Skip to main content

AWS Firehose Event Destination

TL;DR

To send ngrok events to Firehose:

  1. Obtain Firehose Delivery Stream ARN
  2. Create Event Subscription
  3. Create Event Destination

This guide covers how to send ngrok events including network traffic logs into AWS Firehose. You may want to keep an audit log of configuration changes within your ngrok account, record all traffic to your endpoints for active monitoring/troubleshooting, or you may use AWS Firehose as a SIEM and want to use it for security inspections.

By integrating ngrok with AWS Firehose, you can:

  • Quickly identify application issues in real-time using ngrok request events using Firehose data processing.
  • Historically audit changes occurring within an account. Be able to historically audit changes within an account.
  • Profile usage of your service by using Firehose queries and real-time data analytics.
  • Identify security issues by using ngrok events.

Step 1: Obtain Firehose Delivery Stream ARN

For ngrok to successfully send events into AWS Firehose we'll require a delivery stream ARN. To create the ARN, you can follow this AWS guide.

ngrok is a Direct PUT Source type, and you can choose any Firehose destination you wish. For testing, it may be easiest to create a S3 bucket as the destination.

Once you've created your AWS Firehose, keep the Delivery Stream ARN handy for Step 3.

Step 2: Create an Event Subscription

  1. Using a browser, go to the ngrok dashboard and under Observability navigate to Events on the left hand navigation and select Create Subscription.

    ngrok event subscription

  2. Within the Event Subscription configuration, provide a description for the event and within the sources tab select Add Source to pick and choose which events you would like to send to Firehose.

For information about the events, see the ngrok event documentation.

Once complete, select Add Event Sources to confirm your selections.

ngrok event sources

Step 3: Create Event Destination

To send the events to Firehose we'll need to assign an Event Destination to the Event Subscription.

  1. Within the Event Subscription configuration Destination Tab, select Add Destination.

  2. Choose AWS Firehose Logs as the target and fill in the correct information.

    • Delivery Stream ARN
    • Description - Optional

  3. Create IAM Role - An IAM role is required to allow ngrok to stream logs into Firehose. Using the information provided by your preferred method of creation, either API or CLI Script, create the IAM role and provide the role ARN. For the fastest integration or proof of concept, we recommend using the CLI Script.

SECURITY BEST PRACTICE

If configuring your IAM role manually, ensure that you configure the Trust Policy with a condition that includes the ExternalId. This will ensure that the only data allowed to ingested by AWS will be from your ngrok account. If you configure the IAM role with the CLI script, this will be done automatically.

ngrok event destination

  1. Once all required inputs have values, select Send Test Event and you should be presented with a Success message. Select Done and the Firehose Event Destination setup is complete.

ngrok event destination success