Welcome to the Cribl CloudFormation Templates Repository. These templates are to be used with the Cribl AMI's available on the Amazon Marketplace. Once subscribed, users can deploy Cribl Stream into their AWS Environments using the templates below.
For questions about these templates, please either create an issue on this repo or reach out to our community slack and search for the #cribl-aws-cloudformation channel.
This template will deploy an IAM trust relationship between your AWS account and the Cribl Cloud tenant. The template will also create two supporting S3 buckets for testing purposes (s3DefaultSIEM and s3DefaultSecurityLake). The newly created IAM role will have access to read and write from these S3 buckets. You can update the IAM Role Policy to include any additional S3 buckets or other AWS resources you want to give Cribl access to.
Here is the Cloudformation Template here
This template will deploy a single Cribl Stream tenant along with an application load balancer, an S3 bucket, an autoscale group and one Security Group. This will deploy in one Public Subnet in your VPC and will create a security group.
A good use case for this type of deployment is to test Cribl Stream or Edge.
The CloudFormation Template for ARM64 is available here
The CloudFormation Template for x86_64 is available here
This template will deploy one Cribl Stream Leader node and at least one Cribl Stream Worker node. These nodes will be added to their own Autoscale Groups. Two load balancers will also be deployed, one Application Load Balancer for web traffic and a Network Load Balancer for communication between the workers and leader (TCP 4200). You will need at least two Public Subnets and two availability zones for this deployment. An S3 bucket along with a security group will be created in your AWS environment.
The CloudFormation Template for ARM64 is available here
The CloudFormation Template for x86_64 is available here
This template will deploy one Network Load Balancer, an autoscale group with at least one Cribl Worker node and an S3 bucket. You will be required to have a Cribl Cloud instance or distributed Cribl instance to leverage this CloudFormation template.
The CloudFormation Template for ARM64 is available here
The CloudFormation Template for x86_64 is available here
Similar to the Distributed Deployment above, this template will deploy one Cribl Stream Leader node and at least one Cribl Stream Worker node. These nodes will be added to their own Autoscale Groups. Two load balancers will also be deployed, one Application Load Balancer for web traffic and a Network Load Balancer for communication between the workers and leader (TCP 4200). You will need at least two Public Subnets and two availability zones for this deployment. An S3 bucket along with a security group will be created in your AWS environment.
The main difference is that this template will create a PrivateLink connection available for you to send traffic from various endpoints through this PrivateLink.
The CloudFormation Template for ARM64 is available here
The CloudFormation Template for x86_64 is available here