Skip to main content
This guide explains how to send ngrok events, including network traffic logs, to AWS Firehose. You may want to keep an audit log of configuration changes in your ngrok account, record all traffic to your endpoints for active monitoring and troubleshooting, or use AWS Firehose as a SIEM for security inspections. By integrating ngrok with AWS Firehose, you can:
  • Quickly identify application issues in real time using ngrok request events and Firehose data processing.
  • Historically audit changes occurring in an account.
  • Profile usage of your service using Firehose queries and real-time data analytics.
  • Identify security issues using ngrok events.

1. Obtain Firehose delivery stream ARN

For ngrok to send events to AWS Firehose, a delivery stream ARN is required. To create the stream, see the AWS Firehose documentation for creating a delivery stream. ngrok is a Direct PUT source type, and you can choose any Firehose destination you want. For testing, creating an S3 bucket as the destination may be easiest. After you create your AWS Firehose delivery stream, keep the Delivery Stream ARN for Step 3.

2. Create a log export

  • In a browser, go to the ngrok dashboard and under Traffic Observability navigate to Events Stream in the left navigation.
  • Select Create Subscription.
  • In the Log Exporting configuration, provide a description for the export.
  • In the Sources tab, select Add Source to choose which events to send to Firehose. For information about events, see the ngrok event documentation.
  • Select Add Event Sources to confirm your selections.

3. Create event destination

To send events to Firehose, assign an Event Destination to the Log Export.
  • In the Log Exporting configuration Destination tab, select Add Destination.
  • Choose AWS Firehose as the target and fill in the required information:
    • Delivery Stream ARN
    • Description (optional)
  • Create IAM Role: An IAM role is required so ngrok can stream logs to Firehose. Using the information from your preferred method (API or CLI Script), create the IAM role and provide the role ARN. For the fastest integration or proof of concept, use the CLI Script.
Security best practice: If configuring your IAM role manually, ensure that you configure the Trust Policy with a condition that includes the ExternalId. This ensures that the only data AWS can ingest is from your ngrok account. If you configure the IAM role with the CLI script, this is done automatically.
  • When all required inputs have values, select Send Test Event.
  • You should see a Success message.
  • Select Done to complete the Firehose Event Destination setup.