Using CloudFormation For CloudWatch Logs Integration

You can automate the entire setup using our CloudFormation template, which creates all required resources in a single deployment.

Prerequisites:

AWS CLI configured with appropriate permissions
groundcover "3rd Party" ingestion key - learn how to obtain your ingestion key
CloudWatch log groups
Your BYOC site name - to be used for your Firehose URL. You can find your BYOC endpoint in the ingestion keys tab

Parameters:

BYOCEndpoint (required): The endpoint of the BYOC backend
IngestionKey (required): Your groundcover "3rd Party" type ingestion key
LogGroupNames (required): Comma-separated list of log group names (e.g., /aws/lambda/func1,/aws/lambda/func2)
EnvironmentName (recommended): Environment name in groundcover

Deploy using AWS Console:

Option 1: Direct deployment (Recommended)

Launch the CloudFormation stack directly - This will open the AWS Console with the template pre-loaded.
Fill in parameters from previous section.
Click Create stack

Option 2: Manual upload

Go to CloudFormation in AWS Console
Click Create Stack → With new resources (standard)
Choose Specify an Amazon S3 template URL and enter: https://groundcover-public-cloudformation-templates.s3.us-east-1.amazonaws.com/groundcover-firehose-multi.yaml
Fill in parameters from previous section.
Under Capabilities, check I acknowledge that AWS CloudFormation might create IAM resources
Click Create stack

Deploy using AWS CLI:

Download the template and deploy:

aws cloudformation deploy \
    --template-file groundcover-firehose-multi.yaml \
    --stack-name groundcover-firehose-integration \
    --parameter-overrides \
        IngestionKey=YOUR_INGESTION_KEY \
        EnvironmentName=production \
        LogGroupNames="/aws/lambda/service1,/aws/lambda/service2,/aws/ec2/instance1" \
        BYOCEndpoint=[your-byoc-site] \
    --capabilities CAPABILITY_NAMED_IAM \
    --region us-east-1

Or deploy directly using the template URL:

aws cloudformation create-stack \
    --stack-name groundcover-firehose-integration \
    --template-url https://groundcover-public-cloudformation-templates.s3.us-east-1.amazonaws.com/groundcover-firehose-multi.yaml \
    --parameters \
        ParameterKey=IngestionKey,ParameterValue=YOUR_INGESTION_KEY \
        ParameterKey=EnvironmentName,ParameterValue=production \
        ParameterKey=LogGroupNames,ParameterValue="/aws/lambda/service1,/aws/lambda/service2,/aws/ec2/instance1" \
        ParameterKey=BYOCEndpoint,ParamaterValue=[your-byoc-site] \
    --capabilities CAPABILITY_NAMED_IAM \
    --region us-east-1

What gets created:

Kinesis Data Firehose stream configured for groundcover
IAM roles for CloudWatch Logs, Firehose, and Lambda
S3 backup bucket for failed deliveries
Subscription filters for all specified log groups

Adding more log groups:

Update the stack with new log group names:

aws cloudformation update-stack \
    --stack-name groundcover-firehose-integration \
    --use-previous-template \
    --parameter-overrides \
        IngestionKey=YOUR_INGESTION_KEY \
        EnvironmentName=production \
        LogGroupNames="/aws/lambda/service1,/aws/lambda/service2,/aws/ec2/instance1" \
        BYOCEndpoint=[your-byoc-site] \
    --capabilities CAPABILITY_NAMED_IAM \
    --region us-east-1

Last updated 9 days ago

hashtagPrerequisites:

hashtagParameters:

hashtagDeploy using AWS Console:

hashtagDeploy using AWS CLI:

hashtagWhat gets created:

hashtagAdding more log groups: