1. Help & Support
  2. Automation & Remediation

How do automations work

Setup

During deployment of Hyperglance's automation software, a number of cloud based resources are deployed, namely

  • S3 Bucket
  • Lambda Function
  • Role under which the automations run
  • Policies attached to the role and S3 bucket

which are configured with the principle of least privilege. The Lambda function is configured to use the S3 bucket as a trigger

Invocation

Within Hyperglance automation actions may be triggered in two ways:

1.Manually, on one or more resources. This is achieved from the Advanced Search page using the Run Action button:

 

run action

2. Configured to run as part of a Rule. When the rule runs Hyperglance will execute the automated action. This is done during creation or edit of a rule using the Add Automation button:

 

What happens in AWS once triggered....

Once triggered, Hyperglance will generate an event JSON file containing all the information required to run the automation. This is placed into the S3 bucket. S3 fires an event, due to the addition of a new file, which starts the Lambda function. The Lambda reads the JSON and performs the requested actions against the target resources. It connects into different AWS accounts (using AssumeRole) as necessary:

hyperglance flow

  1. Action is triggered from Hyperglance instance
  2. Configuration is placed in to the S3 bucket
  3. Lambda function is triggered
  4. Lambda function assumes the roles configured in the cross account setup to make changes to resources in other accounts, if configured (see below)

How does cross-account usage work

For resources outside of the account in which the lambda resides, a role must be configured which allows for the lambda function from the lambda account (only!) to assume access. The various actions are then able to operate as if the cross-account resources are local to the account under which the lambda runs.