptive key: value pair) to all EC2 instances that match the query in the Filters page. For details on tagging, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html.

      • Untag Instance. Removes a tag (descriptive key: value pair) from all EC2 instances that match the query in the Filters page. For details on tagging, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html.

    • Tag Key. This field is enabled if you choose Tag Instance or Untag Instance. Specifies the key for the tag.

    • Tag Key. This field is enabled if you choose Tag Instance or Untag Instance. Specifies the value for the tag.

15. If you choose:

    • Send Data to AWS S3

    in the Action Type field in the General page, the following fields appear in the Details page:

    

    • Output Fields. For each record specified in the Filters field, the Output Fields specifies the columns to include in the data to send.

    • AWS S3 Bucket Name. Name of the AWS S3 Bucket where you want to send and store the Lucidum data.

    • AWS S3 File Path under the Bucket. File path where you want to send and store the Lucidum data. For example:

      • export/lucidum_assets.csv

• • AWS Region where the Bucket will be created. AWS region where the AWS S3 Bucket resides.

  • Dedupe Previous Jobs. In this field, you specify whether you want duplicates of asset IDs (if your query is for assets) or user IDs (if your query is for users). You can specify integers starting at 0 (zero).

    • If you specify “0” (zero), Lucidum includes all the records from the query in each delivery to AWS S3.

    • If you specify “1” (one), Lucidum examines the previous webhook payload and excludes records for asset IDs or user IDs that were sent in the delivery to AWS S3.

    • If you specify “2” (two), Lucidum examines the last two webhook payloads and excludes records for asset IDs or user IDs that were sent in the previous two deliveries to AWS S3.