reference deployment

Sumo Logic Security Integrations on AWS

Collect security events from AWS security services

This Partner Solution deploys Sumo Logic Security Integrations to the Amazon Web Services (AWS) Cloud. It's for people who want to configure Sumo Logic for 12 AWS services that provide security analytics for a single AWS account.

If you want to provide security analytics across multiple AWS accounts, refer to Sumo Logic Security Integrations for AWS Organizations.

Sumo Logic is focused on continuous intelligence, a category of software that addresses data challenges presented by digital transformations, modern applications, and cloud computing. The Sumo Logic Continuous Intelligence Platform automates the collection, ingestion, and analysis of applications, infrastructure, security, and Internet of Things (IoT) data to derive actionable insights.

This Partner Solution uses Sumo Logic Cloud SIEM (security information and incident management) powered by AWS. Sumo Logic Cloud SIEM uses apps to collect security events generated by AWS and other security services to provide an aggregate view of overall security and compliance posture.

Deploying this solution does not guarantee an organization’s compliance with any laws, certifications, policies, or other regulations.

portworx logo

This Partner Solution was developed by Sumo Logic in collaboration with AWS. Sumo Logic is an AWS Partner.

  •  What you'll build
  • This Partner Solution sets up the following serverless architecture in a specific AWS account and Region in the AWS Cloud:

    • Amazon GuardDuty to detect malicious activity and behavior to protect AWS accounts and workloads.
    • Amazon Virtual Private Cloud (Amazon VPC) flow logs to capture information about IP traffic going to and from network interfaces.
    • Amazon CloudWatch to relay the Amazon VPC flow logs to the AWS Lambda functions.
    • AWS Security Hub to assess security alerts and security posture across AWS accounts. Security Hub relays security events to Amazon CloudWatch.
    • AWS WAF to protect your web applications from common web exploits.
    • AWS Config to record and evaluate configurations of your AWS resources.
    • AWS CloudTrail to track user activity and API (application programming interface) usage.
    • AWS Network Firewall to deploy essential network protections for all your Amazon virtual private clouds (VPCs).
    • Amazon Kinesis Data Firehose delivery streams to transfer logs from AWS WAF to the Amazon Simple Storage Service (Amazon S3) bucket.
    • Lambda integration functions to create a collector and multiple sources and to install apps on your Sumo Logic account.
    • An Amazon S3 bucket to capture logs from the various AWS services.
    • Amazon Simple Notification Service (Amazon SNS) to send alerts when a new object is saved to an S3 bucket.
    • The Sumo Logic collector and sources to receive logs from the S3 bucket.
  •  How to deploy
  • To deploy this Partner Solution, follow the instructions in the deployment guide, which includes these steps.

    1. Prepare your Sumo Logic account. If you don’t have a Sumo Logic enterprise account, create one at
    2. Sign in to your AWS account. If you don’t have an AWS account, sign up at
    3. Launch the Partner Solution. The stack takes about 10 minutes to deploy. Before you create the stack, choose the AWS Region from the top toolbar.
    4. Test the deployment.
    5. Complete the postdeployment steps.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Costs and licenses
  • For Sumo Logic pricing information, refer to the Sumo Logic website.

    You are responsible for the cost of the AWS services and any third-party licenses used while running this solution. There is no additional cost for using the solution.

    This solution includes configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, refer to the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy a solution, create AWS Cost and Usage Reports to track associated costs. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, refer to What are AWS Cost and Usage Reports?