Set up an AWS API inventory integration

The AWS API Inventory integration enables FireTail to automatically scan and discover your API resources in AWS. The integration improves visibility and helps manage API security risks by regularly scanning for new or updated APIs. Using AWS IAM roles and CloudFormation templates, FireTail gains the necessary permissions to retrieve the API metadata and updates the selected FireTail application with the discovered resources. You can configure scan regions, set update frequency, and filter by tags to focus on specific environments. To set up the integration:

1. Navigate to Integrations in the FireTail platform.

2. Click AWS API Inventory Scanning.

3. In the Name of Integration field, enter a name for the integration. The integration is Enabled by default. Toggle off to make inactive.

4. Choose your deployment method. You can either:

• Use a Launch CloudFormation template - this is a template that adds a role to the account.
• ‍Manually deploy. To do this, click Manual setup of IAM Role and follow the on-screen instructions.

5. When using the template, select the Launch IAM role CloudFormation template heading.

6. Log in to AWS and return to the FireTail platform.

7. Click Launch Cloudformation to launch the template. This opens in a new window.

8. Select the checkbox; I acknowledge that AWS CloudFormation might create IAM resources. Click Create stack.

9. When the CloudFormation Stack has a status of CREATE_COMPLETE, copy the FiretailRoleARN from the Outputs tab.

10. Return to the FireTail platform. Paste the copied value in the AWS Role ARN field.

11. Select an application from the dropdown, or click Create to create a new application. Discovered APIs will be grouped under this application. Learn more about applications here.

12. Select the AWS Regions you want to scan.

14. Enter a Scan Frequency. This is how often the scan is done in seconds. The minimum is 900 seconds (15 minutes).

15. Filter on AWS resource (optional). Click Add key - Tags enable you to filter on the environment. Adding tags enables you to limit the scanning of AWS resources with the defined tags. For example, filter by env:prod to limit the scanning of AWS resources to your production environment.

16. Click Submit to complete the setup.

The discovered APIs can be viewed by navigating to the APIs or Application tab in the FireTail platform.

When the APIs have been populated on the platform you can then set up API logging using the FireTail API Gateway logging integration.