IBM Multicloud is now available as an event source in AWS CloudTrail Lake

Compliance and security are core principles of IBM Multicloud (formerly Nordcloud Klarity) and recent collaboration with AWS CloudTrail further improves capabilities in this area.

This integration enables customers to receive, track and analyse user activity events performed in the IBM Multicloud tenant across various cloud environments. With this new superpower IBM Multicloud makes it easy to ensure compliance and risk auditing without the need to maintain any additional log aggregation tools.

Compliance & Risk Management

Every company, especially enterprise organisations, are exposed to internal or external threats. This is where compliance and risk management come in. Proper auditing methods protect your company from penalties, prove regulatory compliance and improve security by recording all user activities. 

This is important for internal components – like cloud environments – as well as all third-party applications. AWS CloudTrail Lake helps you streamline auditing, security investigation, and operational troubleshooting.

AWS CloudTrail Lake

AWS CloudTrail is an AWS managed service that monitors and records account activity across your AWS infrastructure, giving you control over storage, analysis and remediation action. Your company may be using CloudTrail already, but if not, we strongly recommend enabling it for security and compliance reasons.

Today CloudTrail releases the next step in functionality, enabling you to use it to log and store activity events received from any source in your hybrid environments, such as SaaS applications, hosted on-premise or in-the-cloud virtual machines or containers. You can store, access, analyse, troubleshoot and take action on this data without needing to maintain additional log aggregations and reporting tools. 

Logs are ingested and added to your data store in AWS CloudTrail Lake using defined channels working as a connection between your data store and trusted source of activity events. Channels can be created manually or selected from the list of external event sources built in collaboration with AWS Partners.

For more detail please check the AWS CloudTrail Lake documentation.

IBM Multicloud activity events

For the past couple of months the IBM Multicloud team has been working closely with the AWS CloudTrail team, helping to deliver solutions that would be beneficial for our customers. This resulted in IBM Multicloud becoming a validated integration in AWS CloudTrail Lake for external activity events. 

It makes IBM Multicloud a trusted source of activity events that can be published directly from our software to customer AWS environments. This data is stored in the AWS CloudTrail data store, together with all other CloudTrail logs allowing you to utilise the same processes and mechanisms to analyse and troubleshoot both IBM Multicloud and AWS data.

There are many use cases for using AWS CloudTrail integration with IBM Multicloud, such as:

  • Monitor your users’ activity.
  • Store and analyse tenant configuration changes.
  • Monitor API calls executed by our services to all your cloud environments
  • Ensure company compliance by having direct access to logs produced by third party applications.

IBM Multicloud is a multi-cloud solution, so you will be notified about all changes performed across all your cloud environments, not only AWS. This enables enhanced visibility across your entire organisation.

In the activity event received from IBM Multicloud you will find all the information you need to identify the identity, time and applied change. All logs are sanitised first for security reasons. You do not need to worry about confidential information like cloud credentials being logged. Security is one of our core principles – so you can leave it to us.

Enabling Integration

Because IBM Multicloud is an AWS Partner, enabling the AWS CloudTrail Lake integration is extremely simple. This can be achieved directly from the AWS Console or CLI. You need to navigate to the CloudTrail console where you have your event data store created. You will be guided on how to enable integration with IBM Multicloud by selecting Nordcloud from the list of supported partners.

On the next page you will have to select what kind of events you want to collect (you can select by event source name and type) and provide the external ID received from the IBM Multicloud team. AWS will automatically generate a resource based policy allowing IBM Multicloud to ingest events to your data store so you do not need to grant additional permissions. 

That’s it! Your CloudTrail Lake is ready to receive activity events from IBM Multicloud. The last thing you need to do is to contact the IBM Multicloud team and deliver details regarding your integration so we can configure it on our side.

For more details please check our detailed integration documentation that you can find in our Github repository, together with all kinds of events produced by IBM Multicloud.

Query, Process and analyse data

Once you have received activity events from IBM Multicloud you can use CloudTrail Lake’s engine to query and process it. This can be done using standard SQL notation, which enables you to integrate CloudTrail Lake with your existing SQL-based processing pipelines.

Example: you have discovered misconfiguration in resource cost allocation and you suspect someone has modified cost mapping rules. With the help of AWS CloudTrail you can get all information needed to investigate this issue by filtering IBM Multicloud events by the appropriate event type and application name. 

You will find out who applied changes to your company tenant and when. With additional event details you will be able to see the history of changes and rollback to the specified moment in the past.

Next steps

In the near future we will be working together with our customers on handling more and more activity events in all services belonging to the IBM Multicloud platform. Our mission is to make sure every activity that happens in our application is properly logged and can be utilised by our customers. This includes both user activities performed in IBM Multicloud tenant and all other actions executed by related services in your cloud environment.

For most companies, auditing and compliance is crucial. To learn more about how IBM Multicloud can help you, check our activity events documentation or contact us directly.

Author
Kamil PiotrowskiSoftware Architect
Categories
AWSTech Community

Get in Touch.

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.

Ilja Summala
Ilja Summala LinkedIn
CTO
Ilja’s passion and tech knowledge help customers transform how they manage infrastructure and develop apps in cloud.