Skip to main content
Sumo Logic

AWS Observability Resources

Learn more about AWS Observability resources created and modified at deployment using Terraform and CloudFormation.

Deployment using Terraform and the CloudFormation template creates a number of resources in AWS and in Sumo Logic.

Resources created in AWS

Executing the Terraform script and the AWS CloudFormation template creates or modifies the following resources in the AWS account if you are not already collecting data from those AWS services. If you are, the AWS CloudFormation template will simply integrate with your existing collector sources.

AWS Data Source

AWS Resources Created

Applicable AWS Observability Dashboards

AWS CloudTrail Logs

S3 Bucket

SNS Topic

AWS Trail

SNS Subscription

AWS Lambda

IAM Roles

AWS API Gateway

AWS Lambda

Amazon DynamoDB

Amazon RDS

Amazon ECS

Amazon ElastiCache

Amazon CloudWatch Metrics

AWS Lambda

IAM Roles

Kinesis Firehose

CloudWatch Metrics Stream

AWS API Gateway 

AWS Lambda 

Amazon DynamoDB 

AWS Application Load Balancer 

Amazon RDS

Amazon ECS

Amazon ElastiCache

AWS Network Load Balancer

Amazon Application Load Balancer logs

S3 Bucket

SNS Topic

SNS Subscription

AWS Lambda

IAM Role

AWS Application Load Balancer 

AWS Lambda CloudWatch logs

AWS Lambda

IAM Roles

AWS Lambda 

AWS Classic Load Balancer Logs

S3 Bucket

SNS Topic

SNS Subscription

AWS Lambda

IAM Role

AWS Classic Load Balancer

If you are using an existing bucket to collect AWS ELB logs, the Amazon S3 bucket policy for this bucket will be updated to include the policy below, if in case the policy does not already exist:

{
"Sid": "AwsAlbLogs",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam:::root"
},
"Action": [
"s3:PutObject"
],
"Resource": "arn:aws:s3:::{bucket_name}/*"
}

Resources created in Sumo Logic

Terraform

Terraform execution creates the following resources in Sumo Logic.

Resource

Name

CloudTrail Logs Source

CloudTrail Logs <AWS Region>

Application Load Balancer - Access Logs Source

Elb Logs <AWS Region>

Metrics - AWS CloudWatch Metric Source

CloudWatch Metrics <AWS Region> <AWS Service name>

Metrics - Kinesis Firehose for Metrics Source

CloudWatch Metrics <AWS Region>

CloudWatch Logs - Lambda Log forwarder Source

CloudWatch Logs <AWS Region>

CloudWatch Logs - Kinesis Firehose for Logs Source

CloudWatch Logs <AWS Region>

Inventory Source

AWS Inventory <AWS Region>

Xray Source

AWS Xray <AWS Region>

AWS CloudFormation

The AWS CloudFormation template execution creates the following resources in Sumo Logic.

Resource

Name

App folder

AWS Observability-<Version> <Date of installation>

Alerts

AWS Observability <Version> <Date and Time of Installation>

Hosted Collector

aws-observability-<AccountAlias>-<AccountID>

Field Extraction Rule

AwsObservabilityFieldExtractionRule

AwsObservabilityAlbAccessLogsFER

AwsObservabilityApiGatewayCloudTrailLogsFER

AwsObservabilityDynamoDBCloudTrailLogsFER

AwsObservabilityLambdaCloudWatchLogsFER

AwsObservabilityRdsCloudTrailLogsFER

AwsObservabilityECSCloudTrailLogsFER

AwsObservabilityElastiCacheCloudTrailLogsFER

AwsObservabilityElbAccessLogsFER

AwsObservabilityEC2CloudTrailLogsFER

Explorer View

AWS Observability

Metric Rules

AwsObservabilityRDSClusterMetricsEntityRule

AwsObservabilityRDSInstanceMetricsEntityRule

AwsObservabilityNLBMetricsEntityRule

CloudTrail source

cloudtrail-logs-<AWS::Region>

CloudWatch logs (HTTP) source

cloudwatch-logs-<AWS::Region>

Kinesis Firehose for Metrics cloudwatch-metrics-<AWS::Region>

CloudWatch Metrics source

cloudwatch-metrics-<AWS::Region>-ApplicationELB

cloudwatch-metrics-<AWS::Region>-ApiGateway

cloudwatch-metrics-<AWS::Region>-DynamoDB

cloudwatch-metrics-<AWS::Region>-Lambda

cloudwatch-metrics-<AWS::Region>-ELB

cloudwatch-metrics-<AWS::Region>-RDS

cloudwatch-metrics-<AWS::Region>-ECS

cloudwatch-metrics-<AWS::Region>-NetworkELB

cloudwatch-metrics-<AWS::Region>-ElastiCache

cloudwatch-metrics-<AWS::Region>-SQS

cloudwatch-metrics-<AWS::Region>-SNS

Amazon S3 Alb log source

alb-logs-<AWS::Region>

Amazon S3 Classic Load Balancer log source classic-lb-logs-<AWS::Region>
Kinesis Firehose for Logs kinesis-firehose-cloudwatch-logs-<AWS::Region>

Inventory Source

inventory-<AWS::Region>

XRay Source

xray-<AWS::Region>

S3 Bucket Name

aws-observability-logs-<StackID>

Fields

account

accountid

region

namespace

tablename

loadbalancer

functionname

apiname

dbidentifier

dbinstanceidentifier

dbclusteridentifier

instanceid

clustername

cacheclusterid

networkloadbalancer

loadbalancername