System info on Amplify

[nan008]

Is there a way to switch off the harvesting of System/Server info by Amplify Agent? We would like to monitor only Nginx on Amplify.

[dedm]

Hi @nan008 !

Current architecture is based on the system object as the root one. We can't currently separate NGINX objects from system.

Are there any particular concerns about collecting system metrics? What data is most sensitive so that we can see what we could do to avoid collecting it?

[nan008]

You are taking all the AWS info about the server, and storing it remotely in your DB outside of our control. This is highly sensitive on its own. Why you need to know the internal IP address or the key pair name?

As I said before and also included it in my email with the survey I received - we want to check and monitor Nginx only - the check the conf file is very useful. But because you are harvesting AWs info, the decision was made to pull out our machines from Amplify, we will not be using it in the future.

Also on the side note : adding people to my account is not working - I tried multiple times to add my coworker and it never send the email.

[ghost]

Hey,

Appreciate your input! We can definitely introduce additional measures to filter sensitive data. We really don't need the IP addresses per se, other than presenting them to you in the Inventory. Would you be so kind to provide a list of all the sensitive things from the OS and/or nginx, that you don't want to see stored in Amplify? That would be really very much appreciated.

Re inviting people - can you reach out through Intercom, and provide the details on the above? E.g. your coworker email, and other details? This feature works, so it's not like totally broken :) We'd be grateful if you provide more input so that we can investigate it further.

Many thanks in advance!

[nan008]

As I said, it would be great if you will be able to switch off monitoring the server/system feature completely as we have monitoring tool in place, that is providing the necessary metrics for us. Those below are considered sensitive for us as this will allow you to identify the machine:

General uname uptime

Hardware

CPU type Cores per socket Frequency Cache Architecture Hyperviso Memory Swap

Network

eth0 inet addr and Mask inet6 addr lo inet addr inet6 addr

Filesystems

Mounted drives local-ipv4 reservation-id local-hostname public-hostname hostname ami-id public-keys public-ipv4 instance-id

Regarding the email, we will not use Amplify for now, so I do not know if it is worth it to look into the problem of inviting users for us.

[ghost]

Ouch, ok :) This basically means - yeah, removing the system object altogether. Like Mike has mentioned, the system object is the root one - the whole object hierarchy is built on it. Anyways, thanks much for a detailed complaint, we'll definitely give it plenty of thought.. Apologies.

[nan008]

This is not a complaint ;) , well maybe a tiny one, more like New Feature Idea - companies that have security audits, get ask those questions, so if there would be an option to monitor only Nginx, we would be gladly using it.

Anyway we will monitor the situation with Amplify

[ghost]

Alrighty! We'll do some internal exercise to see what data we could safely anonymize without breaking much of the architecture. Thanks, again!