Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Services

      Resources

      Explore our blogs, guides, case studies, eBooks, and more actionable insights to enhance your IT monitoring and observability.

      View Resources
    Learn

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    Using StackSets to Automate Role and Policy Creation

    Last updated on 03 June, 2024

    Everything required by AWS Organizational Monitoring Units can be set up using AWS CloudFormation StackSets to automatically apply the necessary roles and policies to your organization member accounts. For details on configuring Organization monitoring, see AWS Organizational Unit Monitoring Setup.

    Requirements to Create a Stack Set

    To configure roles and permissions for LogicMonitor, activate Trusted Access for your AWS organization. For more information, see Activate trusted access with AWS Organizations from AWS.

    Create a single account in LogicMonitor with the necessary roles and policies assigned.

    Recommendation: Use your environment’s Organization Root management account for this process. The stack set does not run on that account.

    The following details from the account are needed in later steps:

    • Role Name
    • Policy Name
    • Principal account from the Trust Relationship – This is provided by the LM Wizard – 282028653949
    • ExternalId from the Trust Relationship – This is provided by the LM Wizard

    You will use these details to create the Stack Set, and therefore the role and policies for all accounts in the organization.

    Creating a Stack Set

    Note: The following procedure applies after step 6 in AWS Organizational Unit Monitoring Setup. Please follow steps 1-5 in that document before completing this procedure.

    Create a stack set in the AWS Management Console for use with LogicMonitor. For full instructions on creating stack sets in AWS CloudFormation, see Create a Stack Set from AWS.

    Keep the following details in mind when creating your stack set in AWS:

    • During the stack set creation process, use default settings until you reach the Specify template field. Select Upload a template file and add iam-policy-template_with_gc_support.yaml as the source template.
    • In the Parameters section, enter the LogicMonitor account details you recorded in the earlier section. 
    • Selecting Active as your Execution configuration will speed up deployment of your stack set, but this is optional.
    • Select only one region in Specify region. This should be the same region as your stack set, if possible.

    After you create you stack set, you can view the instances for each account on the Stack instances tab in your AWS Management Console

    Return to AWS Organizational Unit Monitoring Setup to complete steps 7-19. Select Re-use External Id and select the Root management account you added first on the Permission tab during that process.

    In This Article