Skip to main content
Sumo Logic

Before You Deploy

Learn prerequisites and guidelines for deploying the AWS Observability Solution to a single AWS account and region

This page describes prerequisites and guidelines for deploying Sumo Logic’s AWS Observability Solution. 

Prerequisites

  • Sumo Logic Metrics—The AWS Observability Solution leverages both logs and metrics to provide comprehensive monitoring and troubleshooting of your AWS cloud infrastructure. If you don’t already have Metrics, contact your Sumo Logic account representative.
  • Sumo Logic Collectors and Sources. The AWS Observability Solution relies upon an Installed Collector with a Host Metrics Source on each of your AWS EC2 hosts. The solution relies upon host metrics collection rather than AWS CloudWatch EC2 metrics because AWS EC2 metrics from Cloudwatch have high latency and can increase the costs of your AWS account. Host metrics have the advantage of near-zero latency and more information at a lower cost. Instructions are provided in Configure Host Metric Source below.
  • Role capabilities—Make sure you have a Sumo Logic role that has the following capabilities:
    • Manage field extraction rules
    • View Fields
    • View field extraction rules
    • Manage Collectors
    • View Collectors
    • Manage Fields
    • Manage Metrics Rules
  • Sumo Logic Access ID and Key—When you run the CloudFormation template that deploys the solution, you’ll need to supply a Sumo Logic Access ID and Access Key, which enable you to use Sumo Logic APIs. Make sure you have the role capabilities list above before generating the Access ID and Key.
  • AWS credentials—To deploy the solution, you’ll need to log onto the AWS Console. Your AWS role must have the permissions described by this JSON file. As necessary, you can add JSON to an existing or a new policy associated with an AWS IAM role as described in the AWS documentation.

Deployment options

You can deploy AWS Observability to a single AWS account and region, or to all of your accounts in all regions. We provide instructions for both alternatives. 

Typically you would first deploy the solution to a single AWS account and region, kick the tires, and then expand the deployment. See Deploy AWS Observability for a limited deployment. See Deploy to Multiple Accounts and Regions for a broader deployment. 

Template considerations  

You deploy the solution by running an AWS CloudFormation template. When doing so, consider the following.

Do you already have the required sources? 

When you run the CloudFormation template, you’re given the option to create the Sumo Logic sources that the solution applications rely upon. If you have already configured those sources, you don’t have to create new ones. You can just provide the URLs of the relevant Sumo Logic sources as part of the AWS CloudFormation configuration.

Install the solution apps once

The CloudFormation template gives you the option to install the solution apps. You should install the apps only during the first execution of the AWS CloudFormation template for a given Sumo Logic account.

Bucket considerations

In the sections of the template that relate to creating Sumo Logic sources, you can specify an existing S3 bucket to store the logs or metrics the source collects. If you don’t supply a bucket name, the template will create a new one. We recommend you use an existing bucket if possible. 

Do you use AWS Control Tower?

If you use AWS Control Tower to manage your accounts, see the Sumo Logic-AWS Control Tower integration guide that specifically calls out how to use the AWS Observability solution to monitor AWS Control Tower managed accounts.

Running the template from the command line

If desired, you can run the AWS CloudFormation template from the AWS CLI, using the deploy command. See an example below for how to deploy the template. You can download the template here.

aws cloudformation deploy --stack-name aws-observability 
--capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM
 --template-file 
 sumologic_observability.master.template.yaml --s3-bucket 
 <bucket-name-to-upload-the-template> 
 --parameter-overrides 
 Section1aSumoLogicDeployment=<Deployment>
  Section1bSumoLogicAccessID=<AccessId> 
  Section1cSumoLogicAccessKey=<AccessKey> 
  Section1dSumoLogicOrganizationId=<OrganizationId>
  Section2aAccountAlias=<accountalias>

Configure Host Metrics source 

Follow the instructions in this section to configure an Sumo Logic Installed Collector and a Host Metrics Source on each of your AWS EC2 hosts. You will assign account and Namespace metadata fields to the sources so that incoming logs and metrics will be appropriately tagged.

Perform these steps for each EC2 host.

  1. Set up an Installed Collector. For instructions, see Installed Collectors.
  2. Add a Host Metrics Source to the Installed Collector. For instructions, see Manually Configure a Host Metrics Source. In the Fields portion of the configuration::
  3. Add a field named account, and set it to your AWS account alias.
  4. Add a field Namespace named and set it to AWS/EC2
  5. Set the Scan Interval (i.e. the frequency at which the Source is scanned) to 5 minutes. 

To automate the above, see Add Fields to Existing Host Metrics Sources

Going forward, you can also build your EC2 AMI machine image with these fields and settings. For instructions, see this blog. Here’s a sample sources.json file that you can include in your AMI.

{
  "api.version": "v1",
   "source": {
    "name": "Host Metrics",
    "category": "hostmetrics",
    "automaticDateParsing": false,
    "multilineProcessingEnabled": true,
    "useAutolineMatching": true,
    "contentType": "HostMetrics",
    "forceTimeZone": false,
    "filters": [],
    "cutoffTimestamp": 0,
    "encoding": "UTF-8",
    "fields": {
      "account": "<your AWS account alias>",
      "Namespace": "AWS/EC2"
    },
    "thirdPartyRef": {
      "resources": [
        {
          "serviceType": "HostMetrics",
          "path": {
            "type": "NoPathExpression"
          },
          "authentication": {
            "type": "NoAuthentication"
          }
        }
      ]
    },
    "interval": 300000,
    "metrics": [
      "CPU_User",
      "CPU_Sys",
 …..
    ],
    "processMetrics": [],
    "sourceType": "SystemStats"
  }
}

Verify AWS and Sumo Logic Permissions

Before setting up the AWS Observability solution we recommend testing permissions for both AWS and Sumo Logic by using a test AWS CloudFormation template. To execute this template:

  1. Invoke the AWS CloudFormation template at this URL.
  2. Select the desired AWS region to test.
  3. Enter a Stack Name, Sumo Logic Deployment, and Sumo Logic Access ID and Access Key.
    Testing_sumo_Permission_1.png
  4. Click Create Stack.
  5. Verify that the AWS CloudFormation template has executed successfully in a CREATE_COMPLETE status. This indicates that you have all the right permissions on both the Sumo Logic and the AWS side to proceed with the installation of the solution. 
    Testing_sumo_Permission_2.png
  6. If the AWS CloudFormation template has not executed successfully, identify and fix any permission errors till the stack completes with a CREATE_COMPLETE status. 
  7. Once the AWS CloudFormation stack has executed successfully:
    1. Identify the AWS S3 bucket created by the stack via the Outputs tab as shown in the screenshot below.
      Testing_sumo_Permission_3.png
    2. Manually delete the AWS S3 bucket.
    3. Delete the created AWS CloudFormation stack to delete all other resources created by this template.