AWS Observability Resources

The CloudFormation template (CFN) creates a number of resources at deployment, in AWS, and in Sumo Logic. You will use the template when setting up the solution. See Before You Deploy for prerequisites and instructions to configure.

For more information on the solution and features, see About AWS Observability.

Resources created in AWS

Executing the Terraform script and the AWS CloudFormation template creates or modifies the following resources in the AWS account if you are not already collecting data from those AWS services. If you are, the AWS CloudFormation template will simply integrate with your existing collector sources.

In the table below, the "Applicable AWS Observability Dashboards" column lists the app dashboards that make use of the data source in the "AWS Data Source" column.

AWS Data Source	AWS Resources Created	Applicable AWS Observability Dashboards
AWS CloudTrail Logs	S3 Bucket SNS Topic AWS Trail SNS Subscription AWS Lambda IAM Roles	AWS API Gateway AWS Lambda Amazon DynamoDB Amazon RDS Amazon ECS Amazon ElastiCache Amazon SNS Amazon SQS AWS EC2
Amazon CloudWatch Metrics Source	IAM Roles	AWS API Gateway Amazon DynamoDB AWS Application Load Balancer Amazon RDS Amazon ECS Amazon ElastiCache AWS Network Load Balancer Amazon SNS Amazon SQS Amazon EC2
Amazon Kinesis Firehose Metric Source	Kinesis Firehose CloudWatch Metrics Stream	AWS API Gateway AWS Lambda Amazon DynamoDB AWS Application Load Balancer Amazon RDS Amazon ECS Amazon ElastiCache AWS Network Load Balancer Amazon SNS Amazon SQS AWS EC2
Amazon Application Load Balancer logs	S3 Bucket SNS Topic SNS Subscription AWS Lambda IAM Role	AWS Application Load Balancer
Lambda Log Forwarder (AWS CloudWatch logs)	AWS Lambda IAM Roles	AWS Lambda
Kinesis Firehose Log source (AWS CloudWatch logs)	Kinesis Firehose S3 Bucket*	AWS Lambda
AWS Classic Load Balancer Logs	S3 Bucket SNS Topic SNS Subscription AWS Lambda IAM Role	AWS Classic Load Balancer

For failed logs only.

If you are using an existing bucket to collect AWS ELB logs, the Amazon S3 bucket policy for this bucket will be updated to include the policy below, if in case the policy does not already exist:

{
"Sid": "AwsAlbLogs",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam:::root"
},
"Action": [
"s3:PutObject"
],
"Resource": "arn:aws:s3:::{bucket_name}/*"
}

Resources created in Sumo Logic

Metadata Tags

The metadata tags are applied to Sumo Logic Sources.

Source	Metadata tags applied	Common fields created via FERs
CloudWatch Metrics	Account	Not Applicable
Host Metrics	Account, Namespace	Not Applicable
CloudTrail Logs	Account	Account ID, Region, Namespace
CloudWatch Logs	Account, Account ID, Region	Namespace
Load Balancer Access Logs	Account, Account ID, Region	Namespace

Terraform

Terraform execution creates the following resources in Sumo Logic.

Resource	Name
CloudTrail Logs Source	CloudTrail Logs <AWS Region>
Application Load Balancer - Access Logs Source	Elb Logs <AWS Region>
Metrics - AWS CloudWatch Metric Source	CloudWatch Metrics <AWS Region> <AWS Service name>
Metrics - Kinesis Firehose for Metrics Source	CloudWatch Metrics <AWS Region>
CloudWatch Logs - Lambda Log forwarder Source	CloudWatch Logs <AWS Region>
CloudWatch Logs - Kinesis Firehose for Logs Source	CloudWatch Logs <AWS Region>
Inventory Source	AWS Inventory <AWS Region>
Xray Source	AWS Xray <AWS Region>

AWS CloudFormation

The AWS CloudFormation template execution creates the following resources in Sumo Logic.

Resource	Name
App folder	AWS Observability-<Version> <Date of installation>
Alerts	AWS Observability <Version> <Date and Time of Installation>
Hosted Collector	aws-observability-<AccountAlias>-<AccountID>
Field Extraction Rule	AwsObservabilityAlbAccessLogsFER AwsObservabilityApiGatewayCloudTrailLogsFER AwsObservabilityDynamoDBCloudTrailLogsFER AwsObservabilityEC2CloudTrailLogsFER AwsObservabilityECSCloudTrailLogsFER AwsObservabilityElastiCacheCloudTrailLogsFER AwsObservabilityElbAccessLogsFER AwsObservabilityFieldExtractionRule AwsObservabilityGenericCloudWatchLogsFER AwsObservabilityLambdaCloudWatchLogsFER AwsObservabilityRdsCloudTrailLogsFER AwsObservabilitySNSCloudTrailLogsFER AwsObservabilitySQSCloudTrailLogsFER
Explorer View	AWS Observability
Metric Rules	AwsObservabilityRDSClusterMetricsEntityRule AwsObservabilityRDSInstanceMetricsEntityRule AwsObservabilityNLBMetricsEntityRule
CloudTrail source	cloudtrail-logs-<AWS::Region>
CloudWatch logs (HTTP) source	cloudwatch-logs-<AWS::Region>
Kinesis Firehose for Metrics	cloudwatch-metrics-<AWS::Region>
CloudWatch Metrics source	cloudwatch-metrics-<AWS::Region>-ApplicationELB cloudwatch-metrics-<AWS::Region>-ApiGateway cloudwatch-metrics-<AWS::Region>-DynamoDB cloudwatch-metrics-<AWS::Region>-Lambda cloudwatch-metrics-<AWS::Region>-EC2 cloudwatch-metrics-<AWS::Region>-ELB cloudwatch-metrics-<AWS::Region>-RDS cloudwatch-metrics-<AWS::Region>-ECS cloudwatch-metrics-<AWS::Region>-NetworkELB cloudwatch-metrics-<AWS::Region>-ElastiCache cloudwatch-metrics-<AWS::Region>-SQS cloudwatch-metrics-<AWS::Region>-SNS
Amazon S3 Alb log source	alb-logs-<AWS::Region>
Amazon S3 Classic Load Balancer log source	classic-lb-logs-<AWS::Region>
Kinesis Firehose for Logs	kinesis-firehose-cloudwatch-logs-<AWS::Region>
Inventory Source	inventory-<AWS::Region>
XRay Source	xray-<AWS::Region>
S3 Bucket Name	aws-observability-logs-<StackID>
Fields	account accountid apiname cacheclusterid clustername dbclusteridentifier dbidentifier dbinstanceidentifier functionname instanceid loadbalancer loadbalancername namespace networkloadbalancer region tablename topicname queuename

To improve the solution performance the configurations below are done by CloudFormation template.

Sumo Logic hosted collector is created for each AWS Account.

Resources created in AWS​

Resources created in Sumo Logic​

Metadata Tags​

Terraform​

AWS CloudFormation​

Resources created in AWS

Resources created in Sumo Logic

Metadata Tags

Terraform

AWS CloudFormation