Set up Amazon Data Firehose for HLA in the AWS ConsoleThis KB describes how to manually configure an AWS account to stream data to HLA. While manual setup can be useful in test an non-prod environment, we recommend using the CloudFormation template provided during setup to automate the following setup. Before starting... Important: Requirements to send data to HLA from Amazon Data Firehose before proceeding with your cloud and security teams. The most common implementation issue with customers is lack of required permissions to create AWS Data Firehose streams. Requirements This post assumes you have a CloudWatch log group with active data in it. Once setup, only new logs are forwarded to HLA. Create a Firehose Stream with an HTTPS Delivery Endpoint First, follow the AWS tutorial to create a new Data Firehose Stream here.Create a HTTP(s) delivery destination that points to the regional gateway endpoint provided in the data input setup in integration Launchpad. Use an access key and specify the integration ID: Setup a CloudWatch Subscription Filter Log forwarding from Amazon CloudWatch is configured via Subscription Filters. Subscription filters tell CloudWatch to forward specific logs to external sources. In our case, we’ll be creating a new subscription filter to send logs to the Firehose Stream that was automatically created in Step 3. In CloudWatch, for a log group, click “subscription filters”: Next, create a new Data Firehose filter and choose the Firehose Stream and role that was created by the CloudFormation template: Important: start conservatively with the logs you send to HLA. Choose a specific server or low-volume service to validate the end-to-end flow before streaming large numbers of logs. Sending large volumes of logs will have an impact on your AWS bill. Click create and new logs will start streaming to the Firehose Stream connected to HLA. If you open up the Firehose Stream that was created in CloudFormation, a good metric to keep an eye on is “delivery success” – after a few minutes it should look something like this: Troubleshooting If you see any errors, refer to KB1957226 for troubleshooting suggestions.