Integration with AWS SQS -- pushes raw events from CrowdStrike event stream to AWS SQS. Deduplication of the events is done on SQS side.
config/config.ini configures Falcon Integration Gateway. Below is a minimal configuration example for AWS SQS backend:
[main]
# Cloud backends that are enabled. The gateway will push events to the cloud providers specified below
backends=AWS_SQS
[aws_sqs]
# AWS section is applicable only when AWS backend is enabled in the [main] section.
# Uncomment to provide aws region. Alternatively, use AWS_REGION env variable
#region=eu-west-1
# Uncomment to provide name of AWS SQS. Alternatively, use AWS_SQS env variable
#sqs_queue_name = my-sqs-queue-for-falcon
- Build the image
docker build . -t falcon-integration-gateway - Run the application
docker run -it --rm \ -e FALCON_CLIENT_ID="$FALCON_CLIENT_ID" \ -e FALCON_CLIENT_SECRET="$FALCON_CLIENT_SECRET" \ -e FALCON_CLOUD_REGION="us-1" \ -e AWS_SQS=my-queue \ -e AWS_REGION=mars-west-2 \ -v ~/.aws:/fig/.aws \ falcon-integration-gateway:latest