Generic HTTPS configuration

With event streaming, you can configure Strivacity to send audit logs and account events to any HTTPS endpoint. This gives you the flexibility to forward events to your own infrastructure, including services that don't accept direct internet traffic. A common use case is pushing Strivacity logs to AWS, where they can be stored in S3 and consumed by multiple downstream systems.

Configuring generic HTTPS event streaming

When creating a generic HTTPS configuration, you will be asked for the following information:

Field	Description
Name	A name for your generic HTTPS configuration.
Description	A brief description.
URL	The endpoint URL where Strivacity will send events.
Header name	The HTTP header used for authentication.
API key	The value of the authentication key.

Data streaming options

Enable audit log streaming: Sends the entire audit log to the configured HTTPS endpoint. Certain policy changes (for example, Branding policy, Notification policy, and Lifecycle event hooks) may appear with empty request and response fields.
Enable account event streaming: Sends customer-centric account events (for example, login attempts, password changes).
- Limited to the basic information available in the header of an account event. This means that only high-level details are forwarded, such as the customer’s identity, the timestamp of the action, and labels indicating success or failure. The detailed steps (for example, identification started, MFA selection started) are not included by default.
- If additional account information is required, you can enable native claims. These native claims are selected via a UI field that lists all native claims available in your instance and included in the event payload when enabled.
Enable event hook streaming: Sends logs generated by Lifecycle event hooks as part of account events. This option provides visibility into hook execution without accessing hook code directly.

AWS S3 setup example

A common use case for the Generic HTTPS vendor is streaming events into AWS S3. This allows you to persist raw data for analytics, compliance, or downstream processing. To achieve this, Strivacity sends events to an API Gateway endpoint. From there, Lambda, Kinesis, and Firehose deliver the events into S3.

The typical flow is:
Strivacity → API Gateway → Lambda → Kinesis Data Stream → Kinesis Firehose → S3 Bucket.

Prerequisites

Access to the AWS Management Console.
IAM permissions to create and configure S3, Kinesis, Lambda, and API Gateway resources.

Detailed steps

Create an S3 bucket to store your Strivacity events.
1. In the AWS Management Console, open S3.
2. Select Create bucket.
  1. Bucket name: choose a unique name, for example, strivacity-events-bucket.
  2. Keep default settings for Block Public Access (recommended to keep it enabled).
Set up a Kinesis Data Stream: This stream will be the central hub for your incoming data.
1. In the console, open Kinesis.
2. Select Create data stream.
  1. Data stream name: for example, strivacity-events-data-stream.
  2. Capacity mode: choose On-demand (auto-scaling).
3. Wait until the stream status becomes Active.
Create a Firehose Delivery Stream:Firehose will consume data from your Kinesis Data Stream, transform and deliver it to your raw data S3 bucket.
1. In Kinesis Firehose, create a new delivery stream:
  1. Name: for example, strivacity-events-firehose.
  2. Source: Amazon Kinesis Data Streams.
    1. Kinesis stream: select strivacity-events-data-stream.
  3. Destination: Amazon S3.
    1. S3 bucket: choose strivacity-events-bucket.
  4. IAM role:
    1. AWS will automatically create a role (read from Kinesis, write to CloudWatch Logs).
    2. Add permission to write AWS S3 bucket.
Configure API Gateway: API Gateway will receive incoming HTTP requests and push them to your Kinesis Data Stream.
1. In API Gateway, create a new REST API.
2. Create a resource, for example, /logs.
3. Add a POST method.
  1. Integration action: PutRecord (to your Kinesis stream).
4. Deploy the resource to a stage (for example, dev).
5. Secure the endpoint with an API key:
  1. API Gateway > API keys > Create API key.
  2. Create a Usage plan > link it to your API stage > attach the API key.
  3. Mark POST /logs method: Method Request > API Key Required = true.
6. Re-deploy the API.

Deploy a Lambda function: This Lambda function will process records from the Kinesis Data Stream.

In Lambda, create a function:
1. Function name: for example, process-http-data.
2. Runtime: Choose Python (or Node.js, or Java).
Attach an inline IAM policy with kinesis:PutRecord.

Example code:

import json
import boto3

kinesis_client = boto3.client('kinesis')
STREAM_NAME = 'strivacity-events-data-stream'

def lambda_handler(event, context):
    print("Received event:", json.dumps(event))

    try:
        if 'body' in event:
            payload = json.loads(event['body'])
        else:
            payload = event

        data_str = json.dumps(payload)

        response = kinesis_client.put_record(
            StreamName=STREAM_NAME,
            Data=data_str,
            PartitionKey='partitionKey'
        )

        print("Successfully put to Kinesis:", response)

        return {
            'statusCode': 200,
            'body': json.dumps({
                'message': 'Record sent',
                'sequenceNumber': response['SequenceNumber']
            })
        }

    except Exception as e:
        print("Error putting record to Kinesis:", str(e))
        return {
            'statusCode': 500,
            'body': json.dumps({
                'message': 'Error putting record to Kinesis',
                'error': str(e)
            })
        }

Test the setup
Use curl to verify that your setup works:

curl -X POST \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_API_KEY" \
  -d '{"log":"My test log"}' \
  https://YOUR-API-ID.execute-api.YOUR-REGION.amazonaws.com/dev/logs

Expected result:

A 200 OK response.
The record stored in your S3 bucket (strivacity-events-bucket).