Part of the AWS Mirror Toolkit, AutoMirror is a project that automatically creates AWS traffic mirror sessions. It allows configuration via AWS Tags and helps you manage big deployments of traffic mirror sessions.
3CS AWS AutoMirror is an AWS Lambda function that will monitor the state of your EC2 instances. When instances are created (or rebooted) this information will be passed over to AutoMirror, which will check if the particular instance holds a specific tag (Mirror=True). If it does, and if the instance is of the supported type, AutoMirror will create a mirror session.
As of 1.0.0, 3CS AutoMirror is officially available in the AWS Serverless Application Repository 🎉
In the region where you'd like to deploy AutoMirror, visit the Serverless Application Repository (in AWS Console, just search for it in the Services section) and head over to Available Applications.
Search for AutoMirror (make sure to enable "show apps that create custom IAM roles or resources policies") and click on deploy.
After deployment of the app is complete, just tag any instance with Mirror=True to trigger AutoMirror in creating the mirror sessions.
Warning: Traffic Mirror Sessions are only available in Nitro-based instances, so AutoMirror will only create mirror sessions for supported EC2 instance types. Check this article for a list of Nitro-based instances.
If a Mirror Filter does not exist, AutoMirror will create a filter that mirrors all of the traffic. If a Mirror Filter exists, AutoMirror will use the existing filter.
You can also tag which filter you'd like to use. Read the Controlling AutoMirror section for more information.
We assume the user already created at least 1 Mirror Target, as AutoMirror will not do that for you.
In environments with more than 1 Mirror Target, AutoMirror will create sessions evenly amongst the existing targets, giving users a load-balancing feature.
You can also tag which target you'd like to use. Read the Controlling AutoMirror section for more information.
If you want to have more control over how AutoMirror creates its sections, we make two options available via tags.
- Mirror-Target
- Mirror-Filter
Example tags on EC2 creation:
- Mirror-Target=tmt-0cf51cb49550a6000
- Mirror-Filter=tmf-037045da20bff1511
Check this image for an example of the tags in use.
AutoMirror is open-source and its code is available here. You can verify for yourself what the application will do.
Regarding the deployment of the application in your account, all components and steps are defined in the AWS SAM template. As you can verify for yourself, the development of the template is a lot more complex than it could be.
We purposely developed the template so anything related to AutoMirror is clearly identified and labeled in your account. There are no random strings in the resources that are deployed.
Found this interesting? Have a question/comment/request? Let us know!
Feel free to open an issue or ping us on Twitter.
Head over to AWS CloudFormation and select AutoMirror. Click on Delete. All resources deployed for AutoMirror will be deleted from your account. This will not remove the mirror sessions.
Check the issues to know what we're working on.