Manage your Amazon Fraud Detector resources in an automated and secure manner using AWS CloudFormation

Amazon Fraud Detector is a fully managed service that makes it easy to identify potentially fraudulent online activities, such as the creation of fake accounts or online payment fraud. Unlike general-purpose machine learning (ML) packages, Amazon Fraud Detector is designed specifically to detect fraud. Amazon Fraud Detector combines your data, the latest in ML science, and more than 20 years of fraud detection experience from Amazon.com and AWS to build ML models tailor-made to detect fraud in your business.

Amazon Fraud Detector enables you to create detectors that identify potentially fraudulent events. A detector contains all your fraud detection logic and is a collection of several resources such as rules, variables, and outcomes. Successful fraud teams may update detector logic regularly as part of periodic reviews or as needed to respond to emerging fraud trends. This can result in hundreds of fraud detection resource updates per week, and those updates are replicated across several Regions and accounts. Managing all of those changes through individual resource-specific APIs is time-consuming and makes it easy to make small mistakes that could negatively impact your business. The last thing you want is to allow more fraud or turn away legitimate customers because of a technical error.

This is where AWS CloudFormation can help. With AWS CloudFormation, you can make changes to any number of Amazon Fraud Detector resources at once and easily repeat those changes across Regions and accounts with minimal additional effort. AWS CloudFormation also reduces the potential for errors because it automatically manages rollbacks, status, and dependencies. Moreover, it allows you to stack your Amazon Fraud Detector resources with other AWS service resources that work with Amazon Fraud Detector, such as AWS Lambda functions that request event fraud predictions.

This post walks you through how to use AWS CloudFormation to create a stack of sample Amazon Fraud Detector resources and update that stack.

AWS CloudFormation concepts

Before we get started, let’s review some core AWS CloudFormation concepts. Templates are text files that describe your Amazon Fraud Detector resources and their properties. With a template you can create a stack, or a single unit of related resources. Before making a change, you can generate a change set, which helps you understand how your changes will affect running resources before you implement them.

Solution overview

We walk through the following high-level steps to create and update an Amazon Fraud Detector stack in AWS CloudFormation:

  1. Download a sample Amazon Fraud Detector template.
  2. Review the Amazon Fraud Detector template parameters.
  3. Create an Amazon Fraud Detector stack.
  4. Verify that the Amazon Fraud Detector resources were created.
  5. Initiate a stack update and view the change set.
  6. Update your sample Amazon Fraud Detector stack.

Download a sample Amazon Fraud Detector template

First, download the sample template. Then complete the following steps:

  1. Navigate to the AWS CloudFormation console in the same Region where you want to create your Amazon Fraud Detector resources.
  2. On the Create stack menu, choose With new resources.

You can import resources that you have already created into a new stack by choosing With existing resources.

  1. For Prepare template, select Template is ready.
  2. For Template source, select Upload a template file
  3. Choose Choose file to upload the template you downloaded.

  1. Choose View in Designer to view the resources and template before you create the stack.

Alternatively, you can choose Next to continue with stack creation without reviewing the template.

Review Amazon Fraud Detector template parameters

In the designer, you can view the template in the bottom section. You can also visualize the resources and their dependencies in the visualizer in the top section.

This template creates a simplified stack of Amazon Fraud Detector resources—a detector that sends transactions over a certain threshold for investigation while approving any transactions below the threshold. The detector also sends any event with a specific email address for investigation, and automatically allows any event with a specific IP address. This example is simply meant to illustrate how Amazon Fraud Detector resources are defined within a CloudFormation template. A real production stack may contain many more rules.

 This template includes six resource types: Detector, EventType, Outcome, Variable, Label, and EntityType. You can either define Amazon Fraud Detector resources as resources within the stack (inline) or referenced from outside the stack (not inline). For example, a Detector could reference an EventType that already exists and isn’t included within the same stack, or it could define a new EventType that is automatically created when the stack is built.

Although we don’t cover it in this post, you can also attach a previously deployed model version to a detector using a CloudFormation template. You can attach model versions that have been created through Amazon Fraud Detector or imported through Amazon SageMaker.

When you’re ready to proceed, choose the cloud icon in the top left to continue creating the stack.

Create an Amazon Fraud Detector stack

After you choose the cloud icon in the top left of the designer, AWS CloudFormation automatically uploads the content in your template to Amazon Simple Storage Service (Amazon S3). The Create stack page is now automatically filled with your template source in Amazon S3. Alternatively, you can upload a template file directly or to Amazon S3.

  1. Choose Next to continue creating the stack.

  1. For Stack name, enter a name for your stack.
  2. Choose Next.

On the next page, you can configure several optional settings, such as tags and permissions.

  1. Choose Next.

  1. Review your stack details and choose Create stack.

You don’t incur any charges by creating the stack in this post because we’re not deploying a model or generating any fraud predictions. Moreover, managing AWS resources in AWS CloudFormation is always free. For more information, see Amazon Fraud Detector pricing.

Verify that the Amazon Fraud Detector resources were created

After you create the stack, you’re redirected to the AWS CloudFormation console, where you can now see your Amazon Fraud Detector stack. On the Resources tab, you can view each of your resources specified in the template and their current status.

After all the resources have a status of CREATE_COMPLETE, navigate to the Amazon Fraud Detector console. Choose Detectors in the navigation pane and confirm that your detector has been created. You can click through the remaining pages to confirm that all other resources in your stack have also been created.

Initiate a stack update and view the change set

Now, let’s familiarize ourselves with the update process by making a simple change to the stack we just created. We also try making changes directly within the template file, which is an effective way to quickly update your stack.

  1. First, download the updated template file.
  2. On the AWS CloudFormation console, select the newly created stack, and choose Update.

On this page, you have the option to use the current template, replace the current template, or edit the current template.

  1. To edit the current template in the designer, select Edit template in designer, and choose View in Designer.

  1. In the text editor at the bottom of the page, enter the contents of the file you downloaded.

This update introduces a new variable and a new rule. The update also adds descriptions to the defined outcomes.

The new variable is called phone_number.

To use the new variable in the detector, it needs to be added it to the event type. The following screenshot shows that the event type has been updated accordingly.

We also created a new rule in the detector to use the new variable.

Finally, we exported the new variable’s ARN as an output, just in case other resources need to reference the variable.

  1. After you review these changes and are ready to proceed, choose the cloud icon in the top left to update the stack.

Once again, AWS CloudFormation automatically uploads the content in your template to Amazon S3, and the Update stack page is automatically filled with your template source in Amazon S3. Just like when you created a stack, you can update the stack by uploading a template file directly or to Amazon S3.

  1. Choose Next three times to progress through the CloudFormation stack update wizard.

AWS CloudFormation should have prepared a change set for these changes. The change set might take a moment to display while it’s pending.

After the change set is no longer pending and is ready to be run, a summary of the changes is displayed.

  1. Choose View change set to view a summary of your changes.

Update your Amazon Fraud Detector stack

After you review the changes, choose Execute.

You’re redirected to the CloudFormation stack summary, where you can see that the status of your stack is now UPDATE_IN_PROGRESS. When the status has changed to UPDATE_COMPLETE, you can navigate back to the Amazon Fraud Detector console and verify that the new rule and variable have been created.

Conclusion

Congratulations! You have created and updated an example Amazon Fraud Detector stack and are ready to begin managing your own resources in AWS CloudFormation. This solution helps you easily replicate your Amazon Fraud Detector resources across Regions and accounts. You can also make changes with confidence knowing that AWS CloudFormation manages rollbacks and warns you of any issues.

For more information about Amazon Fraud Detector, including links to additional blog posts, sample notebooks, user guide, and API documentation, see Manage Amazon Fraud Detector resources using AWS CloudFormation.

We hope that this solution helps you spend less time managing your Amazon Fraud Detector resources and more time analyzing fraud. Good luck!


About the Author

Bilal Ali is a Sr. Product Manager working on Amazon Fraud Detector. He listens to customers’ problems and finds ways to help them better fight fraud and abuse. He spends his free time watching old Jeopardy episodes and searching for the best tacos in Austin, TX.

Leave a Reply

Your email address will not be published. Required fields are marked *

Shared by: AWS Machine Learning

Tags: