Skip to content

Configuration Manual for Collector "AWS-VPC-Endpoint"

Before reading this article, please first read:

Before using this collector, you must install the 'Core Integration Package' and its associated third-party dependency packages

1. Configuration Structure

The configuration structure of this collector is as follows:

Field Type Required Description
regions list Required List of regions to collect data from
regions[#] str Required Region ID. Example: 'cn-north-1'
See appendix for full list

2. Configuration Example

Collect instance data from Beijing region

Python
1
2
3
collector_configs = {
    'regions': ['cn-north-1' ]
}

Configuration Filters (Optional)

This collector script supports user-defined filters, allowing users to filter target resources based on object attributes. The filter function returns True or False.

  • True: The target resource needs to be collected.
  • False: The target resource does not need to be collected.

Supported object attributes for filtering:

Attribute Description
VpcId VPC ID
VpcEndpointId Endpoint ID
State Endpoint status
VpcEndpointType Endpoint ID
ServiceName Name of the service associated with the endpoint
PrivateDnsEnabled Indicates whether the VPC is associated with a private hosted zone
RequesterManaged Indicates whether the endpoint is managed by its service
OwnerId ID of the AmazonWeb service account owning the endpoint
Python
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
# Example: Enable filter, filter by VpcEndpointId and State properties of the object, configuration format as follows:
def filter_instance(instance):
    '''
    return True|False
    '''
    instance_id = instance['VpcEndpointId']
    state = instance['State']
    if instance_id in ['xxx'] and state in ['xxx']:
        return True
    return False

###### Do not modify the following contents #####
from guance_integration__runner import Runner
import guance_aws_vpc_endpoint__main as main


@DFF.API('AWS-VPC Endpoint Collection', timeout=3600, fixed_crontab='* * * * *')
def run():
    collectors = [
        main.DataCollector(account, collector_configs, filters=[filter_instance]),
    ]
    Runner(collectors).run()

3. Data Reporting Format

After data synchronization is successful, the data can be viewed in the 'Infrastructure - Resource Catalog' section of {{( brand_name )}}.

Example of reported data:

JSON
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{
  "measurement": "aws_vpc_endpoint",
  "tags": {
    "OwnerId"          : "xxxx",
    "PrivateDnsEnabled": "False",
    "RegionId"         : "cn-north-1",
    "RequesterManaged" : "False",
    "ServiceName"      : "com.amazonaws.cn-north-1.s3",
    "State"            : "available",
    "VpcEndpointId"    : "vpce-xxx",
    "VpcEndpointType"  : "Gateway",
    "VpcId"            : "vpc-xxx",
    "name"             : "vpce-xxx"
  },
  "fields": {
    "CreationTimestamp"  : "2023-11-22T06:19:15Z",
    "DnsEntries"         : "[(Interface endpoint) DNS entries for the endpoint]",
    "Groups"             : "[(Interface endpoint) Information about security groups associated with the network interface]",
    "NetworkInterfaceIds": "[(Interface endpoint) Network interfaces for the endpoint]",
    "PolicyDocument"     : "{Policy document associated with the endpoint (if applicable)}",
    "RouteTableIds"      : "[(Gateway endpoint) IDs of route tables associated with the endpoint]",
    "SubnetIds"          : "[(Interface endpoint) Subnets for the endpoint]",
    "Tags"               : "[Tags assigned to the endpoint]",
    "message"            : "{Instance JSON data}"
  }
}

Fields in tags and fields may change with subsequent updates

4. IAM Policy Permissions

If the user uses an IAM role to collect resources, certain operation permissions need to be enabled

This collector requires the following permissions:

ec2:DescribeVpcEndpoints

X. Appendix

Please refer to the official AWS documentation: