Overview
The AWS CloudWatch output will stream logs to a specified CloudWatch log group.
Before you begin
Before you can create an output, you must have available the CloudWatch log group name and log stream name.
- To learn how to create a log group, review this document from Amazon.
- To learn how to create a log stream, review this document from Amazon.
Review Parameters
Review the following parameters that you can configure in the Edge Delta App:
YAML | Description |
name |
Enter a descriptive name for the output or integration. For outputs, this name will be used to map this destination to a workflow. This parameter is required. Review the following example: name: cloudwatch-auto |
integration_name |
This parameter only appears when you create an individual output. This parameter refers to the organization-level integration created in the Integrations page. If you enter this name, then the rest of the fields will be automatically populated. If you need to add multiple instances of the same integration into the config, then you can add a custom name to each instance via the name field. In this situation, the name should be used to refer to the specific instance of the destination in the workflows. This parameter is optional. Review the following example: integration_name: orgs-cloudwatch |
type |
Enter cloudwatch. This parameter is required. Review the following example: type: cloudwatch |
aws_key_id |
If you want to use role-based authentication, then do not enter an AWS key. This parameter is optional. Review the following example: aws_key_id: '{{ Env "AWS_KEY_ID" }}' |
aws_sec_key |
If you want to use role-based authentication, then do not enter an AWS secret key. This parameter is optional. Review the following example: aws_sec_key: '{{ Env "AWS_SECRET_KEY" }}' |
region |
Enter the AWS region destination to send logs. This parameter is required. Review the following example: region: us-west-2 |
role_arn |
To assume an AWS IAM role, enter the account ID and role name.
This parameter is optional. Review the following example: role_arn: "arn:aws:iam::<ACCOUNT_ID>:role/<ROLE_NAME>" |
external_id |
Enter a unique identifier to avoid a confused deputy attack.
This parameter is optional. Review the following example: external_id: "053cf606-8e80-47bf-b849-8cd1cc826cfc" |
log_group_name |
Enter the CloudWatch log group name. This parameter is required. Review the following example: log_group_name: test_log_group |
log_stream_name |
Enter the CloudWatch log stream name. You can enter a name or prefix, but not both. This parameter is required. Review the following example: log_stream_name: test_log_stream |
log_stream_prefix |
Enter the CloudWatch log stream prefix. You can enter a name or prefix, but not both. This parameter is required. Review the following example: log_stream_prefix: ecs |
allow_label_override |
Enter true or false to override the default values for:
The default values will be replaced based on the configurations for the following labels from your ECS or EKS deployment:
This parameter is optional. Review the following example: allow_label_override: true |
auto_configure |
Enter true or false to automatically create:
This parameter is only supported for ECS environments. Additionally, only region configurations can be provided. This parameter is optional. Review the following example: auto_configure: true |
host |
If you enter a host, then this output will be tailed by the agent.
This parameter is optional. Review the following example: host: "myhost" |
features |
This parameter defines which data types to stream to the destination. You can enter log, edac, and / or cluster pattern. To learn more, review the Review Feature Types section in Stream Outputs and Integrations Overview. This parameter is optional. Review the following example: features: log |
buffer_ttl |
Enter a length of time to retry failed streaming data. After this length of time is reached, the failed streaming data will no longer be tried. This parameter is optional. Review the following example: buffer_ttl: 2h |
buffer_path |
Enter a folder path to temporarily store failed streaming data. The failed streaming data will be retried until the data reaches its destinations or until the Buffer TTL value is reached. If you enter a path that does not exist, then the agent will create directories, as needed. This parameter is optional. Review the following example: buffer_path: /var/log/edgedelta/pushbuffer/ |
buffer_max_bytesize |
Enter the maximum size of failed streaming data that you want to retry. If the failed streaming data is larger than this size, then the failed streaming data will not be retried. This parameter is optional. Review the following example: buffer_max_bytesize: 100MB |
auto_create |
If this parameter is set, then IAM policies will be set. If this parameter is not set, then log group and log stream will be created. This parameter is optional. Review the following example: auto_create: true |
Review Sample Configuration
The following sample configuration displays an output without the name of the organization-level integration:
- name: cloudwatch
type: cloudwatch
region: us-west-2
log_group_name: /ecs/microservice
log_stream_prefix: ecs
auto_create: true
features: log
-
If the auto_create parameter is not set, then you can assign the following permission to taskExecutionRoleArn to put log events into CloudWatch. Review the following example:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "logs:PutLogEvents" ], "Resource": "*" }] }
-
If the auto_create parameter is set, then assign the following permission to taskExecutionRoleArn. Review the following example:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource": "*" }] }