Using AWS Serverless Architecture to Collect JumpCloud Directory Insights Data

Written by Kyle Moorehead on August 17, 2020

Share This Article

With the release of Directory Insights™, JumpCloud® provided administrators with visibility into the everyday happenings of their cloud-based directory. Directory Insights is a premium JumpCloud feature that returns event logs and authentications across JumpCloud endpoints.

Now, we’ve released the JumpCloud Directory Insights Serverless application to further empower JumpCloud administrators to expand the use and duration of their Directory Insights data. Using the power of Amazon Web Services’ Serverless architecture, we’ve provided a quick and easy way for JumpCloud admins to deploy the infrastructure required to automatically collect and store their Directory Insights data within their own AWS account.

What Does the Serverless App Do?

Once you provide the application with your JumpCloud API key, how often you’d like your data to be collected (and an Organization ID for our MSP clients out there who use the Multi-Tenant Portal), you’ll be able to hit the “Deploy” button. After the application has been deployed, you can sit back and relax with the knowledge that AWS will put in all the heavy lifting by provisioning the required resources. At the end of the deployment process, you will have:

  • A new S3 bucket to store all of your Directory Insights data
  • A new secret in AWS Secrets Manager to ensure your JumpCloud API key stays secure
  • A new lambda function, which runs exactly as often as you tell it, to gather your data
  • A new role with just enough permission to tie everything together

The application will then run at your specified cadence, gather all of your Directory Insights data since the last time it ran (or since you hit “Deploy” if it is the first time), and package it up nice and neat before sending it to an S3 bucket for safe, long-term storage or for use by other products, such as a log management tool or SIEM. Below, we’ll talk a little bit more about a couple potential use cases for this serverless application.

Directory Insights Serverless Application Use Cases

1. Compliance & Auditing

A common requisite for many industry standards and procedures is access to logs for a time period greater than the 90 days that an admin is able to access their Directory Insights data in the JumpCloud Admin Portal. Once you’ve deployed this app in AWS, though, you no longer need to worry about regularly backing up your JumpCloud Directory Insights Data — it will all be waiting for you in an S3 bucket whenever you need it.

It wouldn’t be a very good “set-it-and-forget-it” solution if you had to check on it regularly to make sure it was doing its job. That’s why all of the runs of this application are logged in CloudWatch, so you can configure whatever sort of reporting you need and receive alerts whenever there’s an issue. We’ve also configured a custom CloudWatch metric to log every time the lambda function triggers and there are no events to collect.

2. SIEMs

Another potential use case for the JumpCloud Directory Insights Serverless application would be to facilitate getting that data into a SIEM. Whether you simply want to aggregate all of your logs in one place or you want to configure reporting on the goings-on in your JumpCloud directory, this solution is a great option. The files stored in your S3 bucket are compressed into a JSON file containing all the data for the time period specified. Most SIEM suites should be able to ingest and interact with this sort of file, but each SIEM might handle it a little differently so be sure to check out their documentation first. If your SIEM doesn’t accept this file type, don’t hesitate to let us know via a Feature Request through the JumpCloud Admin Portal, and we’ll consider adding other file types.

Maybe this tool doesn’t fulfill your exact needs, but you’re not quite sure where to start. In addition to providing this tool in AWS’ Serverless Application repository, we have also provided the full, open-source code and instructions for how to deploy your own Serverless application on our GitHub repository. If you do use this as a jumping off point and make something incredible, we’d love to hear about it!

Learn More

If you don’t yet have Directory Insights enabled for your organization, you can contact your Customer Success representative or get in touch. Click here to learn more about getting a 360° view of employee activity across every endpoint.

Kyle Moorehead

Kyle is both a Solutions Architect and a JumpCloud evangelist. He spends his free time finding ways to automate most of his hobbies so he has more time for yet more hobbies.

Continue Learning with our Newsletter