Overview
The AWS CloudWatch output will stream logs to a specified CloudWatch log group.
Before you begin
Before you can create an output, you must have available the CloudWatch log group name and log stream name.
- To learn how to create a log group, review this document from Amazon.
- To learn how to create a log stream, review this document from Amazon.
Review Sample Configuration
The following sample configuration displays an output without the name of the organization-level integration:
- name: cloudwatch
type: cloudwatch
region: us-west-2
log_group_name: /ecs/microservice
log_stream_prefix: ecs
auto_create: true
features: log
-
If the auto_create parameter is not set, then you can assign the following permission to taskExecutionRoleArn to put log events into CloudWatch. Review the following example:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "logs:PutLogEvents" ], "Resource": "*" }] }
-
If the auto_create parameter is set, then assign the following permission to taskExecutionRoleArn. Review the following example:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource": "*" }] }
Review Parameters
Review the following parameters that you can configure in the Edge Delta App.
name
Required
Enter a descriptive name for the output or integration.
For outputs, this name will be used to map this destination to a workflow.
Review the following example:
name: cloudwatch-auto
integration_name
Optional
This parameter refers to the organization-level integration created in the Integrations page.
If you need to add multiple instances of the same integration into the config, then you can add a custom name to each instance via the name parameter. In this situation, the name should be used to refer to the specific instance of the destination in the workflows.
Review the following example:
integration_name: orgs-cloudwatch
type
Optional
Enter cloudwatch.
Review the following example:
type: cloudwatch
aws_key_id
Optional
If you want to use role-based authentication, then do not enter an AWS key.
Review the following example:
aws_key_id: '{{ Env "AWS_KEY_ID" }}'
aws_sec_key
Optional
If you want to use role-based authentication, then do not enter an AWS secret key.
Review the following example:
aws_sec_key: '{{ Env "AWS_SECRET_KEY" }}'
region
Required
Enter the AWS region destination to send logs.
Review the following example:
region: us-west-2
role_arn
Optional
To assume an AWS IAM role, enter the account ID and role name.
- To learn more about IAM roles, review this article from AWS.
Review the following example:
role_arn: "arn:aws:iam::<ACCOUNT_ID>:role/<ROLE_NAME>"
external_id
Optional
Enter a unique identifier to avoid a confused deputy attack.
- To learn more about confused deputy attacks, review this article from AWS.
Review the following example:
external_id: "053cf606-8e80-47bf-b849-8cd1cc826cfc"
log_group_name
Required
Enter the CloudWatch log group name.
Review the following example:
log_group_name: test_log_group
log_stream_name
Required
Enter the CloudWatch log stream name.
You can enter a name or prefix, but not both.
Review the following example:
log_stream_name: test_log_stream
log_stream_prefix
Required
Enter the CloudWatch log stream prefix.
You can enter a name or prefix, but not both.
Review the following example:
log_stream_prefix: ecs
allow_label_override
Optional
Enter true or false to override the default values for:
- log group name
- log stream name
- log stream prefix
The default values will be replaced based on the configurations for the following labels from your ECS or EKS deployment:
- ed_log_group_name
- ed_log_stream_name
- ed_log_stream_prefix
Review the following example:
allow_label_override: true
auto_configure
Optional
Enter true or false to automatically create:
- LogGroupName in the /ecs/task_definition_family format
- LogsStreamPrefix in the ecs/container_name/task_id format
This parameter is only supported for ECS environments.
Additionally, only region configurations can be provided.
Review the following example:
auto_configure: true
host
Optional
If you enter a host, then this output will be tailed by the agent.
- This parameter can be useful to avoid duplicate consumption if you have more than 1 agent running the same agent configuration.
Review the following example:
host: "myhost"
features
Optional
This parameter defines which data types to stream to the destination.
You can enter log, edac, and / or cluster pattern.
To learn more, review the Review Feature Types section in Stream Outputs and Integrations Overview.
Review the following example:
features: log
buffer_ttl
Optional
Enter a length of time to retry failed streaming data.
After this length of time is reached, the failed streaming data will no longer be tried.
Review the following example:
buffer_ttl: 2h
buffer_path
Optional
Enter a folder path to temporarily store failed streaming data.
The failed streaming data will be retried until the data reaches its destinations or until the Buffer TTL value is reached.
If you enter a path that does not exist, then the agent will create directories, as needed.
Review the following example:
buffer_path: /var/log/edgedelta/pushbuffer/
buffer_max_bytesize
Optional
Enter the maximum size of failed streaming data that you want to retry.
If the failed streaming data is larger than this size, then the failed streaming data will not be retried.
Review the following example:
buffer_max_bytesize: 100MB
auto_create
Optional
If this parameter is set, then IAM policies will be set.
If this parameter is not set, then log group and log stream will be created.
Review the following example:
auto_create: true
Quick links