Skip to main content

AWS Observability Resources

The CloudFormation template (CFN) creates a number of resources at deployment, in AWS, and in Sumo Logic. You will use the template when setting up the solution. See Before You Deploy for prerequisites and instructions to configure.

Resources created in AWS

Executing the Terraform script and the AWS CloudFormation template creates or modifies the following resources in the AWS account if you are not already collecting data from those AWS services. If you are, the AWS CloudFormation template will simply integrate with your existing collector sources.

In the table below, the "Applicable AWS Observability Dashboards" column lists the app dashboards that make use of the data source in the "AWS Data Source" column.

AWS Data Source AWS Resources Created Applicable AWS Observability Dashboards
AWS CloudTrail Logs S3 Bucket
SNS Topic
AWS Trail
SNS Subscription
AWS Lambda
IAM Roles
AWS API Gateway
AWS Lambda
Amazon DynamoDB
Amazon RDS
Amazon ECS
Amazon ElastiCache
Amazon SNS
Amazon SQS
AWS EC2
Amazon CloudWatch Metrics Source
IAM Roles AWS API Gateway
Amazon DynamoDB
AWS Application Load Balancer
Amazon RDS
Amazon ECS
Amazon ElastiCache
AWS Network Load Balancer
Amazon SNS
Amazon SQS
Amazon EC2
Amazon Kinesis Firehose Metric SourceKinesis Firehose
CloudWatch Metrics Stream
AWS API Gateway
AWS Lambda
Amazon DynamoDB
AWS Application Load Balancer
Amazon RDS
Amazon ECS
Amazon ElastiCache
AWS Network Load Balancer
Amazon SNS
Amazon SQS
AWS EC2
Amazon Application Load Balancer logs S3 Bucket
SNS Topic
SNS Subscription
AWS Lambda
IAM Role
AWS Application Load Balancer
Lambda Log Forwarder (AWS CloudWatch logs) AWS Lambda
IAM Roles
AWS Lambda
Kinesis Firehose Log source (AWS CloudWatch logs) Kinesis Firehose
S3 Bucket*
AWS Lambda
AWS Classic Load Balancer LogsS3 Bucket
SNS Topic
SNS Subscription
AWS Lambda
IAM Role
AWS Classic Load Balancer
  • For failed logs only.

If you are using an existing bucket to collect AWS ELB logs, the Amazon S3 bucket policy for this bucket will be updated to include the policy below, if in case the policy does not already exist:

{
"Sid": "AwsAlbLogs",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam:::root"
},
"Action": [
"s3:PutObject"
],
"Resource": "arn:aws:s3:::{bucket_name}/*"
}

Resources created in Sumo Logic

Metadata Tags

The metadata tags are applied to Sumo Logic Sources.

Source Metadata tags applied Common fields created via FERs
CloudWatch Metrics Account Not Applicable
Host Metrics Account, Namespace Not Applicable
CloudTrail Logs Account Account ID, Region, Namespace
CloudWatch Logs Account, Account ID, Region Namespace
Load Balancer Access Logs Account, Account ID, Region Namespace

Resources

The AWS CloudFormation and Terraform template execution creates the following resources in Sumo Logic.

Resource CF Name TF Name
App folder AWS Observability-<Version> <Date of installation> AWS Observability Apps
Alerts AWS Observability <Version> <Date and Time of Installation> AWS Observability Monitors
Hosted Collector aws-observability-<AccountAlias>-<AccountID> AWS Observability <AccountAlias> <AccountID>
Field Extraction Rule AwsObservabilityAlbAccessLogsFER
AwsObservabilityApiGatewayAccessLogsFER
AwsObservabilityApiGatewayCloudTrailLogsFER
AwsObservabilityDynamoDBCloudTrailLogsFER
AwsObservabilityEC2CloudTrailLogsFER
AwsObservabilityECSCloudTrailLogsFER
AwsObservabilityElastiCacheCloudTrailLogsFER
AwsObservabilityElbAccessLogsFER
AwsObservabilityFieldExtractionRule
AwsObservabilityGenericCloudWatchLogsFER
AwsObservabilityLambdaCloudWatchLogsFER
AwsObservabilityRdsCloudTrailLogsFER
AwsObservabilitySNSCloudTrailLogsFER
AwsObservabilitySQSCloudTrailLogsFER
AwsObservabilityAlbAccessLogsFER
AwsObservabilityApiGatewayAccessLogsFER
AwsObservabilityApiGatewayCloudTrailLogsFER
AwsObservabilityDynamoDBCloudTrailLogsFER
AwsObservabilityEC2CloudTrailLogsFER
AwsObservabilityECSCloudTrailLogsFER
AwsObservabilityElastiCacheCloudTrailLogsFER
AwsObservabilityElbAccessLogsFER
AwsObservabilityFieldExtractionRule
AwsObservabilityGenericCloudWatchLogsFER
AwsObservabilityLambdaCloudWatchLogsFER
AwsObservabilityRdsCloudTrailLogsFER
AwsObservabilitySNSCloudTrailLogsFER
AwsObservabilitySQSCloudTrailLogsFER
Explorer View AWS Observability AWS Observability
Metric Rules AwsObservabilityApiGatewayApiNameMetricsEntityRule
AwsObservabilityRDSClusterMetricsEntityRule
AwsObservabilityRDSInstanceMetricsEntityRule
AwsObservabilityNLBMetricsEntityRule
AwsObservabilityApiGatewayApiNameMetricsEntityRule
AwsObservabilityRDSClusterMetricsEntityRule
AwsObservabilityRDSInstanceMetricsEntityRule
AwsObservabilityNLBMetricsEntityRule
CloudTrail source cloudtrail-logs-<AWS::Region> CloudTrail Logs <AWS::Region>
CloudWatch logs (HTTP) source cloudwatch-logs-<AWS::Region> CloudWatch Logs <AWS::Region>
Kinesis Firehose for Metrics cloudwatch-metrics-<AWS::Region> CloudWatch Metrics <AWS::Region>
CloudWatch Metrics source cloudwatch-metrics-<AWS::Region>-ApplicationELB
cloudwatch-metrics-<AWS::Region>-ApiGateway
cloudwatch-metrics-<AWS::Region>-DynamoDB
cloudwatch-metrics-<AWS::Region>-Lambda
cloudwatch-metrics-<AWS::Region>-EC2
cloudwatch-metrics-<AWS::Region>-ELB
cloudwatch-metrics-<AWS::Region>-RDS
cloudwatch-metrics-<AWS::Region>-ECS
cloudwatch-metrics-<AWS::Region>-NetworkELB
cloudwatch-metrics-<AWS::Region>-ElastiCache
cloudwatch-metrics-<AWS::Region>-SQS
cloudwatch-metrics-<AWS::Region>-SNS
CloudWatch Metrics <AWS::Region> <AWS Service name>
Amazon S3 Alb log sourcealb-logs-<AWS::Region> Elb Logs <AWS::Region>
Amazon S3 Classic Load Balancer log source classic-lb-logs-<AWS::Region> Classic lb Logs <AWS::Region>
Kinesis Firehose for Logs kinesis-firehose-cloudwatch-logs-<AWS::Region> CloudWatch Logs <AWS::Region>
Inventory Source inventory-<AWS::Region> AWS Inventory <AWS::Region>
XRay Source xray-<AWS::Region> AWS Xray <AWS::Region>
S3 Bucket Name aws-observability-logs-<UniqueKey> aws-observability-logs-<UniqueKey>
Fields account
accountid
apiid
apiname
cacheclusterid
clustername
dbclusteridentifier
dbidentifier
dbinstanceidentifier
functionname
instanceid
loadbalancer
loadbalancername
namespace
networkloadbalancer
region
tablename
topicname
queuename
account
accountid
apiid
apiname
cacheclusterid
clustername
dbclusteridentifier
dbidentifier
dbinstanceidentifier
functionname
instanceid
loadbalancer
loadbalancername
namespace
networkloadbalancer
region
tablename
topicname
queuename

To improve the solution performance the configurations below are done by CloudFormation template.

  • Sumo Logic hosted collector is created for each AWS Account.
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.