AWS AppFabric FAQs

AppFabric integrates with SaaS applications including Asana, Atlassian Jira suite, Dropbox, Miro, Okta, ServiceNow, Slack, Smartsheet, Webex by Cisco, Zendesk, Zoom, Google Workspace, GitHub, and Microsoft 365 with more coming soon. AppFabric is also compatible with security tools including Logz.io, Netskope, Netwitness, Rapid7, and Splunk with more coming soon. Learn more on the AWS AppFabric Supported Applications page.

AppFabric is a pay-as-you go service with no minimums or monthly contracts. For the latest pricing information, see AWS AppFabric Pricing.

AppFabric productivity features are currently available in Preview. There is no charge for preview features until the generally available version is released.

As part of AWS Free Tier, AppFabric does not charge for the first two applications selected during the first 30 days of use. For the latest information on the Free Tier, see AWS AppFabric Pricing.

To get started with AppFabric security features, start by creating an AWS account. Then, navigate to the AWS Management Console and search for AWS AppFabric. Select AppFabric and follow the getting started guide in the console, or refer to the Getting Started Guide in  the AppFabric documentation for step-by-step instructions.

From the AWS Management Console, authorize AppFabric to securely interact with the SaaS applications of your choice by providing the necessary credentials and authorization tokens for each application. Follow the AppFabric application authorization documentation for application-specific guidance when providing credentials.

Admins can ingest aggregated security data into Amazon Simple Storage Service (Amazon S3) or through Amazon Kinesis Data Firehose to their security tool. From Kinesis Data Firehose, customers can also deliver this data to Amazon Security Lake. Customers can then  either consume the aggregated data directly or through a supported security tool like Splunk, Netwitness, or Rapid7. When using AppFabric to ingest normalized audit logs into Amazon S3 or Amazon Kinesis, customers are charged standard data storage and ingestion rates based on the volume of log data. For more information, see AWS AppFabric Pricing.

AppFabric can provide both normalized and unnormalized SaaS data. For normalized logs schema, AppFabric uses the Open Cybersecurity Schema Framework (OCSF). Data formats supported include JSON and Apache Parquet.

The OCSF is a collaborative open-source schema for security logs and events. It includes a vendor-agnostic data taxonomy that reduces the need to normalize security logs and event data across various products, services, and open-source tools. AppFabric worked with the OCSF community to introduce new SaaS-specific schema components, such as a new event category, event classes, and fields, so that the OCSF can be used to normalize SaaS application events. AppFabric uses the OCSF to create a new schema tailored specifically to address customers’ need for observability of their SaaS portfolio.

AppFabric aggregates, normalizes, and enriches audit log data from SaaS applications like Asana, Slack, and Zoom. Data is sent to either Amazon S3 or through Kinesis to a security tool like Splunk, Netwitness, or a proprietary security solution. Read more about the security tools supported by AppFabric in the AWS AppFabric User Guide.

AppFabric ingests and normalizes audit log data from authorized SaaS applications every two minutes. Customers cannot configure the ingestion frequency at this time.

No. While we have an SLA for the availability of the AppFabric service, we do not have any similar guarantees for the SaaS applications available on AppFabric. AppFabric uses the APIs provided by supported SaaS applications, and the AppFabric SLA and performance depend on their SLA and API characteristics, such as throttling and schema. Some operations, such as ingesting and enriching audit log files, require numerous APIs, so they might take longer to complete.

AppFabric shows if a user has an account for all SaaS applications authorized inside AppFabric. If a user is found to have an account inside an application, a “User is found” result is shown. If a user is not found in the AppFabric authorized application, a “User not found” result is shown. If there were any authorization issues with a specific application, an error message will be shown.

With the User Access feature, AppFabric shows if a user has an account in a SaaS application authorized inside AppFabric. Additionally, AppFabric shows any user status, such as Active and Suspended, that a user might have in the SaaS application. AppFabric does not modify this user status, and it is visible only if the SaaS application makes this information available.

With AppFabric, application data is always encrypted at rest and in transit. AppFabric uses AWS KMS [SMM1] for encryption of the data at rest and TLS1.2 for the data in transit. Customers can also choose to create or use an existing KMS key for encryption during AppFabric setup. 

AppFabric encrypts all customer data at rest and in transit. During AppFabric setup,  customers can choose an AWS Key Management Service (AWS KMS) key that they manage or use an AWS managed KMS key for encryption. AppFabric uses this encryption key to encrypt customer application authorization credentials and other customer data.

AppFabric aggregates, normalizes, and enriches audit log data from SaaS applications like Asana, Slack, and Zoom. Data is sent to either Amazon S3 or Amazon Kinesis. From these destinations, customers can ingest application data into a myriad of other AWS services like Amazon Security Lake, Amazon Athena, Amazon Redshift, and Amazon QuickSight. Data  from Amazon S3 and Kinesis Data Firehose can also be sent to a security tool like Splunk, Netwitness, or a proprietary security solution.

Athena is a serverless, interactive analytics service built on open-source frameworks, supporting open-table and file formats. Athena provides a simplified, flexible way to analyze petabytes of data where it lives. AppFabric users can analyze audit logs ingested into Amazon S3 from multiple SaaS applications and run advance queries against that data using Athena. To get started, launch Athena from the AWS Management Console, select the Amazon S3 bucket created as a destination for AppFabric audit logs, and create a table from that Amazon S3 bucket data. Once configured, customers can design their preferred table view and run the queries with Athena. Read more about using Amazon Athena and AppFabric in the Amazon S3 User Guide.

QuickSight is a business intelligence service that offers insights and data visualization features. Use QuickSight to create custom dashboards and monitor audit logs sourced from AppFabric. Create an Athena table that takes normalized audit logs from the Amazon S3 bucket that you created as a destination for AppFabric. Next, launch QuickSight from the AWS Management Console and add Athena as the data source. See the Amazon QuickSight User Guide for details.

You can use Security Lake to centralize control data across sources—including cloud to on-premises and custom sources, infrastructure, and SaaS applications—while choosing the threat detection solution that best meets your needs. Both AppFabric and Security Lake use the OCSF, so your audit logs are normalized into the same schema, across SaaS and non-SaaS data sources. This makes it easier to detect threats or identify anomalies and risks across your entire tech stack.

Amazon AppFlow is a managed integration service for exchanging data between external SaaS applications and AWS services. AppFabric removes the complexity of implementing and managing individual data flows between SaaS applications by providing preconfigured integrations with supported SaaS applications and security tools.

AppFabric productivity features integrate data from Asana, Atlassian Jira suite, Miro, Slack, Smartsheet, Microsoft 365, and Google Workspace. AppFabric productivity feature generate cross-app insights and actions using email, calendar, task, and message data from these applications. 

AppFabric productivity features are available to application developers interested in embedding generative AI-powered APIs into their application. To get started, use the AWS Software Development Kit (SDK) by following our AppFabric getting started guide for application developers. 

As an end user, find AppFabric productivity features enabled in an AppFabric supported application like Asana. When logged in to a supported application, end users should then follow the application’s prompts to enable the embedded generative AI capabilities. To learn more about AppFabric productivity features for end users, follow our guided documentation.

Amazon Bedrock provides the fully managed infrastructure and access to industry leading large language models used to power AppFabric for productivity. Application developers embed AppFabric for productivity directly into their applications to generative insights and actions from across a user’s applications.

Once an end user authorizes applications, their data is ingested and indexed by AppFabric for productivity every hour to generate insights and recommend actions most relevant to their day. Users only see insights and data based on context from applications they have permission to access. AppFabric for productivity API endpoints accept TLS 1.2 encrypted communication to encrypt data in-transit, and supports Amazon S3 server-side  encryption and AWS Key Management Service for data stored at rest in Amazon S3.  AppFabric for productivity automatically deletes data older than 30 days. Read more about how AppFabric for productivity collects and protects customer data in our documentation.

Data is used to generate insights and actions only. No customer data is used for large language model (LLM) model training or retraining.