# Log Streaming Integration

{% hint style="warning" %}
**This step is optional and recommended for big environments with a high volume of logs.**
{% endhint %}

{% hint style="warning" %}
**This step should be performed only on the logs-archive account.**
{% endhint %}

To facilitate log streaming, complete the following steps:

1. [Deploy the **rezon-cloudtrail.yaml** CloudFormation stack template](https://rezonate.zendesk.com/hc/en-us/articles/7952282916509-AWS-Integration-Guide#h_01GQREB7C4RXC2VCE0YHQ0TNC1) to the account that owns the s3 CloudTrail bucket.
2. [Enable event-bridge notification support](https://rezonate.zendesk.com/hc/en-us/articles/7952282916509-AWS-Integration-Guide#h_01GQREBEY4CB6ZG292X23WH5XM).
3. [(Optional) Modify key policy](https://rezonate.zendesk.com/hc/en-us/articles/7952282916509-AWS-Integration-Guide#h_01GQREBQ16BE04Z91S5TVRSCDH).

#### Step 1: Deploy rezon-cloudtrail.yaml CloudFormation Stack Template <a href="#h_01gqreb7c4rxc2vce0yhq0tnc1" id="h_01gqreb7c4rxc2vce0yhq0tnc1"></a>

1. Login to the AWS Console for the account that owns the s3 CloudTrail bucket, and navigate to **CloudFormation** > **Stacks**.
2. Select **Create stack**, and then **With new resources (standard)**.
3. In the **Create stack** screen, upload the Rezonate log streaming template (rezon-cloudtrail.yaml), and then click **Next**.
4. In the **Specify stack details** screen, enter **Rezonate** for the stack name, and then click Next.
5. Scroll down and click next without changing any settings.&#x20;
6. Check the acknowledgment box, and then click **Create Stack**.

The **rezon-cloudtrail.yaml** stack template provisions the following resources:

* * An SQS Queue and Event bridge rule that adds notifications for every new log file created in the CloudTrail bucket.
  * A role that allows Rezonate to read CloudTrail logs from the bucket.
  * Make note of the **SQS queue** and the **Arn** value for the CloudTrail bucket, which you can find in the output tab of the stack execution screen. You will need to provide these values to your Rezonate representative to complete the onboarding process.

#### Step 2: Enable Event-Bridge Notification Support <a href="#h_01gqrebey4cb6zg292x23wh5xm" id="h_01gqrebey4cb6zg292x23wh5xm"></a>

After deploying the rezon-cloudtrail.yaml stack template, enable event-bridge notification support for the CloudTrail bucket, as explained in the following steps.

1. From the AWS Console for the account that owns the s3 CloudTrail bucket, select the bucket, and then the **Properties** tab. This can be done through the console by surfing to S3, clicking the trail bucket, and then Properties.
2. Scroll to the **Amazon EventBridge** panel and click **Edit**.
3. Select the **On** radio button, and then click **Save Changes**.

#### Step 3: (Optional) Modify Key Policy <a href="#h_01gqrebq16be04z91s5tvrscdh" id="h_01gqrebq16be04z91s5tvrscdh"></a>

In some deployments, the log bucket may be encrypted with a key that is stored in another account (such as the organization master). If this is the case, you must make a small modification to the key policy to allow Rezonate to use it to decrypt the log files, as explained in the following steps.

1. Log in to the account that holds the key, and navigate to the key management service.
2. Select the key, and then the **Key Policy** tab.
3. Add the following policy to the text field.

```
KMS Resource Policy 

… 

{ 

"Sid": "Enable Log Archive to Decrypt using master keys", 

"Effect": "Allow", 

"Principal": { 

"AWS": "arn:aws:iam::986349361966:root" 

}, 

"Action": "kms:Decrypt", 

"Resource": "*" 

}
```

<br>