Skip to main content
Sumo Logic

Set Up the AWS Observability Solution

This page provides instructions for setting up the AWS Observability Solution using the custom CloudFormation (CF) template, installing and configuring the apps of your choice.

Availability

The feature is available in the following account plans.

Account Type Account Level
Cloud Flex Trial, Professional, and Enterprise
Credits Trial, Essentials, Enterprise Operations, Enterprise Security, and  Enterprise Suite

The AWS Observability Solution uses a custom AWS CloudFormation template to install and configure the apps of your choice. 

System architecture

Sumo Logic provides an AWS CloudFormation template that automates the setup and installation of the AWS Observability Solution for a given account and region. This allows you to configure the monitoring of your AWS infrastructure for optimum results.

AWS O - architecture.png

Data Collection for the AWS Observability Solution

Sumo Logic collects logs, metrics, and events including AWS EC2 Host Metrics, CloudWatch logs and metrics, and CloudTrail logs. The collected data streams are enriched with the following metadata:

  • Account. This is an alias for your AWS account—for example, production, development, or stage—that you supply when you install the solution. 
  • Namespace. This is the name of the AWS service and is automatically added by either the Host Metrics Source or the AWS Metadata (Tag) Source installed by the template, for example, aws/apigateway, aws/applicationelb, aws/dynamodb, aws/lambda, aws/rds, and so on.
  • Region. This is the AWS region, for example, us-east-1, us-west-2, and so on.
  • Entity. This represents either the AWS resource name or id depending on the AWS service being monitored. 

AWS Observability Collection-v2.png

This new metadata can also be used in ad-hoc logs and metrics searches.

Prerequisites

The AWS Observability solution requires:

  • Our Metrics offering. If you don't have Metrics, contact your Sumo Logic account representative.
  • A Sumo Logic Installed Collector with a Host Metrics Source on each of your AWS EC2 hosts. The solution relies upon host metrics collection rather than AWS CloudWatch EC2 metrics because AWS EC2 metrics from Cloudwatch have high latency and can increase the costs of your AWS account. Host metrics have the advantage of near-zero latency and more information at a lower cost. Instructions are provided in Configure Host Metric Source with account and namespace fields below.
  • Access to the Sumo Logic console and the ability to create API keys with the following permissions:
    • Once you add the below capability to your role, create a new Access ID and Access Key.
      • Manage field extraction rules
      • View Fields
      • View field extraction rules
      • Manage Collectors
      • View Collectors
      • Manage Fields
      • Manage Metrics Rules
  • An API key and ID created by the above user.
  • Access to AWS Console and a AWS user that is associated with a AWS Role that has the permissions described by this JSON file. To quickly get this setup, please add this JSON to an existing or a new policy associated with an AWS IAM role as described in the AWS documentation.

Testing for AWS and Sumo Logic Permissions (Optional)

Before setting up the AWS Observability solution we recommend testing permissions for both AWS and Sumo Logic by using a test AWS CloudFormation template. To execute this template:

  1. Invoke the AWS CloudFormation template via this  URL.
  2. Select the desired AWS region to test.
  3. Enter in a Stack Name, Sumo Logic Deployment, and Sumo Logic Access ID and Access Key.
    Testing_sumo_Permission_1.png
  4. Click Create Stack.
  5. Verify that the AWS CloudFormation template has executed successfully in a CREATE_COMPLETE status.  This indicates that you have all the right permissions on both the Sumo Logic and the AWS side to proceed with the installation of the solution. 
    Testing_sumo_Permission_2.png
  6. If the AWS CloudFormation template has not executed successfully, identify and fix any permission errors till the stack completes with a CREATE_COMPLETE status. 
  7. Once the AWS CloudFormation stack has executed successfully:
    • Identify the AWS S3 bucket created by the stack via the Outputs tab as shown in the screenshot below.
      Testing_sumo_Permission_3.png
    • Manually delete the AWS S3 bucket.
    • Delete the created AWS CloudFormation stack to delete all other resources created by this template.

Installation guidelines

The AWS Observability solution can be deployed on all your AWS accounts and regions using the AWS CloudFormation template. The following guidelines will help you streamline the installation of this solution across all your AWS environments. 

  • New resources are created both in AWS and Sumo Logic as part of running the AWS CloudFormation template. Please see the section below for details.
  • App installation. Install the Sumo Logic apps only during the first execution of the AWS CloudFormation template for a given Sumo Logic account.
  • Log and Metrics Sources. New logs and metrics sources should be created for each region using the AWS CloudFormation template only if you haven't already configured log or metrics sources to send data to your Sumo Logic. If you are already sending the relevant logs or metrics data you only need to provide the URLs of the relevant Sumo Logic sources as part of the AWS CloudFormation configuration.
  • S3 bucket. Use an existing bucket if possible. 

Special Considerations

  1. The AWS CloudFormation template described below can be deployed in a given account-region combination. To run the template in multiple regions of a given account, please refer to the Multi Account, Multi Region installation using Stack Sets section. 

  2. If you are using AWS Control Tower to manage your accounts, please refer to the Sumo Logic-AWS Control Tower integration guide that specifically calls out how to use the AWS Observability solution to monitor AWS Control Tower managed accounts.

  3. You can run the AWS CloudFormation template via the AWS CLI, using deploy command. See an example below for how to deploy the template. Note: The template can be downloaded via this URL.


aws cloudformation deploy --stack-name aws-observability 
--capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM
 --template-file 
 sumologic_observability.master.template.yaml --s3-bucket 
 <bucket-name-to-upload-the-template> 
 --parameter-overrides 
 Section1aSumoLogicDeployment=<Deployment>
  Section1bSumoLogicAccessID=<AccessId> 
  Section1cSumoLogicAccessKey=<AccessKey> 
  Section1dSumoLogicOrganizationId=<OrganizationId>
  Section2aAccountAlias=<accountalias>

Resources created or modified

AWS Resources

The AWS CloudFormation template execution creates or modifies the following resources in the AWS account if you are not already collecting data from those AWS services. If you are, the AWS CloudFormation template will simply integrate with your existing collector sources.

AWS Service AWS Resources Sumo Logic App
AWS CloudTrail Logs S3 Bucket
SNS Topic
AWS Trail
SNS Subscription
AWS Lambda
IAM Roles
  • AWS API Gateway ULM
  • AWS Lambda ULM
  • Amazon DynamoDB ULM
  • Amazon RDS ULM
Amazon CloudWatch Metrics AWS Lambda
IAM Roles
  • AWS API Gateway ULM
  • AWS Lambda ULM
  • Amazon DynamoDB ULM
  • Amazon RDS ULM
  • AWS Application Load Balancer ULM
Amazon Application Load Balancer logs

S3 Bucket
SNS Topic
SNS Subscription
AWS Lambda
IAM Role

  • AWS Application Load Balancer ULM
AWS Lambda CloudWatch logs AWS Lambda
IAM Roles
  • AWS Lambda ULM

If you are using an existing bucket to collect AWS Application ELB logs, the Amazon S3 bucket policy for this bucket will be updated to include the policy below, if in case the policy does not already exist:
{
  "Sid": "AwsAlbLogs",
  "Effect": "Allow",
  "Principal": {
    "AWS": "arn:aws:iam:::root"
  },
  "Action": [
    "s3:PutObject"
  ],
  "Resource": "arn:aws:s3:::{bucket_name}/*"
}

Resources created in Sumo Logic

The AWS CloudFormation template execution creates the resources in Sumo Logic:

Resource Name
App folder Sumo Logic AWS Observability Apps-<Date of installation>
Collector aws-observability-<AccountAlias>
Field Extraction Rule AwsObservabilityFieldExtractionRule
Explorer View AWS Observability
Metric Rules AwsObservabilityRDSClusterMetricsEntityRule
AwsObservabilityRDSInstanceMetricsEntityRule
AwsObservabilityALBMetricsEntityRule
AwsObservabilityLambdaMetricsEntityRule
AwsObservabilityApiGatewayMetricsEntityRule
AwsObservabilityDynamoDBMetricsEntityRule
AwsObservabilityEC2MetricsEntityRule 
CloudTrail source <AccountAlias>-aws-observability-cloudtrail-logs-<AWS::Region>
CloudWatch logs (HTTP) source <AccountAlias>-cloudwatch-logs-<AWS::Region>
CloudWatch Metrics source <AccountAlias>-cloudwatch-metrics-<AWS::Region>-ApplicationELB
<AccountAlias>-cloudwatch-metrics-<AWS::Region>-ApiGateway
<AccountAlias>-cloudwatch-metrics-<AWS::Region>-DynamoDB
<AccountAlias>-cloudwatch-metrics-<AWS::Region>-Lambda
<AccountAlias>-cloudwatch-metrics-<AWS::Region>-ELB
<AccountAlias>-cloudwatch-metrics-<AWS::Region>-RDS
<AccountAlias>-cloudwatch-metrics-<AWS::Region>-ECS
<AccountAlias>-cloudwatch-metrics-<AWS::Region>-NetworkELB
<AccountAlias>-cloudwatch-metrics-<AWS::Region>-ElastiCache
Amazon S3 Alb log source <AccountAlias>-aws-observability-alb-logs-s3-<AWS::Region>
Inventory Source <AccountAlias>-inventory-<AWS::Region>
XRay Source <AccountAlias>-xray-aws-<AWS::Region>
S3 Bucket Name aws-observability-logs-<StackID>
Fields Account
Region
Namspace
Entity

Deploy the AWS Observability Solution

You deploy the AWS Observability Solution using the interactive AWS CloudFormation template. The template prompts you to supply values for configuration options, and uses your input to configure the solution for your AWS environment. 

Configure Host Metric Source with account and namespace fields

As described in Prerequisites above, the AWS Observability Solution requires a Sumo Logic Installed Collector with a Host Metrics Source on each of your AWS EC2 hosts. In this step, you configure the Host Metrics Sources to tag Incoming logs and metrics with account and Namespace metadata fields

To do so, update the Host Metrics Sources, update the sources.json file in the relevant AMIs with the account alias and Namespace fields as shown in blue below when the collector is installed.

You need to enter the same account alias that you will use when you run the AWS CloudFormation template,  (AWS account and resources (required)) as well as set the host metrics scan-interval to 5 minutes. The parameter values are highlighted in blue below:

{

  "api.version": "v1",

  "source": {

    "name": "Host Metrics",

    "category": "hostmetrics",

    "automaticDateParsing": false,

    "multilineProcessingEnabled": true,

    "useAutolineMatching": true,

    "contentType": "HostMetrics",

    "forceTimeZone": false,

    "filters": [],

    "cutoffTimestamp": 0,

    "encoding": "UTF-8",

    "fields": {

      "account": "<your AWS account alias>",

      "Namespace": "AWS/EC2"

    },

    "thirdPartyRef": {

      "resources": [

        {

          "serviceType": "HostMetrics",

          "path": {

            "type": "NoPathExpression"

          },

          "authentication": {

            "type": "NoAuthentication"

          }

        }

      ]

    },

    "interval": 300000,

    "metrics": [

      "CPU_User",

      "CPU_Sys",

 …..

    ],

    "processMetrics": [],

    "sourceType": "SystemStats"

  }

}

To apply these changes to existing collectors please follow this document.

Executing the AWS CloudFormation template

This section walks you through the process of executing the AWS CloudFormation template to set up the AWS Observability Solution.

To deploy the AWS Observability Solution

  1. Sign on to the AWS Management console.
  2. Click on this URL to directly invoke the Sumo Logic AWS CloudFormation template. The template can also be downloaded via this URL

  3. Select the AWS Region where you want to deploy the AWS CloudFormation template.

  4. Enter the required parameters as prompted and described in the Configuration Prompts and Input section below.
  5. In Capabilities and transforms click each checkbox.CFT_Capabilities_Transforms.png
  6. Click Create Stack.
  7. Verify that the AWS CloudFormation template has executed successfully in a CREATE_COMPLETE status.  This indicates that all the resources have been created successfully in both Sumo Logic and AWS.
  8. If the AWS CloudFormation template has not run successfully, identify and fix any permission errors till the stack completes with a CREATE_COMPLETE status. Please refer to the Troubleshooting section for assistance with how to resolve these errors.  

Configuration prompts and input

This section provides a listing of configuration prompts for the AWS CloudFormation template, along with explanations for each prompt and any information you are required to provide. We recommend that you review this section and gather the required information before you start using the AWS CloudFormation template.

Sumo Logic access configuration (required)
Prompt Guideline
Sumo Logic Deployment Name Enter au, ca, de, eu, jp, us2, in, fed or us1. For more information on Sumo Logic deployments, see the Sumo Logic Endpoints and Firewall Security topic.
Sumo Logic Access ID Sumo Logic Access ID. For more information, see Create an access key in the Access Keys topic.
Sumo Logic Access Key Sumo Logic Access Key. This key is used for Sumo Logic API calls.
Sumo Logic Organization ID You can find your org on the Preferences page in the Sumo Logic UI. For more information, see the Preferences Page topic. Your org ID is will be used to configure the IAM Role for Sumo Logic AWS Sources.
Delete Sumo Logic Resources when stack is deleted To delete collectors, sources and apps in Sumo Logic when the stack is deleted, set this parameter to "True". If this is set to "False", Sumo Logic resources are not deleted when the AWS CloudFormation stack is deleted. Deletion of updated resources will be skipped.
 
AWS account alias (required)
Prompt Guideline
Alias for your AWS account Enter a name for the AWS environment from which you are collecting data. This name will appear in the Sumo Logic Explorer View, metrics and logs.

Do not include special characters in the alias.
Sumo Logic AWS Observability apps
Prompt Guideline
Install AWS Observability apps Yes –  Installs the apps (AWS EC2, AWS Application Load Balancer, Amazon RDS, AWS API Gateway, AWS Lambda, and AWS DynamoDB) for the Sumo Logic AWS Observability Solution. All the apps are installed in the Sumo Logic AWS Observability Apps  Personal folder in Sumo Logic.

No – Skips the installation of the apps.
Sumo Logic AWS CloudWatch Metrics and Inventory Source
Prompt Guideline
Select the Sumo Logic Metrics Sources to create CloudWatchMetrics - Creates a Sumo Logic CloudWatch Metrics Source, which collects metrics for multiple namespaces from the region selected.

InventorySource - Creates a Sumo Logic Inventory Source used by Root Cause Explorer

Both - Installs Both Sumo Logic CloudWatch Metrics and Inventory Source 

None - Skips the Installation of both the Sumo Logic Sources
Sumo Logic AWS Metrics Namespaces

Provide Comma-delimited list of the namespaces which will be used for both AWS CLoudWatch Metrics and Inventory Sources. The default will be AWS/ApplicationELB, AWS/ApiGateway, AWS/DynamoDB, AWS/Lambda, AWS/RDS, AWS/ECS, AWS/ElastiCache, AWS/ELB, AWS/NetworkELB. 

AWS/AutoScaling will be appended to Namespaces for Inventory Sources.

Existing Sumo Logic CloudWatch Metrics Source API URL You must supply this URL if you are already collecting CloudWatch Metrics. Provide the existing Sumo Logic CloudWatch Metrics Source API URL. For information on how to determine the URL, see View or Download Source JSON Configuration
Sumo Logic AWS ALB Log Source Details
Prompt Guideline
Enable ALB Access logging New - Automatically enables S3 logging for newly created ALB resources to collect logs for ALB resources. This does not affect ALB resources already collecting logs.

Existing - Automatically enables S3 logging for existing ALB resources to collect logs for ALB resources.

Both - Automatically enables S3 logging for new and existing ALB resources.

None - Skips automatic S3 Logging for ALB resources.
Create Sumo Logic ALB Logs Source Yes - Creates a Sumo Logic ALB Log Source that collects ALB logs from an existing bucket or a new bucket. 

No - Select this if you already have an ALB source configured in Sumo Logic.
Existing Sumo Logic ALB Logs Source API URL You must supply this URL if you are already collecting ALB logs. Enter the existing Sumo Logic ALB Source API URL. For information on how to determine the URL, see View or Download Source JSON Configuration.
AWS S3 Bucket Name Provide a name of an existing S3 bucket name where you would like to store ALB logs. If this is empty, a new bucket will be created in the region
Path Expression for the Existing  ALB logs This is required in case the above existing bucket is already configured to receive ALB access logs. If this is blank, Sumo Logic will store logs in the path expression:

elasticloadbalancing/AWSLogs/*
Sumo Logic AWS CloudTrail Source
Prompt Guideline
Create Sumo Logic CloudTrail Logs Source Yes - Creates a Sumo Logic CloudTrail Log Source that collects CloudTrail logs from an existing bucket or new bucket.

No - If you already have a CloudTrail Log Source collecting CloudTrail logs.
Existing Sumo Logic CloudTrail Logs Source API URL Required if you are already collecting CloudTrail logs. Provide the existing Sumo Logic CloudTrail Source API URL. For information on how to determine the URL, see View or Download Source JSON Configuration.
AWS S3 Bucket Name Provide a name of an existing S3 bucket where you would like to store CloudTrail logs. If this is empty, a new bucket will be created in the region.
Path Expression to the Existing CloudTrail logs This is required in case the above existing bucket is already configured to receive CloudTrail logs. If this is blank, Sumo Logic will store logs in the path expression:

AWSLogs/*/CloudTrail/*/*
Sumo Logic AWS Lambda CloudWatch logs
Prompt Guideline
Create Sumo Logic CloudWatch Logs Source Yes - Creates the Sumo Logic CloudWatch Log Source that collects AWS Lambda logs from AWS.

No - If you already have a CloudWatch Log source collecting AWS Lambda logs into Sumo Logic.
Existing Sumo Logic Lambda CloudWatch Logs Source API URL Required you already collect AWS Lambda CloudWatch logs. Provide the existing Sumo Logic AWS Lambda CloudWatch Source API URL. For information on how to determine the URL, see View or Download Source JSON Configuration.
Subscribe log groups to Sumo Logic Lambda Forwarder New - Automatically subscribes new AWS Lambda log groups to Lambda, to send logs to Sumo Logic.

Existing - Automatically subscribes existing log groups to Lambda, to send logs to Sumo Logic.

Both - Automatically subscribes new and existing log groups.

None - Skips Automatic subscription of log groups.
Regex for Filtering lambda Log Groups Enter a regex for matching log group names. For more information, see Configuring parameters in the Auto-Subscribe AWS Log Groups to a Lambda Function topic.
Sumo Logic AWS X-Ray Source
Prompt Guideline
Create Sumo Logic AWS X-Ray Source

Yes - Creates a Sumo Logic AWS X-Ray Source that collects X-Ray Trace Metrics from your AWS account.

No - If you already have a Sumo Logic AWS X-Ray source configured or skip the source creation.

Share the AWS Observability dashboards

Once the AWS Observability solution has been setup, to make the dashboards accessible to other users in your Sumo Logic account, you will need to share the folder "Sumo Logic AWS Observability Apps-<Date of installation>" created in your personal library with the appropriate members of your Sumo Logic account. Please refer to these instructions on how to share your folders.

Updating the Stack

An existing stack can be updated using a new version of AWS CloudFormation template or the same version of the AWS CloudFormation template.

Before starting with stack update, make sure no resource is deleted manually as it can lead to stack update failure.

Below are the steps to update an existing stack :

  1. Locate the Main Stack created using AWS CloudFormation template and Click Update.
    Stack_Step1.png
  2. Select ‘Replace Current Template’ and paste the URL - https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/sumologic_observability.master.template.yaml in the Amazon S3 URL option and select Next.
    Stack_Step2.png

  3. Keep the pre-filled parameters (as supplied during Stack Create) and Click Next.

  4. Review all the changes listed on the Change Set Review and make sure you're comfortable with these changes.
    Stack_Step3.png

  5. Select the capabilities and Click Submit.
    Stack_Step4.png

  6. After the update is complete, the stacks that have been updated successfully will be set to a UPDATE_COMPLETE status.

  7. Stack_Step4.png

Multi Account, Multi Region installation using Stack Sets

The AWS CloudFormation template can be deployed in a given account-region combination using AWS CloudFormation stacks as described in the earlier section, however, AWS provides the ability to deploy the same template on multiple accounts and multiple regions using Stack Sets.

Before you begin, please:

  1. Complete the prerequisites for StackSets as outlined in the AWS documentation.

  2. Install the apps by running the AWS CloudFormation Stack once in any given account and region.  Use the configuration below to setup only app dashboards.

    • Install AWS Observability Apps as ‘Yes’.
      Multiaccount 1.png
    • Select the Sumo Logic Metrics Sources to create as ‘None’.
      Multiaccount 2.png
    • Enable ALB Access logging as ‘None’ and Create Sumo Logic ALB Logs Source as ‘None’.
      Multiaccount 3.png
    • Create Sumo Logic CloudTrail Logs Source as ‘None’.
      Multiaccount 4.png
    • Create Sumo Logic CloudWatch Logs Source as ‘None’.
      Multiaccount 5.png

Follow the steps below to use the AWS CloudFormation template with Stack Sets :

  1. Go to Stack Sets in your AWS account.

  2. Click Create StackSet.
    ClodFormation_Stackset 1.png

  3. Paste the URL - https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/sumologic_observability.master.template.yaml in the Amazon S3 URL option and select Next.
    ClodFormation_Stackset 2.png

  4. Provide a Stack Set Name and check the parameters.

    • Fill in the answer to Section 3 ‘Install AWS Observability Apps’ as No. 
    • All other resources can be created per region per account.
    • Click Next.
      ClodFormation_Stackset 3.png
  5. Add Tags, select the Administrator role defined in the prerequisites above, and click Next.ClodFormation_Stackset 4.png

  6. Provide a single AWS account number only and select a list of regions in the account where you would like to deploy the AWS CloudFormation template as shown in the screenshot below:

    • You will need to provide a single account alias associated with the AWS account alias selected in the parameters from Step 4 above and select all the regions in the current account where you would like to deploy the template.
    • ClodFormation_Stackset 5.png
  7. In the Deployment options, keep the default values and click Next.
    ClodFormation_Stackset 6.png

  8. Review the details, select the capabilities and click Submit.
    ClodFormation_Stackset 7.png

  9. Once you hit submit, the AWS CloudFormation template will execute in the provided account and regions sequentially.

To add more accounts to the same Stack Set
  1. Select ‘Add new stacks to StackSet’.ClodFormation_Stackset 8.png

  2. In ‘Set deployment options’, Enter the account number and regions you want to deploy the stack.
    ClodFormation_Stackset 9.png

  3. In ‘Specify overrides’, find ‘Section2aAccountAlias’ and ‘Override Stackset Value’.
    ClodFormation_Stackset 10.png

  4. Override the value of account alias for the provided account and save changes.
    ClodFormation_Stackset 11.png

  5. Review the details, select the capabilities, and click Submit.

Start Monitoring your AWS services

Once the AWS CloudFormation template has completed successfully, you can start monitoring your AWS services as outlined in this document.

Post-install Optimizations

Reducing CloudTrail Log Ingest

By default, the AWS Observability solution collects AWS CloudTrail logs for all AWS services. To reduce the volume of this ingest, however, you can add a collector source processing rule to only collect logs relevant to dashboards provided by the AWS Observability solution.

Rule Type: Include messages that match.

Create rule for each of the following regular expression patterns:

.*\"eventSource\":\"elasticloadbalancing\.amazonaws\.com\".*

.*\"eventSource\":\"dynamodb\.amazonaws\.com\".*

.*\"eventSource\":\"ec2\.amazonaws\.com\".*

.*\"eventSource\":\"rds\.amazonaws\.com\".*

.*\"eventSource\":\"lambda\.amazonaws\.com\".*

.*\"eventSource\":\"apigateway\.amazonaws\.com\".*

Rolling back the AWS Observability Solution

When you roll back the AWS Observability Solution, all the resources that were created with the AWS CloudFormation stack are deleted. The resources deleted with a rollback include AWS Observability Solution apps, collectors, sources, S3 buckets, Lambda functions, IAM roles, bucket policy, SNS topic, and SNS subscriptions. 

Rolling back the AWS Observability Solution deletes the main AWS CloudFormation stack, along with the nested stack and associated Sumo Logic and AWS resources. The following rollback guidelines apply:

  • Sumo Logic resources are deleted based on the “Delete Sumo Logic Resources when the stack is deleted” flag provided during the AWS CloudFormation configuration. These resources include apps, collectors, and sources.
  • AWS resources are deleted by default, regardless of the flag provided. These resources include S3 buckets, Lambda functions, IAM roles, bucket policy, SNS topic, and SNS subscription.

To uninstall the AWS Observability Solution, do the following:

  1. Log in to your AWS account and go to CloudFormation.
  2. Select the main stack you want to delete.

CFT_Uninstall.png

Troubleshooting

While deploying the template, you may receive error messages such as CREATE_FAILED status or ROLLBACK_COMPLETE status for various reasons. This section provides information on how to troubleshoot such AWS CloudFormation installation failures.

Determine the cause of a CloudFormation installation failure

This section walks you through the process of troubleshooting an AWS CloudFormation installation failure.

To debug an AWS CloudFormation installation failure, do the following:

  1. After the stack rollback is complete and the status is ROLLBACK_COMPLETE, go to the parent stack. In the parent stack, look for the first failure as shown in the following example.

Troubleshooting_1.png

The failure can be a direct reason or can point to a nested stack.

  1. Look for direct reasons for the failure that is available in the parent stack, as shown in the following example.

  1. To find indirect reasons for the failure, go to the nested stack mentioned in the status reason, as shown in the following example. Take a note of the resources mentioned in the reason.

  1. Select the deleted option to find the nested stacks, as shown in the following example.

  1. Go to the nested stack and look for the resource mentioned in the previous step to identify the reason, as shown in the following example.

 Troubleshooting_5.png

Common errors

 Below are some common errors that can occur while using the Cloud Formation template. 

Error Description Resolution
The API rate limit for this user has been exceeded. This error indicates that AWS CloudFormation execution has exceeded the API rate limit set on the Sumo Logic side. It can occur if you install the AWS CloudFormation template in multiple regions or accounts using the same Access Key and Access ID. Don't install the AWS CloudFormation template in multiple regions or accounts with the same Access Key and Access ID.
 
S3 Bucket already exists. The error can occur if:

An S3 bucket with the same name exists in  S3, or

The S3 Bucket is not present in S3 but is referenced by some other AWS CloudFormation stack which created it.
Remove the S3 bucket from S3 or select “No” in the AWS Cloudformation template for S3 bucket creation.

Remove the AWS CloudFormation Stack which references the S3 bucket.
The S3 bucket you tried to delete is not empty. The error can occur while deleting the stack with a non-empty S3 bucket.  Delete the S3 bucket manually if you don't need the bucket or its content in the future.