This Partner Solution deploys Cribl Stream for AWS CloudTrail on the AWS Cloud. If you are unfamiliar with AWS Quick Starts, refer to the AWS Quick Start General Information Guide.

This Quick Start requires a subscription to Cribl Stream Single Instance (Free) x86_64 on the AWS Marketplace.

There are no additional licenses required to use this Quick Start.

There is no cost to use this Quick Start, however you will be billed for the resources deployed. For more information refer to AWS Quick Start General Information Guide.

Deploying this Quick Start for a new virtual private cloud (VPC) with default parameters builds the following Stream environment in the AWS Cloud.

As shown in Figure 1, the Quick Start sets up the following:

* By default, to give users a better experience when getting started with Cribl Stream, this Partner Solution deploys in a public subnet. If you’re deploying this Partner Solution to a production environment, consider using a private subnet.

This Quick Start provides two deployment options:

The Quick Start provides separate templates for these options. It also lets you configure Classless Inter-Domain Routing (CIDR) blocks, instance types, and Stream settings.

For troubleshooting common Quick Start issues visit the AWS Quick Start General Content Guide or the Troubleshooting CloudFormation page in the AWS documentation.

Q. I encountered a CREATE_FAILED error when I launched the Quick Start.

A. If AWS CloudFormation fails to create the stack, relaunch the template with Rollback on failure set to Disabled. This setting is under Advanced in the AWS CloudFormation console on the Configure stack options page. With this setting, the stack’s state is retained, and the instance keeps running so that you can troubleshoot the issue. (For Windows, look at the log files in %ProgramFiles%\Amazon\EC2ConfigService and C:\cfn\log.)

For more information, see Troubleshooting AWS CloudFormation.

Q. I encountered a size-limitation error when I deployed the AWS CloudFormation templates.

A. Launch the Quick Start templates from the links in this guide or from another S3 bucket. If you deploy the templates from a local copy on your computer or from a location other than an S3 bucket, you might encounter template-size limitations. For more information, see AWS CloudFormation quotas.

Q. Can I deploy this Quick Start in a different AWS Region other than the default (us-east-1)?

A. You can enter a different Region during deployment for the Quick Start S3 bucket Region parameter. For any Quick Start to work in a Region other than its default Region, all the services it deploys must be supported in that Region. You can launch a Quick Start in any Region and see if it works. If you get an error such as Unrecognized resource type, the Quick Start is not supported in that Region. For an up-to-date list of AWS Regions and the AWS services they support, see AWS Regional Services.

Q. Can I modify the EC2 IAM policy to include other S3 buckets, Kinesis streams, or other AWS resources for my instance to access?

A. Yes. For more information, refer to S3 and SQS Permissions and Amazon Kinesis Streams.

Q. Where can I find the Cribl URL output when I choose a deployment option into a new VPC? A. Refer to the Cribl LogStream Web URL output of the CloudFormation stack after deployment. To log in, use the Stream instance AMI ID as the password.

Q. After my instance was rebuilt by the Auto Scaling group, I can no longer log in to my instance. What’s the new password? A. When the Auto Scaling group rebuilds an instance, it resets the administrator password to the new instance’s AMI ID.

After you deploy a Partner Solution, confirm that your resources and services are updated and configured—including any required patches—to meet your security and other needs. For more information, refer to the Shared Responsibility Model.

To submit feature ideas and report bugs, use the Issues section of the GitHub repository for this Partner Solution. To submit code, refer to the Partner Solution Contributor’s Guide. To submit feedback on this deployment guide, use the following GitHub links:

This document is provided for informational purposes only. It represents current AWS product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS products or services, each of which is provided "as is" without warranty of any kind, whether expressed or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

The software included with this paper is licensed under the Apache License, version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at https://aws.amazon.com/apache2.0/ or in the accompanying "license" file. This code is distributed on an "as is" basis, without warranties or conditions of any kind, either expressed or implied. Refer to the License for specific language governing permissions and limitations.