AWS AppFabric FAQs

Q: What is AWS AppFabric?

AppFabric quickly connects software-as-a-service (SaaS) applications across your organization. IT and security teams can then easily manage and secure applications using a  standard schema, and employees can complete everyday tasks faster using generative artificial intelligence (AI).

Q: What value does AppFabric security features provide?

AWS AppFabric security features help IT administrators and security analysts enhance their security observability across the SaaS applications their organization uses. Customers do not need to build point-to-point integrations or maintain code with supported SaaS applications, and IT and security teams automatically receive normalized audit logs.

Q: What value does AppFabric productivity features provide?

AWS AppFabric productivity features help reimagine end-user productivity in SaaS applications by generating insights and actions with context from multiple applications. These features are available in the end user’s preferred SaaS application user interface (UI), enhancing new or existing generative AI assistants in SaaS apps. Application developers can learn more about how to embed AppFabric for productivity into their application’s UI by visiting the AppFabric productivity feature page.

 Q: In which AWS Regions is AppFabric available?

AppFabric security features are available in US East (N. Virginia), Asia Pacific (Tokyo), and Europe (Ireland). AWS AppFabric productivity features are available in preview in US East (N. Virginia). For a list of the supported AWS AppFabric Regions, see Regions details in our documentation.

Q: Which SaaS applications integrate with AppFabric?

AppFabric integrates with SaaS applications including Asana, Atlassian Jira suite, Dropbox, Miro, Okta, ServiceNow, Slack, Smartsheet, Webex by Cisco, Zendesk, Zoom, Google Workspace, GitHub, and Microsoft 365 with more coming soon. AppFabric is also compatible with security tools including Logz.io, Netskope, Netwitness, Rapid7, and Splunk with more coming soon. Learn more on the AWS AppFabric Supported Applications page.

 

Q: How much does AppFabric for security cost?

AppFabric is a pay-as-you go service with no minimums or monthly contracts. For the latest pricing information, see AWS AppFabric Pricing.

Q: How much does AppFabric productivity features cost?

AppFabric productivity features are currently available in Preview. There is no charge for preview features until the generally available version is released.

Q: What is included with the AppFabric Free Tier?

As part of AWS Free Tier, AppFabric does not charge for the first two applications selected during the first 30 days of use. For the latest information on the Free Tier, see AWS AppFabric Pricing.

Getting started

Q: How do I get started with AppFabric security features?

To get started with AppFabric security features, start by creating an AWS account. Then, navigate to the AWS Management Console and search for AWS AppFabric. Select AppFabric and follow the getting started guide in the console, or refer to the Getting Started Guide in  the AppFabric documentation for step-by-step instructions.

Q: How do I connect my SaaS applications to AppFabric?

From the AWS Management Console, authorize AppFabric to securely interact with the SaaS applications of your choice by providing the necessary credentials and authorization tokens for each application. Follow the AppFabric application authorization documentation for application-specific guidance when providing credentials.

Audit events

Q: Where is audit log data stored?

Admins can ingest aggregated security data into Amazon Simple Storage Service (Amazon S3) or through Amazon Kinesis Data Firehose to their security tool. From Kinesis Data Firehose, customers can also deliver this data to Amazon Security Lake. Customers can then  either consume the aggregated data directly or through a supported security tool like Splunk, Netwitness, or Rapid7. When using AppFabric to ingest normalized audit logs into Amazon S3 or Amazon Kinesis, customers are charged standard data storage and ingestion rates based on the volume of log data. For more information, see AWS AppFabric Pricing.

Q: Which types of schema and formats are supported for audit logs?

AppFabric can provide both normalized and unnormalized SaaS data. For normalized logs schema, AppFabric uses the Open Cybersecurity Schema Framework (OCSF). Data formats supported include JSON and Apache Parquet.

Q: How does AppFabric use the Open Cybersecurity Schema Framework (OCSF)?

The OCSF is a collaborative open-source schema for security logs and events. It includes a vendor-agnostic data taxonomy that reduces the need to normalize security logs and event data across various products, services, and open-source tools. AppFabric worked with the OCSF community to introduce new SaaS-specific schema components, such as a new event category, event classes, and fields, so that the OCSF can be used to normalize SaaS application events. AppFabric uses the OCSF to create a new schema tailored specifically to address customers’ need for observability of their SaaS portfolio.

Q: How do I send normalized data from AppFabric to supported security tools?

AppFabric aggregates, normalizes, and enriches audit log data from SaaS applications like Asana, Slack, and Zoom. Data is sent to either Amazon S3 or through Kinesis to a security tool like Splunk, Netwitness, or a proprietary security solution. Read more about the security tools supported by AppFabric in the AWS AppFabric User Guide.

Q: How often are normalized audit logs ingested?

AppFabric ingests and normalizes audit log data from authorized SaaS applications every two minutes. Customers cannot configure the ingestion frequency at this time.

Q: Does AppFabric have a service level agreement (SLA) that guarantees performance for supported SaaS applications?

No. While we have an SLA for the availability of the AppFabric service, we do not have any similar guarantees for the SaaS applications available on AppFabric. AppFabric uses the APIs provided by supported SaaS applications, and the AppFabric SLA and performance depend on their SLA and API characteristics, such as throttling and schema. Some operations, such as ingesting and enriching audit log files, require numerous APIs, so they might take longer to complete.

User access

Q: For which applications does AppFabric show user access results?

AppFabric shows if a user has an account for all SaaS applications authorized inside AppFabric. If a user is found to have an account inside an application, a “User is found” result is shown. If a user is not found in the AppFabric authorized application, a “User not found” result is shown. If there were any authorization issues with a specific application, an error message will be shown.

Q: What other user information does AppFabric show?

With the User Access feature, AppFabric shows if a user has an account in a SaaS application authorized inside AppFabric. Additionally, AppFabric shows any user status, such as Active and Suspended, that a user might have in the SaaS application. AppFabric does not modify this user status, and it is visible only if the SaaS application makes this information available.

Privacy and security

Q: How do I set up encryption keys?

With AppFabric, application data is always encrypted at rest and in transit. AppFabric uses AWS KMS [SMM1] for encryption of the data at rest and TLS1.2 for the data in transit. Customers can also choose to create or use an existing KMS key for encryption during AppFabric setup. 

Q: How does AppFabric protect customer data?

AppFabric encrypts all customer data at rest and in transit. During AppFabric setup,  customers can choose an AWS Key Management Service (AWS KMS) key that they manage or use an AWS managed KMS key for encryption. AppFabric uses this encryption key to encrypt customer application authorization credentials and other customer data.

Working with other AWS services

Q: How does AppFabric work with other AWS services?.

AppFabric aggregates, normalizes, and enriches audit log data from SaaS applications like Asana, Slack, and Zoom. Data is sent to either Amazon S3 or Amazon Kinesis. From these destinations, customers can ingest application data into a myriad of other AWS services like Amazon Security Lake, Amazon Athena, Amazon Redshift, and Amazon QuickSight. Data  from Amazon S3 and Kinesis Data Firehose can also be sent to a security tool like Splunk, Netwitness, or a proprietary security solution.

Q: How does AppFabric work with Amazon Athena?

Athena is a serverless, interactive analytics service built on open-source frameworks, supporting open-table and file formats. Athena provides a simplified, flexible way to analyze petabytes of data where it lives. AppFabric users can analyze audit logs ingested into Amazon S3 from multiple SaaS applications and run advance queries against that data using Athena. To get started, launch Athena from the AWS Management Console, select the Amazon S3 bucket created as a destination for AppFabric audit logs, and create a table from that Amazon S3 bucket data. Once configured, customers can design their preferred table view and run the queries with Athena. Read more about using Amazon Athena and AppFabric in the Amazon S3 User Guide.

Q: How does AppFabric work with Amazon QuickSight?

QuickSight is a business intelligence service that offers insights and data visualization features. Use QuickSight to create custom dashboards and monitor audit logs sourced from AppFabric. Create an Athena table that takes normalized audit logs from the Amazon S3 bucket that you created as a destination for AppFabric. Next, launch QuickSight from the AWS Management Console and add Athena as the data source. See the Amazon QuickSight User Guide for details.

 Q: How can I use AppFabric with Security Lake to improve my security posture?

You can use Security Lake to centralize control data across sources—including cloud to on-premises and custom sources, infrastructure, and SaaS applications—while choosing the threat detection solution that best meets your needs. Both AppFabric and Security Lake use the OCSF, so your audit logs are normalized into the same schema, across SaaS and non-SaaS data sources. This makes it easier to detect threats or identify anomalies and risks across your entire tech stack.

Q: When should I use AppFabric instead of Amazon AppFlow?

Amazon AppFlow is a managed integration service for exchanging data between external SaaS applications and AWS services. AppFabric removes the complexity of implementing and managing individual data flows between SaaS applications by providing preconfigured integrations with supported SaaS applications and security tools.

Getting started

Q: What SaaS applications does AppFabric productivity features support to generate cross-app insights?

AppFabric productivity features integrate data from Asana, Atlassian Jira suite, Miro, Slack, Smartsheet, Microsoft 365, and Google Workspace. AppFabric productivity feature generate cross-app insights and actions using email, calendar, task, and message data from these applications. 

Q: How do I get started with AWS AppFabric productivity features?

AppFabric productivity features are available to application developers interested in embedding generative AI-powered APIs into their application. To get started, use the AWS Software Development Kit (SDK) by following our AppFabric getting started guide for application developers. 

 Q: If I’m an end user, how do I access AppFabric productivity features?

As an end user, find AppFabric productivity features enabled in an AppFabric supported application like Asana. When logged in to a supported application, end users should then follow the application’s prompts to enable the embedded generative AI capabilities. To learn more about AppFabric productivity features for end users, follow our guided documentation.

Working with other AWS services

Q: How does AppFabric for productivity work with Amazon Bedrock?

Amazon Bedrock provides the fully managed infrastructure and access to industry leading large language models used to power AppFabric for productivity. Application developers embed AppFabric for productivity directly into their applications to generative insights and actions from across a user’s applications.

Privacy and Security

Q: How does AppFabric for productivity collect and protect customer data?

Once an end user authorizes applications, their data is ingested and indexed by AppFabric for productivity every hour to generate insights and recommend actions most relevant to their day. Users only see insights and data based on context from applications they have permission to access. AppFabric for productivity API endpoints accept TLS 1.2 encrypted communication to encrypt data in-transit, and supports Amazon S3 server-side  encryption and AWS Key Management Service for data stored at rest in Amazon S3.  AppFabric for productivity automatically deletes data older than 30 days. Read more about how AppFabric for productivity collects and protects customer data in our documentation.

Q: Is user data used to retrain underlying large language models (LLM)?

Data is used to generate insights and actions only. No customer data is used for large language model (LLM) model training or retraining.