# Using CloudFormation For CloudWatch Logs Integration You can automate the entire setup using our CloudFormation template, which creates all required resources in a single deployment. #### **Prerequisites:** * AWS CLI configured with appropriate permissions * groundcover "3rd Party" ingestion key - learn [how to obtain](https://docs.groundcover.com/use-groundcover/remote-access-and-apis/ingestion-keys) your ingestion key * CloudWatch log groups * Your BYOC site name - to be used for your Firehose URL. You can find your BYOC endpoint in the [ingestion keys tab](https://app.groundcover.com/settings?selectedTab=ingestion-keys) #### Parameters: * **BYOCEndpoint (required):** The endpoint of the BYOC backend * **IngestionKey** **(required)**: Your groundcover "3rd Party" type ingestion key * **LogGroupNames (required)**: Comma-separated list of log group names (e.g., `/aws/lambda/func1,/aws/lambda/func2`) * **EnvironmentName (recommended)**: Environment name in groundcover #### **Deploy using AWS Console:** **Option 1: Direct deployment (Recommended)** 1. [Launch the CloudFormation stack directly](https://console.aws.amazon.com/cloudformation/home#/stacks/create/review?templateURL=https://groundcover-public-cloudformation-templates.s3.us-east-1.amazonaws.com/groundcover-firehose-multi.yaml\&stackName=groundcover-firehose-integration) - This will open the AWS Console with the template pre-loaded. 2. Fill in parameters from [previous section](#parameters). 3. Click **Create stack** **Option 2: Manual upload** 1. Go to **CloudFormation** in AWS Console 2. Click **Create Stack** → **With new resources (standard)** 3. Choose **Specify an Amazon S3 template URL** and enter: `https://groundcover-public-cloudformation-templates.s3.us-east-1.amazonaws.com/groundcover-firehose-multi.yaml` 4. Fill in parameters from [previous section](#parameters). 5. Under **Capabilities**, check **I acknowledge that AWS CloudFormation might create IAM resources** 6. Click **Create stack** #### **Deploy using AWS CLI:** [Download the template](https://groundcover-public-cloudformation-templates.s3.us-east-1.amazonaws.com/groundcover-firehose-multi.yaml) and deploy: ```bash aws cloudformation deploy \ --template-file groundcover-firehose-multi.yaml \ --stack-name groundcover-firehose-integration \ --parameter-overrides \ IngestionKey=YOUR_INGESTION_KEY \ EnvironmentName=production \ LogGroupNames="/aws/lambda/service1,/aws/lambda/service2,/aws/ec2/instance1" \ BYOCEndpoint=[your-byoc-site] \ --capabilities CAPABILITY_NAMED_IAM \ --region us-east-1 ``` Or deploy directly using the template URL: ```bash aws cloudformation create-stack \ --stack-name groundcover-firehose-integration \ --template-url https://groundcover-public-cloudformation-templates.s3.us-east-1.amazonaws.com/groundcover-firehose-multi.yaml \ --parameters \ ParameterKey=IngestionKey,ParameterValue=YOUR_INGESTION_KEY \ ParameterKey=EnvironmentName,ParameterValue=production \ ParameterKey=LogGroupNames,ParameterValue="/aws/lambda/service1,/aws/lambda/service2,/aws/ec2/instance1" \ ParameterKey=BYOCEndpoint,ParamaterValue=[your-byoc-site] \ --capabilities CAPABILITY_NAMED_IAM \ --region us-east-1 ``` #### **What gets created:** * Kinesis Data Firehose stream configured for groundcover * IAM roles for CloudWatch Logs, Firehose, and Lambda * S3 backup bucket for failed deliveries * Subscription filters for all specified log groups #### **Adding more log groups:** Update the stack with new log group names: ```bash aws cloudformation update-stack \ --stack-name groundcover-firehose-integration \ --use-previous-template \ --parameter-overrides \ IngestionKey=YOUR_INGESTION_KEY \ EnvironmentName=production \ LogGroupNames="/aws/lambda/service1,/aws/lambda/service2,/aws/ec2/instance1" \ BYOCEndpoint=[your-byoc-site] \ --capabilities CAPABILITY_NAMED_IAM \ --region us-east-1 ```