Fed Ramp Cloud Authorizations, AWS Ingestion Scenarios & Connector Architecture
Clouds and FEDRAMP
Before we dive into how to ingest data from AWS into Microsoft Sentinel, we need to understand what levels each cloud is FedRamp authorized to operate. This is not a deep discussion on compliance, just a quick overview of what levels each cloud is authorized to operate at. For specific compliance or operating level guidance you are encouraged to talk to your agencies authorized approver.
Microsoft, Amazon, and Google provide multiple cloud services designed specifically to support US government consumers and the commercial businesses that support these agencies. These services are broken down across Azure, Office 365, AWS, and the GCP Clouds.
Please note, this information is current as of April 2024. For the most up-to-date status, refer to the links below.
Microsoft Clouds
Amazon Web Services Clouds
Google Cloud
Here is a list of direct links for the FedRamp authorizations from the FedRAMP Marketplace -
To understand the Microsoft Sentinel architecture options, we need to first understand the relationship between the Azure Commercial and Government clouds. This will help determine where Sentinel and the underlying Log Analytics Workspace will reside, and which version of Sentinel will be used to ingest both Microsoft and non-Microsoft security data. For example,
Log storage locations for Microsoft Clouds
Amazon Web Services (AWS) data ingestion into Sentinel scenarios
Microsoft understands that many customers may have multiple AWS accounts in both commercial and government clouds. Here are the scenarios for getting data from AWS versions into Sentinel -
Architecture for the AWS connector
AWS Connector Architecture
In this architecture,
SQS Queues for AWS services
Summary
We reviewed the relationship between commercial and government cloud solutions as well as the compliance and architecture aspects of ingesting security data from non-Microsoft clouds into Sentinel. This solution allows customers to bring both Microsoft and non-Microsoft cloud security data into a single modern SOC environment while remaining compliant with government requirements and regulations. We did a high-level architectural review of the AWS Connector. In the next blog in this series, we will walk through the process of connecting AWS and AWS GovCloud to Microsoft Sentinel in Azure Government.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.