AWS Endpoint
AWS endpoints connect Eve to Amazon Web Services for governed cloud-infrastructure operations across services such as EC2, RDS, S3, and Lambda.
Endpoint Kind
Use aws as the endpoint kind when creating this endpoint through the API or dashboard.
What Eve Uses This Endpoint For
- Allow approved users and agents to inspect AWS infrastructure.
- Centralize AWS credential handling and audit cloud operations.
- Build runbooks that combine AWS state with Datadog, GitHub, and database context.
- Support custom endpoints for local testing or compatible services.
Basic Endpoint Shape
json
{
"endpoint": "aws-prod",
"kind": "aws",
"config": {
"read_conn": {
"provider": "aws",
"region": "us-east-1",
"access_key_id": "AKIA...",
"secret_access_key": "secret"
}
}
}Create it with the endpoint API:
bash
curl -sS -X POST "$EDEN/endpoints" \
-H "$AUTH_HEADER" \
-H "Content-Type: application/json" \
-d '{
"endpoint": "aws-prod",
"kind": "aws",
"config": {
"read_conn": {
"provider": "aws",
"region": "us-east-1",
"access_key_id": "AKIA...",
"secret_access_key": "secret"
}
}
}'Configuration Fields
| Field | Purpose |
|---|---|
region | AWS region |
access_key_id | Access key ID |
secret_access_key | Secret access key |
session_token | Optional session token |
endpoint_url | Optional custom endpoint URL |
Operating Notes
- Prefer role-based or short-lived credentials when available.
- Separate read-only inspection endpoints from write-capable automation endpoints.
- Use AWS IAM policies as the first line of least privilege, then layer Eve RBAC on top.
Related
Last updated: October 20, 2018