{ "AWSTemplateFormatVersion" : "2010-09-09", "Description" : "A sample SumoLogic/Kinesis stack that hooks up with real-time data from CloudWatch Logs using a Subscription Filter. **NOTE** This template creates one or more Amazon EC2 instances, an Amazon Kinesis stream. You will be billed for the AWS resources used if you create a stack from this template. This template requires setting the \"Create IAM resources\" parameter to True.", "Parameters" : { "KeyName": { "Description" : "The name of an existing key pair to enable SSH access to the EC2 instances", "Type": "AWS::EC2::KeyPair::KeyName" }, "InstanceType" : { "Description" : "EC2 instance type for the SumoLogic nodes", "Type" : "String", "Default" : "t2.small", "AllowedValues" : [ "t2.micro", "t2.small", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge", "d2.xlarge", "d2.2xlarge", "d2.4xlarge", "d2.8xlarge", "hi1.4xlarge", "hs1.8xlarge", "cr1.8xlarge", "cc2.8xlarge" ], "ConstraintDescription" : "Must be a valid EC2 instance type" }, "SumoLogicHttpCollectorURL" : { "Description" : "The URL of a SumoLogic Http Collector source", "Type": "String" }, "AllowedIpSource" : { "Description" : "The IP address range that can be used to access the EC2 instances via SSH", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "0.0.0.0/0", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "Must be a valid IP CIDR range of the form x.x.x.x/x" }, "LogGroupName": { "Description": "The CloudWatch log group containing the VPC flow logs", "Type": "String", "Default": "" }, "MonitorStack" : { "Description": "Push logs from KCL and CloudFormation to CloudWatch Logs", "Type": "String", "Default" : "false", "AllowedValues" : ["true", "false"] }, "KinesisConnectorAppName" : { "Description": "This is the application name in Kinesis Connector's context. No two live/active stacks should be using the same application name.", "Type": "String", "Default" : "SumoLogic-VPC-FlowLog-Connector" }, "KinesisShards": { "Description": "Number of shards to create for the Kinesis subscription stream", "Type": "Number", "Default" : "1", "MinValue" : "1" } }, "Mappings" : { "Constants" : { "DownloadPath" : { "Value": "sumologic-kinesis-connector" }, "DownloadMainPropertyFile" : { "Value": "SumologicConnector.properties" }, "DownloadLog4JPropertyFile" : { "Value": "log4j.properties" }, "DownloadWrapperScript" : { "Value": "SumoVPCKinesis.bash" }, "DownloadJarFile" : { "Value": "kinesis-sumologic-connector-0.1.jar" } }, "AWSInstanceType2Arch" : { "t2.micro" : { "Arch" : "HVM64" }, "t2.small" : { "Arch" : "HVM64" }, "t2.medium" : { "Arch" : "HVM64" }, "m3.medium" : { "Arch" : "HVM64" }, "m3.large" : { "Arch" : "HVM64" }, "m3.xlarge" : { "Arch" : "HVM64" }, "m3.2xlarge" : { "Arch" : "HVM64" }, "c3.large" : { "Arch" : "HVM64" }, "c3.xlarge" : { "Arch" : "HVM64" }, "c3.2xlarge" : { "Arch" : "HVM64" }, "c3.4xlarge" : { "Arch" : "HVM64" }, "c3.8xlarge" : { "Arch" : "HVM64" }, "c4.large" : { "Arch" : "HVM64" }, "c4.xlarge" : { "Arch" : "HVM64" }, "c4.2xlarge" : { "Arch" : "HVM64" }, "c4.4xlarge" : { "Arch" : "HVM64" }, "c4.8xlarge" : { "Arch" : "HVM64" }, "r3.large" : { "Arch" : "HVM64" }, "r3.xlarge" : { "Arch" : "HVM64" }, "r3.2xlarge" : { "Arch" : "HVM64" }, "r3.4xlarge" : { "Arch" : "HVM64" }, "r3.8xlarge" : { "Arch" : "HVM64" }, "i2.xlarge" : { "Arch" : "HVM64" }, "i2.2xlarge" : { "Arch" : "HVM64" }, "i2.4xlarge" : { "Arch" : "HVM64" }, "i2.8xlarge" : { "Arch" : "HVM64" }, "d2.xlarge" : { "Arch" : "HVM64" }, "d2.2xlarge" : { "Arch" : "HVM64" }, "d2.4xlarge" : { "Arch" : "HVM64" }, "d2.8xlarge" : { "Arch" : "HVM64" }, "hi1.4xlarge" : { "Arch" : "HVM64" }, "hs1.8xlarge" : { "Arch" : "HVM64" }, "cr1.8xlarge" : { "Arch" : "HVM64" }, "cc2.8xlarge" : { "Arch" : "HVM64" } }, "AWSRegionArch2AMI" : { "us-east-1" : {"PV64" : "ami-1ccae774", "HVM64" : "ami-1ecae776", "HVMG2" : "ami-8c6b40e4"}, "us-west-2" : {"PV64" : "ami-ff527ecf", "HVM64" : "ami-e7527ed7", "HVMG2" : "ami-abbe919b"}, "us-west-1" : {"PV64" : "ami-d514f291", "HVM64" : "ami-d114f295", "HVMG2" : "ami-f31ffeb7"}, "eu-west-1" : {"PV64" : "ami-bf0897c8", "HVM64" : "ami-a10897d6", "HVMG2" : "ami-d5bc24a2"}, "eu-central-1" : {"PV64" : "ami-ac221fb1", "HVM64" : "ami-a8221fb5", "HVMG2" : "ami-7cd2ef61"}, "ap-northeast-1" : {"PV64" : "ami-27f90e27", "HVM64" : "ami-cbf90ecb", "HVMG2" : "ami-6318e863"}, "ap-southeast-1" : {"PV64" : "ami-acd9e8fe", "HVM64" : "ami-68d8e93a", "HVMG2" : "ami-3807376a"}, "ap-southeast-2" : {"PV64" : "ami-ff9cecc5", "HVM64" : "ami-fd9cecc7", "HVMG2" : "ami-89790ab3"}, "sa-east-1" : {"PV64" : "ami-bb2890a6", "HVM64" : "ami-b52890a8", "HVMG2" : "NOT_SUPPORTED"}, "cn-north-1" : {"PV64" : "ami-fa39abc3", "HVM64" : "ami-f239abcb", "HVMG2" : "NOT_SUPPORTED"} } }, "Conditions" : { "CreateCWLForStack" : {"Fn::Equals" : [{"Ref" : "MonitorStack"}, "true"]}, "NoKeySpecified" : {"Fn::Equals" : [{"Ref" : "KeyName"}, ""]} }, "Resources" : { "KinesisSubscriptionStream": { "Type": "AWS::Kinesis::Stream", "Properties" : { "ShardCount": { "Ref": "KinesisShards" } } }, "SumoLogicVPC" : { "Type" : "AWS::EC2::VPC", "Properties" : { "CidrBlock" : "10.0.0.0/16", "Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} }, { "Key": "Name", "Value" : "SumoLogic_VPC" } ] } }, "Subnet" : { "Type" : "AWS::EC2::Subnet", "Properties" : { "VpcId" : { "Ref" : "SumoLogicVPC" }, "CidrBlock" : "10.0.0.0/24", "Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} } ] } }, "InternetGateway" : { "Type" : "AWS::EC2::InternetGateway", "Properties" : { "Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} } ] } }, "AttachGateway" : { "Type" : "AWS::EC2::VPCGatewayAttachment", "Properties" : { "VpcId" : { "Ref" : "SumoLogicVPC" }, "InternetGatewayId" : { "Ref" : "InternetGateway" } } }, "RouteTable" : { "Type" : "AWS::EC2::RouteTable", "Properties" : { "VpcId" : {"Ref" : "SumoLogicVPC"}, "Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} } ] } }, "Route" : { "Type" : "AWS::EC2::Route", "DependsOn" : "AttachGateway", "Properties" : { "RouteTableId" : { "Ref" : "RouteTable" }, "DestinationCidrBlock" : "0.0.0.0/0", "GatewayId" : { "Ref" : "InternetGateway" } } }, "SubnetRouteTableAssociation" : { "Type" : "AWS::EC2::SubnetRouteTableAssociation", "Properties" : { "SubnetId" : { "Ref" : "Subnet" }, "RouteTableId" : { "Ref" : "RouteTable" } } }, "NetworkAcl" : { "Type" : "AWS::EC2::NetworkAcl", "Properties" : { "VpcId" : {"Ref" : "SumoLogicVPC"}, "Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} } ] } }, "InboundSSHNetworkAclEntry" : { "Type" : "AWS::EC2::NetworkAclEntry", "Properties" : { "NetworkAclId" : {"Ref" : "NetworkAcl"}, "RuleNumber" : "101", "Protocol" : "6", "RuleAction" : "allow", "Egress" : "false", "CidrBlock" : "0.0.0.0/0", "PortRange" : {"From" : "22", "To" : "22"} } }, "InboundResponsePortsNetworkAclEntry" : { "Type" : "AWS::EC2::NetworkAclEntry", "Properties" : { "NetworkAclId" : {"Ref" : "NetworkAcl"}, "RuleNumber" : "102", "Protocol" : "6", "RuleAction" : "allow", "Egress" : "false", "CidrBlock" : "0.0.0.0/0", "PortRange" : {"From" : "1024", "To" : "65535"} } }, "OutBoundNetworkAclEntry" : { "Type" : "AWS::EC2::NetworkAclEntry", "Properties" : { "NetworkAclId" : {"Ref" : "NetworkAcl"}, "RuleNumber" : "100", "Protocol" : "-1", "RuleAction" : "allow", "Egress" : "true", "CidrBlock" : "0.0.0.0/0" } }, "OutBoundResponsePortsNetworkAclEntry" : { "Type" : "AWS::EC2::NetworkAclEntry", "Properties" : { "NetworkAclId" : {"Ref" : "NetworkAcl"}, "RuleNumber" : "102", "Protocol" : "6", "RuleAction" : "allow", "Egress" : "true", "CidrBlock" : "0.0.0.0/0", "PortRange" : {"From" : "1024", "To" : "65535"} } }, "SubnetNetworkAclAssociation" : { "Type" : "AWS::EC2::SubnetNetworkAclAssociation", "Properties" : { "SubnetId" : { "Ref" : "Subnet" }, "NetworkAclId" : { "Ref" : "NetworkAcl" } } }, "IPAddress" : { "Type" : "AWS::EC2::EIP", "DependsOn" : "AttachGateway", "Properties" : { "Domain" : "vpc", "InstanceId" : { "Ref" : "SumoLogicCWLKinesisNode" } } }, "SumoLogicInstanceSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "VpcId" : { "Ref" : "SumoLogicVPC" }, "GroupDescription" : "Enable SSH access via port 22", "SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "AllowedIpSource"} } ] } }, "SumoLogicCWLKinesisNode":{ "Type" : "AWS::EC2::Instance", "Metadata" : { "Comment" : "Install SumoLogic Kinesiss application", "AWS::CloudFormation::Init" : { "configSets" : { "Install" : [ "config" ] }, "config" : { "packages": { "yum": { "awslogs": [] } }, "commands" : { "00_CopyCredFile": { "command": { "Fn::Join": [ "", ["mkdir /root/.aws ; ", "cp /home/ec2-user/.aws/credentials /root/.aws/" ] ] } , "cwd":"/root", "ignoreErrors":"true" }, "03_describeSubscriptionFilter": { "command": { "Fn::Join" : ["", [ "/usr/bin/aws logs describe-subscription-filters ", "--log-group-name \"", { "Ref": "LogGroupName" }, "\" ", "--region \"", { "Ref" : "AWS::Region" }, "\" ", "--filter-name-prefix \"cwl-cfn-es-\" " ]]} }, "04_deleteSubscriptionFilter": { "command": { "Fn::Join" : ["", [ "/usr/bin/aws logs delete-subscription-filter ", "--log-group-name \"", { "Ref": "LogGroupName" }, "\" ", "--region \"", { "Ref" : "AWS::Region" }, "\" ", "--filter-name $(aws logs describe-subscription-filters ", "--log-group-name ", { "Ref": "LogGroupName" }, " ", "--region ", { "Ref": "AWS::Region" }, " ", "--filter-name-prefix \"cwl-cfn-es-\" ", "| grep filterName | awk -F \\\" '{ print $4 };' )" ]]}, "ignoreErrors":"true" }, "05_putSubscriptionFilter": { "command": { "Fn::Join": ["", [ "/usr/bin/aws logs put-subscription-filter ", "--log-group-name \"", { "Ref": "LogGroupName" }, "\" ", "--filter-name \"cwl-cfn-es-", { "Ref": "KinesisSubscriptionStream" }, "\" ", "--filter-pattern \"\" ", "--region \"", { "Ref" : "AWS::Region" }, "\" ", "--destination-arn \"", "arn:aws:kinesis:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":stream/", { "Ref": "KinesisSubscriptionStream"} ,"\" ", "--role-arn \"", "arn:aws:iam::", { "Ref": "AWS::AccountId" }, ":role/", { "Ref": "SumoLogicCWL2KinesisRole" },"\"" ]]} }, "06_CWLStateDir" : { "command" : "mkdir -p /var/awslogs/state" } }, "files" : { "/etc/logrotate.d/cloudwatch-logs-subscription-consumer": { "content": { "Fn::Join" : ["", [ "/home/ec2-user/nohup.out\n", "{\n", " daily\n", " rotate 5\n", " copytruncate\n", " dateext\n", " compress\n", "}\n" ]]} }, "/home/ec2-user/.aws/credentials" : { "content" : { "Fn::Join" : ["", [ "[default]\n", "# http://aws.amazon.com/security-credentials\n", "aws_access_key_id = ",{"Ref": "SumoLogicCWLKinesisUserAccessKey"}, "\n", "aws_secret_access_key = ",{"Fn::GetAtt": [ "SumoLogicCWLKinesisUserAccessKey", "SecretAccessKey" ]}, "\n"]] }, "mode" : "000600", "owner" : "ec2-user", "group" : "ec2-user" }, "/home/ec2-user/SumologicConnector.properties" : { "content" : { "Fn::Join" : ["", [ "# Fill in your AWS Access Key ID and Secret Access Key\n", "# http://aws.amazon.com/security-credentials\n", "accessKey = ",{"Ref": "SumoLogicCWLKinesisUserAccessKey"}, "\n", "secretKey = ",{"Fn::GetAtt": [ "SumoLogicCWLKinesisUserAccessKey", "SecretAccessKey" ]}, "\n", "\n", "# KinesisConnector Application Settings\n", "# Since Kinesis Creates a DynamoDB table for each APP,\n", "# each appName must be unique for different kinesisInputStreams and connectorDestinations\n", "appName = ",{"Fn::Join": ["", [{"Ref": "KinesisConnectorAppName"}]]},"\n", "\n", "# By specifying the region name, the connector will connect from the Amazon Kinesis stream in this region\n", "# unless the endpoint for Amazon Kinesis is explicitly specified. The Amazon DynamoDB lease table and Amazon CloudWatch\n", "# metrics for connector will be created in this region. All resources in outgoing destination will not be affected by this region name.\n", "regionName = ",{"Ref": "AWS::Region"},"\n", "retryLimit = 3\n", "backoffInterval = 50000\n", "bufferRecordCountLimit = 100\n", "bufferMillisecondsLimit = 10000\n", "# Amazon Kinesis parameters for KinesisConnector\n\n", "# Uncomment the following property if you would like to explicitly configure the Amazon Kinesis endpoint.\n", "# This property will configure the connector's Amazon Kinesis client to read from this specific endpoint,\n", "# overwriting the regionName property for ONLY the Amazon Kinesis client. The lease table and Amazon CloudWatch\n", "# metrics will still use the regionName property.\n", "# kinesisEndpoint = https://kinesis.us-west-2.amazonaws.com\n\n", "# Kinesis Stream where data will be grabbed from\n", "kinesisInputStream = ",{"Ref": "KinesisSubscriptionStream"},"\n\n", "# Optional Amazon Kinesis parameters for automatically creating the stream\n", "createKinesisInputStream = false\n", "createKinesisOutputStream = false\n", "kinesisInputStreamShardCount = 2\n", "kinesisOutputStreamShardCount = 2\n\n", "# Transformer class that will be used to handle records\n", "transformerClass = CloudWatchMessageModelSumologicTransformer\n\n", "# Specifies the input file from which the StreamSource will read records\n", "createStreamSource = false\n", "inputStreamFile = users.txt\n\n", "# Connector name to be appendend to the UserAgent\n", "connectorDestination = sumologic\n\n", "# Sumologic HTTP Collector URL\n", "sumologicUrl = ",{"Ref": "SumoLogicHttpCollectorURL"},"\n" ]]}, "mode" : "000600", "owner" : "ec2-user", "group" : "ec2-user" }, "/etc/cfn/cfn-hup.conf" : { "content" : { "Fn::Join" : ["", [ "[main]\n", "stack=", { "Ref" : "AWS::StackId" }, "\n", "region=", { "Ref" : "AWS::Region" }, "\n" ]]}, "mode" : "000400", "owner" : "root", "group" : "root" }, "/etc/awslogs/awscli.conf": { "content": { "Fn::Join" : ["", [ "[plugins]\n", "cwlogs = cwlogs\n", "[default]\n", "region = ", { "Ref": "AWS::Region"} ,"\n" ]]} }, "/etc/awslogs/awslogs.conf": { "Fn::If": [ "CreateCWLForStack", { "content": { "Fn::Join": [ "", [ "[general]\n", "state_file= /var/awslogs/state/agent-state\n", "[/var/log/cfn-init.log]\n", "file = /var/log/cfn-init.log\n", "log_group_name = ", { "Ref": "CloudFormationLogs" }, "\n", "log_stream_name = {instance_id}\n", "[/var/log/cloud-init-output.log]\n", "file = /var/log/cloud-init-output.log\n", "log_group_name = ", { "Ref": "CWEC2Logs" }, "\n", "log_stream_name = {instance_id}\n", "[/var/log/cloud-init.log]\n", "file = /var/log/cloud-init.log\n", "log_group_name = ", { "Ref": "CWEC2Logs" }, "\n", "log_stream_name = {instance_id}\n", "[cloudwatch-logs-subscription-consumer]\n", "file = /home/ec2-user/nohup.out\n", "log_group_name = ", { "Ref": "KCLLogs" }, "\n", "log_stream_name = {instance_id}\n" ]]}, "mode": "000444", "owner": "root", "group": "root" }, { "content": "# Find original defaults in .bak file" } ] }, "/etc/cfn/hooks.d/cfn-auto-reloader.conf" : { "content": { "Fn::Join" : ["", [ "[cfn-auto-reloader-hook]\n", "triggers=post.update\n", "path=Resources.SumoLogicCWLKinesisNode.Metadata.AWS::CloudFormation::Init\n", "action=/opt/aws/bin/cfn-init -s ", { "Ref" : "AWS::StackId" }, " -r SumoLogicCWLKinesisNode", " --region ", { "Ref" : "AWS::Region" }, "\n", "runas=root\n" ]]} } }, "services": { "sysvinit": { "awslogs": { "Fn::If": [ "CreateCWLForStack", { "enabled" : "true", "ensureRunning" : "true", "files" : [ "/etc/awslogs/awslogs.conf" ] }, "AWS::NoValue" ] } } } } } }, "Properties" : { "DisableApiTermination" : "false", "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region"}, { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" :"InstanceType" } , "Arch" ]}]}, "InstanceInitiatedShutdownBehavior" : "stop", "SecurityGroupIds" : [ { "Ref" : "SumoLogicInstanceSecurityGroup" } ], "SubnetId" : { "Ref" : "Subnet" }, "InstanceType" : { "Ref" : "InstanceType" }, "KeyName" : { "Ref" : "KeyName"}, "IamInstanceProfile" : { "Ref" : "SumoLogicInstanceProfile" }, "Monitoring" : "false", "Tags" : [ {"Key": "Deployment", "Value" : "Kinesis"}, {"Key":"Name","Value":"SumoLogic_Kinesis"} ], "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash -xe\n", "# Install the files and packages from the metadata\n ", "yum update -y aws-cfn-bootstrap\n", "yum update -y aws-cli\n", "# Download files \n", "cd /home/ec2-user","\n", "wget https://s3.amazonaws.com/", { "Fn::FindInMap" : [ "Constants", "DownloadPath", "Value" ]}, "/", { "Fn::FindInMap" : [ "Constants", "DownloadJarFile", "Value" ]}, "\n", "chown ec2-user ",{ "Fn::FindInMap" : [ "Constants", "DownloadJarFile", "Value" ]}, "\n", "chgrp ec2-user ",{ "Fn::FindInMap" : [ "Constants", "DownloadJarFile", "Value" ]}, "\n", "wget https://s3.amazonaws.com/", { "Fn::FindInMap" : [ "Constants", "DownloadPath", "Value" ]}, "/", { "Fn::FindInMap" : [ "Constants", "DownloadWrapperScript", "Value" ]}, "\n", "chown ec2-user ",{ "Fn::FindInMap" : [ "Constants", "DownloadWrapperScript", "Value" ]}, "\n", "chgrp ec2-user ",{ "Fn::FindInMap" : [ "Constants", "DownloadWrapperScript", "Value" ]}, "\n", "chmod 755 ",{ "Fn::FindInMap" : [ "Constants", "DownloadWrapperScript", "Value" ]}, "\n", "wget https://s3.amazonaws.com/", { "Fn::FindInMap" : [ "Constants", "DownloadPath", "Value" ]}, "/", { "Fn::FindInMap" : [ "Constants", "DownloadLog4JPropertyFile", "Value" ]}, "\n", "chown ec2-user ",{ "Fn::FindInMap" : [ "Constants", "DownloadLog4JPropertyFile", "Value" ]}, "\n", "chgrp ec2-user ",{ "Fn::FindInMap" : [ "Constants", "DownloadLog4JPropertyFile", "Value" ]}, "\n", "# Config\n", "/opt/aws/bin/cfn-init -v ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource SumoLogicCWLKinesisNode", " --configsets Install ", " --region ", { "Ref" : "AWS::Region" }, "\n", "/opt/aws/bin/cfn-signal -e $? ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource SumoLogicCWLKinesisNode", " --region ", { "Ref" : "AWS::Region" }, "\n" ]]}} } }, "SumoLogicCWLKinesisUser" : { "Type": "AWS::IAM::User", "Properties": { "Path": "/" } }, "SumoLogicCWLKinesisUserAccessKey" : { "Type" : "AWS::IAM::AccessKey", "Properties" : { "UserName" : { "Ref" : "SumoLogicCWLKinesisUser" }, "Status" : "Active" } }, "SumoLogicCWL2KinesisRole" : { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument" : { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": { "Fn::Join": ["", ["logs.", { "Ref": "AWS::Region" } ,".amazonaws.com" ]]} }, "Action": "sts:AssumeRole" }] } } }, "SumoLogicCWLKinesisPolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "SumoLogicCWLKinesisPolicy", "Roles": [ { "Ref": "SumoLogicCWL2KinesisRole" } ], "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "kinesis:PutRecord", "Resource": { "Fn::Join" : ["", ["arn:aws:kinesis:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":stream/", { "Ref": "KinesisSubscriptionStream"} ]] } }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": { "Fn::Join" : ["", ["arn:aws:iam::", { "Ref": "AWS::AccountId" }, ":role/", { "Ref": "SumoLogicCWL2KinesisRole" } ]] } } ] } } }, "SumoLogicNodeRole" : { "Type" : "AWS::IAM::Role", "Properties" : { "AssumeRolePolicyDocument" : { "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Principal" : { "Service" : [ "ec2.amazonaws.com" ] }, "Action" : [ "sts:AssumeRole" ] } ] }, "Path" : "/" } }, "SumoLogicCWLKinesisNodePolicies" : { "Type" : "AWS::IAM::Policy", "Properties" : { "PolicyName" : "sumologic-cwl-kinesis-node-policy", "PolicyDocument": { "Version" : "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": { "Fn::Join" : ["", ["arn:aws:iam::", { "Ref": "AWS::AccountId" }, ":role/", { "Ref": "SumoLogicCWL2KinesisRole" } ]] } } ] }, "Roles": [ { "Ref": "SumoLogicNodeRole" } ] } }, "SumoLogicCWLKinesisUserPolicies" : { "Type" : "AWS::IAM::Policy", "Properties" : { "PolicyName" : "sumologic-cwl-kinesis-user-policy", "PolicyDocument": { "Version" : "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "dynamodb:*", "Resource": { "Fn::Join": ["", ["arn:aws:dynamodb:",{ "Ref": "AWS::Region" },":", {"Ref": "AWS::AccountId"},":table/", { "Ref": "KinesisConnectorAppName" } ]]} }, { "Effect": "Allow", "Action": [ "kinesis:Get*", "kinesis:List*", "kinesis:Describe*" ], "Resource": { "Fn::Join": ["", ["arn:aws:kinesis:", { "Ref": "AWS::Region" }, ":",{"Ref": "AWS::AccountId"},":stream/", { "Ref": "KinesisSubscriptionStream" }]]} }, { "Effect": "Allow", "Action": [ "logs:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": { "Fn::Join" : ["", ["arn:aws:iam::", { "Ref": "AWS::AccountId" }, ":role/", { "Ref": "SumoLogicCWL2KinesisRole" } ]] } } ] }, "Users": [ { "Ref": "SumoLogicCWLKinesisUser" } ] } }, "SumoLogicInstanceProfile" : { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "SumoLogicNodeRole" } ] } }, "CWEC2Logs": { "Type": "AWS::Logs::LogGroup", "Condition": "CreateCWLForStack" }, "CloudFormationLogs": { "Type": "AWS::Logs::LogGroup", "Condition": "CreateCWLForStack" }, "KCLLogs": { "Type": "AWS::Logs::LogGroup", "Condition": "CreateCWLForStack" } }, "Outputs" : { "InstanceId" : { "Description" : "InstanceId of the newly created SumoLogic EC2 VPC instance", "Value" : { "Ref" : "SumoLogicCWLKinesisNode" } }, "AZ" : { "Description" : "Availability Zone of the newly created SumoLogic EC2 instance", "Value" : { "Fn::GetAtt" : [ "SumoLogicCWLKinesisNode", "AvailabilityZone" ] } }, "PublicDNS" : { "Description" : "Public DNSName of the newly created EC2 SumoLogic instance", "Value" : { "Fn::GetAtt" : [ "SumoLogicCWLKinesisNode", "PublicDnsName" ] } }, "PublicIP" : { "Description" : "Public IP address of the newly created EC2 SumoLogic instance", "Value" : { "Fn::GetAtt" : [ "SumoLogicCWLKinesisNode", "PublicIp" ] } }, "CWLtoKinesisRoleArn" : { "Description" : "Arn of CloudWatchLogs to Kinesis Role, if need to use manually ", "Value" : {"Fn::Join" : ["", [ "arn:aws:iam::", { "Ref": "AWS::AccountId" }, ":role/",{ "Ref" : "SumoLogicCWL2KinesisRole" } ]]} }, "KinesisStream" : { "Description" : "Kinesis Stream for VPC flow logs ", "Value" : {"Fn::Join" : ["", [ "arn:aws:kinesis:", {"Ref":"AWS::Region"},":",{ "Ref": "AWS::AccountId" }, ":stream/",{ "Ref" : "KinesisSubscriptionStream" } ]]} }, "SumoLogicCWLKinesisUserAccessKeyValue" : { "Value" : { "Ref" : "SumoLogicCWLKinesisUserAccessKey"} }, "SumoLogicCWLKinesisUserSecretKeyValue" : { "Value" : { "Fn::GetAtt" : [ "SumoLogicCWLKinesisUserAccessKey", "SecretAccessKey" ] } } } }