Skip to main content
Sumo Logic

Grant Access to Read CloudWatch Metrics

Before configuring an AWS CloudWatch Source, you'll need to grant Sumo Logic permissions to list available metrics and get metric datapoints.

To grant Amazon CloudWatch permissions:

  1. Sign in to the AWS Management Console.
  2. On the Amazon Web Services page, click Identity & Access Management.
  3. Click Users
  4. Click Create New Users.  
  5. Enter the user name (such as SumoLogicMetrics). Make sure that the check box Generate an access key for each user is activated. Click Create
    metricsaws04.png
  6. The user is created. Click Show User Security Credentials if necessary to view the Access Key ID and Secret Access Key for this user. Then click Download Credentials to download a .csv file with this information. You'll provide it to Sumo Logic. 
  7. Click Close.
  8. On the Users page, click the user you just created.
  9. Under Permissions, open the Inline Policies section. To create a custom inline policy, click click here
  10. Under Set Permissions, choose Custom Policy, then click Select.
  11. For Policy Name, use 'sumo-cloudwatch' or something similar, so your organization is aware of why this policy was created. Then, enter the JSON parameters for the policy. (See the “Policy JSON” section in this topic to copy and paste a recommended policy.)
  12. Click Apply Policy. On the Users page, the new policy is displayed. 

Policy JSON

We recommend using the following JSON to create a policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "cloudwatch:ListMetrics",
                "cloudwatch:GetMetricStatistics",
                "ec2:DescribeInstances"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

All of the Action parameters that are shown are required. 

Managing Access Keys

When  configuring an CloudWatch Source, you'll need to provide  the Access Key ID and Secret Access Key for this user (tokens) to Sumo Logic. Security, token, and access settings are handled through Amazon Web Service Identity & Access Management.

For instructions on using Identity & Access Management, see AWS Identity and Access Management (IAM)  to learn about the options available to your organization.