Deploy to Multiple Accounts and Regions

This topic has instructions for deploying AWS Observability Solution to multiple AWS accounts and regions
using Stack Sets.

Given that we use an account alias, we recommend you use StackSets to automatically deploy the AWS CloudFormation template across all regions in one AWS account at a time. New AWS accounts can be added to an existing stack set.

Before you start

• If this is the first time you've deployed our AWS Observability solution, read the Before You Deploy topic for more information.
• Complete the prerequisites for StackSets as described in the AWS documentation.

Step 1: Open the CloudFormation template

1. Sign in to the AWS Management console.
2. Choose an option to invoke AWS CloudFormation Template:
   • Click this URL to invoke the latest Sumo Logic AWS CloudFormation template.
   • Download the AWS Observability Solution template (S3 Link for cloudformation template): https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.7.0/sumologic_observability.master.template.yaml to invoke the latest Sumo Logic AWS CloudFormation template.
   note

   If you would like to download or inspect this or other versions of this template, see the Changelog.

3. Select the AWS Region where you want to deploy the AWS CloudFormation template.
   danger

   This step is critical. If you do not select the correct region, you will deploy the solution in the wrong region.

4. Proceed to Step 2 below.

Step 2: Sumo Logic access configuration 

The below table displays the response to each prompt during Step 2.

Prompt	Guideline
Sumo Logic Deployment Name	Enter au, ca, de, eu, jp, us2, in, fed or us1. See Sumo Logic Endpoints and Firewall Security for more information on Sumo Logic deployments.
Sumo Logic Access ID	Sumo Logic Access ID. See Create an access key for more information.
Sumo Logic Access Key	Sumo Logic Access Key. This key is used for Sumo Logic API calls.
Sumo Logic Organization ID	You can find your org on the Preferences page in the Sumo Logic UI. Your org ID will be used to configure the IAM Role for Sumo Logic AWS Sources.
Delete Sumo Logic Resources when stack is deleted	To delete collectors, sources and apps in Sumo Logic when the stack is deleted, set this parameter to "True". If this is set to "False", Sumo Logic resources are not deleted when the AWS CloudFormation stack is deleted. Deletion of updated resources will be skipped.

Step 3: AWS account alias 

The below table displays the response to each prompt during Step 3.

Prompt	Guideline
Alias for your AWS account	Enter an account alias for the AWS environment from which you are collecting data. This alias should be something that makes it easy for you to identify what this AWS account is being used for (for example, dev, prod, billing, and marketplace). This name will appear in the Sumo Logic Explorer View, metrics and logs can be queried via the “account field”. Important: Account Aliases should be alphanumeric and cannot include special characters such as “-, $, _” etc. Leave this blank If you're using CloudFormation StackSets to deploy the solution in multiple AWS accounts.
S3 URL of a CSV file that maps AWS Account IDs to an Account Alias	This parameter is applicable only If you're using CloudFormation StackSets to deploy the solution in multiple AWS accounts. The S3 URL of the CSV file should have public read access when deploying or updating the solution. Enter the S3 URL of a CSV file which contains the mapping of AWS Account IDs to an Account Alias in the following format: accountid,alias For example: 1234567,dev 9876543,prod

Step 4: Install Apps

Perform the following steps to install apps.

1. Complete the prerequisites for StackSets as described in the AWS documentation.
2. Install the apps by running the AWS CloudFormation Stack once in any given account and region. Use the configuration below to set up only app dashboards.
3. Install AWS Observability Apps as Yes.
   
4. Select the Sumo Logic Metrics Sources to create as None.
   
5. Enable ALB Access logging as None and Create Sumo Logic ALB Logs Source as No.
   
6. Create Sumo Logic CloudTrail Logs Source as No.
   
7. Create Sumo Logic CloudWatch Logs Source as No.
   
8. Enable ELB Classic Access logging as None and Create Sumo Logic ELB Classic Logs Source as No.
   
9. Location where you want the App to be Installed as PersonalFolder. And for Do you want to share App with whole organization, set as True.
   

Step 5: Determine account aliases

If you are going to deploy the solution in multiple AWS accounts, we highly recommend that you prepare a CSV file that maps your AWS Account-ids to account aliases. These aliases should be something that makes it easy for you to identify what this AWS account is being used for (for example, dev, prod, billing, and marketplace). These names will appear in the Sumo Logic Explorer View, metrics, and logs and can be queried using the “account field”.

The following is an example of the CSV file format to use:

accountid,alias

234234234324,dev

214324324324,prod

Please upload this file to an Amazon S3 bucket and make it accessible to the account from where you are going to run the CloudFormation template. 

In case you do not provide a CSV file or if we detect that it does not have the right format, the AWS account-id will be used as the alias and this value will be used for the “account” field in Sumo Logic.

Use the AWS CloudFormation template with StackSets

1. Go to Stack Sets in your AWS account.
2. Click Create StackSet.
   
3. Paste the URL https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.7.0/sumologic_observability.master.template.yaml in the Amazon S3 URL option and click Next. If you'd like to download or inspect this or other versions of this template, see the Changelog.
   
4. Provide a StackSet Name and supply the values for each of the prompts listed as per instructions in the Deploy the AWS Observability Solution section with the following exception:
   • Leave the field “Alias for AWS Account Identification” blank.
     
   • Provide the S3 Object URL of a CSV file that maps AWS Account IDs to an Account Alias in Section 2 of the template “AWS Account Alias”.
     
   • Answer No in Section 3 of the template "Install AWS Observability Apps". 
     
   • Click Next.
5. Add Tags, select the Administrator role defined in the prerequisites above, and click Next.
   
6. Provide a single AWS account number only and select a list of regions in the account where you would like to deploy the AWS CloudFormation template as shown in the screenshot below:
   • You will need to select all the regions in the current account where you would like to deploy the template.
     
7. Increasing the Maximum concurrent actions to be more than 1 is not recommended and can cause your stack set deployment to fail. Stack sets should be deployed one at a time, sequentially. Click Next.
   
8. Review the details, select the capabilities and click Submit.
   
9. Once you hit submit, the AWS CloudFormation template will execute in the provided account and regions sequentially.

Add more accounts to the same Stack Set

1. Select Add new stacks to StackSet.
   
2. In ‘Set deployment options’, Enter the account number and regions you want to deploy the stack.
   
3. Verify the S3 mapping file contains the mapping for the new Account ID.
4. Review the details, select the capabilities, and click Submit.