AWS Observability Resources
The CloudFormation template (CFN) creates a number of resources at deployment, in AWS, and in Sumo Logic. You will use the template when setting up the solution. See Before You Deploy for prerequisites and instructions to configure.
- For more information on the solution and features, see About AWS Observability.
Resources created in AWS
Executing the Terraform script and the AWS CloudFormation template creates or modifies the following resources in the AWS account if you are not already collecting data from those AWS services. If you are, the AWS CloudFormation template will simply integrate with your existing collector sources.
In the table below, the "Applicable AWS Observability Dashboards" column lists the app dashboards that make use of the data source in the "AWS Data Source" column.
AWS Data Source | AWS Resources Created | Applicable AWS Observability Dashboards |
AWS CloudTrail Logs | S3 Bucket SNS Topic AWS Trail SNS Subscription AWS Lambda IAM Roles | AWS API Gateway AWS Lambda Amazon DynamoDB Amazon RDS Amazon ECS Amazon ElastiCache Amazon SNS Amazon SQS AWS EC2 |
Amazon CloudWatch Metrics Source | IAM Roles | AWS API Gateway Amazon DynamoDB AWS Application Load Balancer Amazon RDS Amazon ECS Amazon ElastiCache AWS Network Load Balancer Amazon SNS Amazon SQS Amazon EC2 |
Amazon Kinesis Firehose Metric Source | Kinesis Firehose CloudWatch Metrics Stream | AWS API Gateway AWS Lambda Amazon DynamoDB AWS Application Load Balancer Amazon RDS Amazon ECS Amazon ElastiCache AWS Network Load Balancer Amazon SNS Amazon SQS AWS EC2 |
Amazon Application Load Balancer logs | S3 Bucket SNS Topic SNS Subscription AWS Lambda IAM Role | AWS Application Load Balancer |
Lambda Log Forwarder (AWS CloudWatch logs) | AWS Lambda IAM Roles | AWS Lambda |
Kinesis Firehose Log source (AWS CloudWatch logs) | Kinesis Firehose S3 Bucket* | AWS Lambda |
AWS Classic Load Balancer Logs | S3 Bucket SNS Topic SNS Subscription AWS Lambda IAM Role | AWS Classic Load Balancer |
- For failed logs only.
If you are using an existing bucket to collect AWS ELB logs, the Amazon S3 bucket policy for this bucket will be updated to include the policy below, if in case the policy does not already exist:
{
"Sid": "AwsAlbLogs",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam:::root"
},
"Action": [
"s3:PutObject"
],
"Resource": "arn:aws:s3:::{bucket_name}/*"
}
Resources created in Sumo Logic
Metadata Tags
The metadata tags are applied to Sumo Logic Sources.
Source | Metadata tags applied | Common fields created via FERs |
CloudWatch Metrics | Account | Not Applicable |
Host Metrics | Account, Namespace | Not Applicable |
CloudTrail Logs | Account | Account ID, Region, Namespace |
CloudWatch Logs | Account, Account ID, Region | Namespace |
Load Balancer Access Logs | Account, Account ID, Region | Namespace |
Resources
The AWS CloudFormation and Terraform template execution creates the following resources in Sumo Logic.
Resource | CF Name | TF Name |
App folder | AWS Observability-<Version> <Date of installation> | AWS Observability Apps |
Alerts | AWS Observability <Version> <Date and Time of Installation> | AWS Observability Monitors |
Hosted Collector | aws-observability-<AccountAlias>-<AccountID> | AWS Observability <AccountAlias> <AccountID> |
Field Extraction Rule | AwsObservabilityAlbAccessLogsFER AwsObservabilityApiGatewayAccessLogsFER AwsObservabilityApiGatewayCloudTrailLogsFER AwsObservabilityDynamoDBCloudTrailLogsFER AwsObservabilityEC2CloudTrailLogsFER AwsObservabilityECSCloudTrailLogsFER AwsObservabilityElastiCacheCloudTrailLogsFER AwsObservabilityElbAccessLogsFER AwsObservabilityFieldExtractionRule AwsObservabilityGenericCloudWatchLogsFER AwsObservabilityLambdaCloudWatchLogsFER AwsObservabilityRdsCloudTrailLogsFER AwsObservabilitySNSCloudTrailLogsFER AwsObservabilitySQSCloudTrailLogsFER | AwsObservabilityAlbAccessLogsFER AwsObservabilityApiGatewayAccessLogsFER AwsObservabilityApiGatewayCloudTrailLogsFER AwsObservabilityDynamoDBCloudTrailLogsFER AwsObservabilityEC2CloudTrailLogsFER AwsObservabilityECSCloudTrailLogsFER AwsObservabilityElastiCacheCloudTrailLogsFER AwsObservabilityElbAccessLogsFER AwsObservabilityFieldExtractionRule AwsObservabilityGenericCloudWatchLogsFER AwsObservabilityLambdaCloudWatchLogsFER AwsObservabilityRdsCloudTrailLogsFER AwsObservabilitySNSCloudTrailLogsFER AwsObservabilitySQSCloudTrailLogsFER |
Explorer View | AWS Observability | AWS Observability |
Metric Rules | AwsObservabilityApiGatewayApiNameMetricsEntityRule AwsObservabilityRDSClusterMetricsEntityRule AwsObservabilityRDSInstanceMetricsEntityRule AwsObservabilityNLBMetricsEntityRule | AwsObservabilityApiGatewayApiNameMetricsEntityRule AwsObservabilityRDSClusterMetricsEntityRule AwsObservabilityRDSInstanceMetricsEntityRule AwsObservabilityNLBMetricsEntityRule |
CloudTrail source | cloudtrail-logs-<AWS::Region> | CloudTrail Logs <AWS::Region> |
CloudWatch logs (HTTP) source | cloudwatch-logs-<AWS::Region> | CloudWatch Logs <AWS::Region> |
Kinesis Firehose for Metrics | cloudwatch-metrics-<AWS::Region> | CloudWatch Metrics <AWS::Region> |
CloudWatch Metrics source | cloudwatch-metrics-<AWS::Region>-ApplicationELB cloudwatch-metrics-<AWS::Region>-ApiGateway cloudwatch-metrics-<AWS::Region>-DynamoDB cloudwatch-metrics-<AWS::Region>-Lambda cloudwatch-metrics-<AWS::Region>-EC2 cloudwatch-metrics-<AWS::Region>-ELB cloudwatch-metrics-<AWS::Region>-RDS cloudwatch-metrics-<AWS::Region>-ECS cloudwatch-metrics-<AWS::Region>-NetworkELB cloudwatch-metrics-<AWS::Region>-ElastiCache cloudwatch-metrics-<AWS::Region>-SQS cloudwatch-metrics-<AWS::Region>-SNS | CloudWatch Metrics <AWS::Region> <AWS Service name> |
Amazon S3 Alb log source | alb-logs-<AWS::Region> | Elb Logs <AWS::Region> |
Amazon S3 Classic Load Balancer log source | classic-lb-logs-<AWS::Region> | Classic lb Logs <AWS::Region> |
Kinesis Firehose for Logs | kinesis-firehose-cloudwatch-logs-<AWS::Region> | CloudWatch Logs <AWS::Region> |
Inventory Source | inventory-<AWS::Region> | AWS Inventory <AWS::Region> |
XRay Source | xray-<AWS::Region> | AWS Xray <AWS::Region> |
S3 Bucket Name | aws-observability-logs-<UniqueKey> | aws-observability-logs-<UniqueKey> |
Fields | account accountid apiid apiname cacheclusterid clustername dbclusteridentifier dbidentifier dbinstanceidentifier functionname instanceid loadbalancer loadbalancername namespace networkloadbalancer region tablename topicname queuename | account accountid apiid apiname cacheclusterid clustername dbclusteridentifier dbidentifier dbinstanceidentifier functionname instanceid loadbalancer loadbalancername namespace networkloadbalancer region tablename topicname queuename |
To improve the solution performance the configurations below are done by CloudFormation template.
- Sumo Logic hosted collector is created for each AWS Account.