Skip to main content
Sumo Logic

Collect Logs for AWS Config

Before you can begin to use the Sumo Logic App for AWS Config, perform these steps.

  • Enable SNS Notifications in AWS Config.
  • Add a Sumo Logic Hosted Collector and HTTP Source.
  • Subscribe to SNS Notifications in AWS Config.
  • Optional: Create a Partition for AWS Config Logs

Enable SNS Notification in AWS Config

To enable AWS Config’s SNS Notifications:

  1. Sign in to the AWS Management Console.
  2. Under Management Tools, click Get Started, then click Config.
  3. On the Set up AWS Config page, under Amazon SNS Topic, make sure that Enable Configuration changes and notifications to be streamed to an Amazon SNS topic and Create new topic are selected, and click Continue.
    Note: A new S3 bucket will be created at this time, but not used.
  4. On the page AWS Config is requesting permissions to read your resources’ configuration, clickAllow. This will allow AWS Config to read the configuration of your resources for the purpose of delivery via Amazon SNS.
  5. Optional: Expand the View Details section to configure the IAM Role and Policy that AWS Config will use.

For more information on SNS, see http://docs.aws.amazon.com/sns/latest/dg/GettingStarted.html.

Add a Hosted Collector and HTTP Source

  1. In Sumo Logic, use the instructions to configure a Hosted Collector.
  2. During the configuration of the Hosted Collector, name the Source Category_sourceCategory=aws_config.
  3. Then, configure an HTTP Source.
  4. In the Advanced section, make sure to activate the check box Enable One message Per Request.
  5. Copy the HTTP Source Address URL and use it in the following section.

Subscribe to SNS Notifications

Once the Hosted Collector and HTTP Source is configured, you can subscribe to AWS Config’s SNS Notifications.

  1. In the AWS Management Console, go to SNS > Topics.
  2. Select the check box for the topic you created.
  3. Under Amazon SNS, in the Actions menu, select Subscribe to Topic.
  4. Under Protocol, select HTTPS, and paste the Sumo Logic HTTP Source URL into the Endpoint field.
  5. Click Create Subscription.
  6. In a few minutes, a confirmation message is sent to Sumo Logic. In Sumo Logic, search for the new message from your HTTP Source. For example, _sourceCategory="aws_config".
  7. Then, parse the message for the JSON field SubscribeURL, and copy it to your clipboard, as shown. 
    aws_config_app_example_700x317.png
  8. In the AWS Management Console, select SNS >Topics.
  9. Under Amazon SNS, under Actions, select Confirm a subscription.
  10. Paste the SubscribeURL into the Subscription confirmation URL field, and click Confirm subscription.

Optional: Create a Partition for AWS Config Logs

Due to the infrequent nature of AWS Config changes, we recommend creating a Partition for logs. A Partition will provide better search performance, especially if there is high data volume in your account.

To create a Partition:

  1. Use the instructions to Create a Partition.
  2. For the Routing Expression, enter what you use for the App, such as _sourceCategory=aws_config.
  3. Click Create.