View a markdown version of this page

Terminology and concepts in AppFabric - AWS AppFabric

Terminology and concepts in AppFabric

This topic describes the key terminology and concepts in AWS AppFabric to help you get started.

App bundle

An AppFabric app bundle stores all of your AppFabric app authorizations and ingestions (see the following definition of ingestions). You can create one app bundle per AWS account per AWS Region.

AppClient (also app client and application client)

An OAuth AppClient for the data recipient app. Each data recipient app needs to register an AppClient to access AppFabric data. A developer user needs an AWS account to register AppClient. Each AWS account can only register one AppClient. AppFabric will vend access tokens based on AppClient. AppClient will contain information around the data recipient app that will be accessing AppFabric data through this AppClient.

App authorization

An app authorization grants AppFabric permission to connect and interact with your applications. It allows ingestion of audit logs from your applications, with OAuth (Open Authorization - an open standard for access delegation to grant applications access) or personal access token (PAT) credentials. You can set up multiple app authorizations (up to 50) per app bundle. This allows AppFabric to ingest audit logs from multiple tenants of applications, by repeating the app authorization creation step as needed for each tenant of the application. The credentials that are shared are encrypted with an AWS owned key or a customer managed key from the AWS Key Management Service (AWS KMS), and are stored in AppFabric.

Ingestion

An AppFabric ingestion uses an app authorization to pull audit logs from an application through the application’s public APIs. It then delivers the audit logs to one or more (up to five) destinations.

Client ID

When you create an app authorization to connect with an application that uses the OAuth flow, AppFabric might ask you for the client ID and client secret. The client ID and client secret can be found in your application’s authentication app. For instructions on where to find the client ID in a given authentication app, see Supported applications. The client ID and client secret that are shared are encrypted with an AWS owned key or a customer managed key AWS KMS key and stored in AppFabric.

Client secret

When you create an app authorization to connect with an application that uses the OAuth flow, AppFabric might ask you for the client ID and client secret. The client ID and client secret can be found in your application’s authentication app. For instructions on where to find the client secret in a given authentication app, see Supported applications. The client ID and client secret that are shared are encrypted with an AWS owned key or a customer managed key AWS KMS key and stored in AppFabric.

Ingestion destination

An ingestion destination defines where the audit logs pulled from an ingestion should be stored. Each ingestion can deliver audit logs to one or more destinations (up to five), which are an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose in your AWS account. For each destination, you can define whether you would like the logs to be in raw form or normalized into an Open Cybersecurity Schema Framework (OCSF) schema. When you select the OCSF schema, you can define the format of the logs (JSON or Apache Parquet). The Apache Parquet format can be used only if Amazon S3 is selected as the destination.

Data recipient apps

Apps that will call AppFabric to get generated insights from AppFabric.

OAuth

OAuth is an open protocol to allow secure authorization in a simple and standard method from web, mobile, and desktop applications. AppFabric uses OAuth to create some app authorizations.

Open Cybersecurity Schema Framework (OCSF)

The Open Cybersecurity Schema Framework (OCSF) is an open-source project delivering an extensible framework for developing schemas, along with a vendor-agnostic core security schema. Vendors and other data producers can adopt and extend the schema for their specific domains. The goal is to provide an open standard, adopted in any environment, application, or solution, while complementing existing security standards and processes. AppFabric has extended this schema to create a software as a service (SaaS)-centric event structure that all SaaS app audit logs supported by AppFabric will be normalized to. For more information, see Open Cybersecurity Schema Framework for AWS AppFabric.

Personal access token (PAT)

A personal access token (PAT) is a string of characters that can be used to access a computer system instead of the usual password. When you create an app authorization to connect with an application that uses the PAT flow, AppFabric might ask you for a PAT. The PAT can be found in your application’s authentication app. For instructions on where to find the PAT in a specific authentication app, see Supported applications. The service account tokens that are shared are encrypted with an AWS owned key or a customer managed key AWS KMS key and stored in AppFabric.

Service account token

When you create an AppFabric app authorization to connect with an application, some applications will require a service account to be created for application authentication. AppFabric might ask for the service account token as part of the app authorization process. For instructions on where to find the service account token in a given authentication app, see Supported applications. The service account tokens that are shared are encrypted with an AWS owned key or a customer managed key AWS KMS key and stored in AppFabric.

Tenant ID

When you create an app authorization, AppFabric might ask you for the tenant ID and tenant name of your app. The tenant ID is a unique identifier for your application tenant. Each application might have different terms for a tenant such as Workspace ID for Slack or Domain ID for Asana. For instructions on where to find the tenant ID in a specific application, see Supported applications.

Tenant name

When you create an app authorization, AppFabric might ask you for the tenant ID and tenant name of your app. The tenant name is a unique name that you give to the tenant ID, to be used within an app bundle. This value is used to label the app authorization and any related ingestion.