AWS Observability Resources
The CloudFormation template (CFN) creates a number of resources at deployment, in AWS, and in Sumo Logic. You will use the template when setting up the solution. See Before You Deploy for prerequisites and instructions to configure.
- For more information on the solution and features, see About AWS Observability.
Resources created in AWS
Executing the Terraform script and the AWS CloudFormation template creates or modifies the following resources in the AWS account if you are not already collecting data from those AWS services. If you are, the AWS CloudFormation template will simply integrate with your existing collector sources.
In the table below, the "Applicable AWS Observability Dashboards" column lists the app dashboards that make use of the data source in the "AWS Data Source" column.
| AWS Data Source | AWS Resources Created | Applicable AWS Observability Dashboards |
| AWS CloudTrail Logs | S3 Bucket SNS Topic AWS Trail SNS Subscription AWS Lambda IAM Roles | AWS API Gateway AWS Lambda Amazon DynamoDB Amazon RDS Amazon ECS Amazon ElastiCache Amazon SNS AWS EC2 |
| Amazon CloudWatch Metrics Source | AWS Lambda IAM Roles | AWS API Gateway AWS Lambda Amazon DynamoDB AWS Application Load Balancer Amazon RDS Amazon ECS Amazon ElastiCache AWS Network Load Balancer Amazon SNS AWS EC2 |
| Amazon Kinesis Firehose Metric Source | Kinesis Firehose CloudWatch Metrics Stream | AWS API Gateway AWS Lambda Amazon DynamoDB AWS Application Load Balancer Amazon RDS Amazon ECS Amazon ElastiCache AWS Network Load Balancer Amazon SNS AWS EC2 |
| Amazon Application Load Balancer logs | S3 Bucket SNS Topic SNS Subscription AWS Lambda IAM Role | AWS Application Load Balancer |
| AWS Lambda CloudWatch logs (Lambda Log Forwarder) | AWS Lambda IAM Roles | AWS Lambda |
| AWS CloudWatch Logs (Kinesis Firehose Log source) | Kinesis Firehose S3 Bucket* | AWS Lambda |
| AWS Classic Load Balancer Logs | S3 Bucket SNS Topic SNS Subscription AWS Lambda IAM Role | AWS Classic Load Balancer |
- For failed logs only.
If you are using an existing bucket to collect AWS ELB logs, the Amazon S3 bucket policy for this bucket will be updated to include the policy below, if in case the policy does not already exist:
{
"Sid": "AwsAlbLogs",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam:::root"
},
"Action": [
"s3:PutObject"
],
"Resource": "arn:aws:s3:::{bucket_name}/*"
}
Resources created in Sumo Logic
Terraform
Terraform execution creates the following resources in Sumo Logic.
| Resource | Name |
| CloudTrail Logs Source | CloudTrail Logs <AWS Region> |
| Application Load Balancer - Access Logs Source | Elb Logs <AWS Region> |
| Metrics - AWS CloudWatch Metric Source | CloudWatch Metrics <AWS Region> <AWS Service name> |
| Metrics - Kinesis Firehose for Metrics Source | CloudWatch Metrics <AWS Region> |
| CloudWatch Logs - Lambda Log forwarder Source | CloudWatch Logs <AWS Region> |
| CloudWatch Logs - Kinesis Firehose for Logs Source | CloudWatch Logs <AWS Region> |
| Inventory Source | AWS Inventory <AWS Region> |
| Xray Source | AWS Xray <AWS Region> |
AWS CloudFormation
The AWS CloudFormation template execution creates the following resources in Sumo Logic.
| Resource | Name |
| App folder | AWS Observability-<Version> <Date of installation> |
| Alerts | AWS Observability <Version> <Date and Time of Installation> |
| Hosted Collector | aws-observability-<AccountAlias>-<AccountID> |
| Field Extraction Rule | AwsObservabilityAlbAccessLogsFER AwsObservabilityApiGatewayCloudTrailLogsFER AwsObservabilityDynamoDBCloudTrailLogsFER AwsObservabilityEC2CloudTrailLogsFER AwsObservabilityECSCloudTrailLogsFER AwsObservabilityElastiCacheCloudTrailLogsFER AwsObservabilityElbAccessLogsFER AwsObservabilityFieldExtractionRule AwsObservabilityGenericCloudWatchLogsFER AwsObservabilityLambdaCloudWatchLogsFER AwsObservabilityRdsCloudTrailLogsFER AwsObservabilitySNSCloudTrailLogsFER |
| Explorer View | AWS Observability |
| Metric Rules | AwsObservabilityRDSClusterMetricsEntityRule AwsObservabilityRDSInstanceMetricsEntityRule AwsObservabilityNLBMetricsEntityRule |
| CloudTrail source | cloudtrail-logs-<AWS::Region> |
| CloudWatch logs (HTTP) source | cloudwatch-logs-<AWS::Region> |
| Kinesis Firehose for Metrics | cloudwatch-metrics-<AWS::Region> |
| CloudWatch Metrics source | cloudwatch-metrics-<AWS::Region>-ApplicationELB cloudwatch-metrics-<AWS::Region>-ApiGateway cloudwatch-metrics-<AWS::Region>-DynamoDB cloudwatch-metrics-<AWS::Region>-Lambda cloudwatch-metrics-<AWS::Region>-EC2 cloudwatch-metrics-<AWS::Region>-ELB cloudwatch-metrics-<AWS::Region>-RDS cloudwatch-metrics-<AWS::Region>-ECS cloudwatch-metrics-<AWS::Region>-NetworkELB cloudwatch-metrics-<AWS::Region>-ElastiCache cloudwatch-metrics-<AWS::Region>-SQS cloudwatch-metrics-<AWS::Region>-SNS |
| Amazon S3 Alb log source | alb-logs-<AWS::Region> |
| Amazon S3 Classic Load Balancer log source | classic-lb-logs-<AWS::Region> |
| Kinesis Firehose for Logs | kinesis-firehose-cloudwatch-logs-<AWS::Region> |
| Inventory Source | inventory-<AWS::Region> |
| XRay Source | xray-<AWS::Region> |
| S3 Bucket Name | aws-observability-logs-<StackID> |
| Fields | account accountid apiname cacheclusterid clustername dbclusteridentifier dbidentifier dbinstanceidentifier functionname instanceid loadbalancer loadbalancername namespace networkloadbalancer region tablename topicname |
To improve the solution performance the configurations below are done by CloudFormation template.
- Sumo Logic hosted collector is created for each AWS Account.
