# Using CloudFormation For CloudWatch Logs Integration You can automate the entire setup using our CloudFormation template, which creates all required resources in a single deployment. #### **Prerequisites:** * AWS CLI configured with appropriate permissions * groundcover "3rd Party" ingestion key - learn [how to obtain](/use-groundcover/remote-access-and-apis/ingestion-keys.md) your ingestion key * CloudWatch log groups * Your BYOC site name - to be used for your Firehose URL. You can find your BYOC endpoint in the [ingestion keys tab](https://app.groundcover.com/settings?selectedTab=ingestion-keys) #### Parameters: * **BYOCEndpoint (required):** The endpoint of the BYOC backend * **IngestionKey** **(required)**: Your groundcover "3rd Party" type ingestion key * **LogGroupNames (required)**: Comma-separated list of log group names (e.g., `/aws/lambda/func1,/aws/lambda/func2`) * **EnvironmentName (recommended)**: Environment name in groundcover #### **Deploy using AWS Console:** **Option 1: Direct deployment (Recommended)** 1. [Launch the CloudFormation stack directly](https://console.aws.amazon.com/cloudformation/home#/stacks/create/review?templateURL=https://groundcover-public-cloudformation-templates.s3.us-east-1.amazonaws.com/groundcover-firehose-multi.yaml\&stackName=groundcover-firehose-integration) - This will open the AWS Console with the template pre-loaded. 2. Fill in parameters from [previous section](#parameters). 3. Click **Create stack** **Option 2: Manual upload** 1. Go to **CloudFormation** in AWS Console 2. Click **Create Stack** → **With new resources (standard)** 3. Choose **Specify an Amazon S3 template URL** and enter: `https://groundcover-public-cloudformation-templates.s3.us-east-1.amazonaws.com/groundcover-firehose-multi.yaml` 4. Fill in parameters from [previous section](#parameters). 5. Under **Capabilities**, check **I acknowledge that AWS CloudFormation might create IAM resources** 6. Click **Create stack** #### **Deploy using AWS CLI:** [Download the template](https://groundcover-public-cloudformation-templates.s3.us-east-1.amazonaws.com/groundcover-firehose-multi.yaml) and deploy: ```bash aws cloudformation deploy \ --template-file groundcover-firehose-multi.yaml \ --stack-name groundcover-firehose-integration \ --parameter-overrides \ IngestionKey=YOUR_INGESTION_KEY \ EnvironmentName=production \ LogGroupNames="/aws/lambda/service1,/aws/lambda/service2,/aws/ec2/instance1" \ BYOCEndpoint=[your-byoc-site] \ --capabilities CAPABILITY_NAMED_IAM \ --region us-east-1 ``` Or deploy directly using the template URL: ```bash aws cloudformation create-stack \ --stack-name groundcover-firehose-integration \ --template-url https://groundcover-public-cloudformation-templates.s3.us-east-1.amazonaws.com/groundcover-firehose-multi.yaml \ --parameters \ ParameterKey=IngestionKey,ParameterValue=YOUR_INGESTION_KEY \ ParameterKey=EnvironmentName,ParameterValue=production \ ParameterKey=LogGroupNames,ParameterValue="/aws/lambda/service1,/aws/lambda/service2,/aws/ec2/instance1" \ ParameterKey=BYOCEndpoint,ParamaterValue=[your-byoc-site] \ --capabilities CAPABILITY_NAMED_IAM \ --region us-east-1 ``` #### **What gets created:** * Kinesis Data Firehose stream configured for groundcover * IAM roles for CloudWatch Logs, Firehose, and Lambda * S3 backup bucket for failed deliveries * Subscription filters for all specified log groups #### **Adding more log groups:** Update the stack with new log group names: ```bash aws cloudformation update-stack \ --stack-name groundcover-firehose-integration \ --use-previous-template \ --parameter-overrides \ IngestionKey=YOUR_INGESTION_KEY \ EnvironmentName=production \ LogGroupNames="/aws/lambda/service1,/aws/lambda/service2,/aws/ec2/instance1" \ BYOCEndpoint=[your-byoc-site] \ --capabilities CAPABILITY_NAMED_IAM \ --region us-east-1 ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.groundcover.com/integrations/data-sources/aws/ingest-cloudwatch-logs/using-cloudformation-for-cloudwatch-logs-integration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.