Join fellow LogicMonitor users at the Elevate Community Conference and get hands-on with our latest product innovations.

Register Now

Platform

Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

Platform Overview
Infrastructure Monitoring
Cloud Monitoring
Digital Experience
AIOPS

Solutions

Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

Solutions Overview
By Initiative
By Industry

Resources

Explore our blogs, guides, case studies, eBooks, and more actionable insights to enhance your IT monitoring and observability.

View Resources
Learn

About us

Get to know LogicMonitor and our team.

About us
Get to know us
Services

Documentation

Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

View Resources
Support
TRY IT FREE
ON DEMAND DEMO

Product Documentation

Using StackSets to Automate Role and Policy Creation

Last updated on 27 August, 2024

Everything required by AWS Organizational Monitoring Units can be set up using AWS CloudFormation StackSets to automatically apply the necessary roles and policies to your organization member accounts. For details on configuring Organization monitoring, see AWS Organizational Unit Monitoring Setup.

Requirements to Create a Stack Set

To configure roles and permissions for LogicMonitor, activate Trusted Access for your AWS organization. For more information, see Activate trusted access with AWS Organizations from AWS.

Create a single account in LogicMonitor with the necessary roles and policies assigned.

Recommendation: Use your environment’s Organization Root management account for this process. The stack set does not run on that account.

The following details from the account are needed in later steps:

  • Role Name
  • Policy Name
  • Principal account from the Trust Relationship – This is provided by the LM Wizard – 282028653949
  • ExternalId from the Trust Relationship – This is provided by the LM Wizard

You will use these details to create the Stack Set, and therefore the role and policies for all accounts in the organization.

Creating a Stack Set

Note: The following procedure applies after step 6 in AWS Organizational Unit Monitoring Setup. Please follow steps 1-5 in that document before completing this procedure.

Create a stack set in the AWS Management Console for use with LogicMonitor. For full instructions on creating stack sets in AWS CloudFormation, see Create a Stack Set from AWS.

Keep the following details in mind when creating your stack set in AWS:

  • During the stack set creation process, use default settings until you reach the Specify template field. Select Upload a template file and add iam-policy-template_with_gc_support.yaml as the source template.
  • In the Parameters section, enter the LogicMonitor account details you recorded in the earlier section. 
  • Selecting Active as your Execution configuration will speed up deployment of your stack set, but this is optional.
  • Select only one region in Specify region. This should be the same region as your stack set, if possible.

After you create you stack set, you can view the instances for each account on the Stack instances tab in your AWS Management Console

Return to AWS Organizational Unit Monitoring Setup to complete steps 7-19. Select Re-use External Id and select the Root management account you added first on the Permission tab during that process.

In This Article

Start Your Trial

Full access to the LogicMonitor platform.
Comprehensive monitoring and alerting for unlimited devices.