CloudWatch

Overview

AWS CloudWatch is a comprehensive monitoring and management service designed to provide real-time insights into your AWS resources and applications. It enables you to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS environment.

By utilizing AWS CloudWatch, you can gain valuable insights into your system’s performance, troubleshoot issues promptly, and maintain a high level of operational health. Its integration with other AWS services makes it an essential tool for maintaining and optimizing your cloud infrastructure.

Follow the steps below to configure log shipping to CloudWatch.

Step 1 - Credential Procurement

AWS credentials are required to ship logs to CloudWatch.

To obtain AWS credentials and store it, follow the guide here: AWS key

Step 2 - Configure External Logging

External logging can be configured by using either the UI Console or CLI.

For groupName and streamName follow Fluent Bit templating. Use $stream,$ location, $provider,$ replica, $workload,$ gvc, $org,$ container, $version to template.

Enable Logging using the UI Console

From the Control Plane Console UI, click on Org in the left menu.
Click External Logs in the middle context menu.
Select CloudWatch and fill out the required fields.
Select the AWS secret created to authenticate to AWS. Refer to the credential procurement section to obtain and configure the necessary credentials.
Click Save.
After the configuration is complete, log entries will be available at CloudWatch within a few minutes.

Enable Logging using the CLI

The external logging configuration can be created / updated using the CLI’s cpln org patch ORG_NAME -f FILE.yaml command.

Below is an example Org manifests (in YAML). Edit and save the YAML as a file and use it as an input to the CLI’s cpln org patch ORG_NAME -f FILE.yaml command.

Refer to the credential procurement section to obtain and configure the necessary credentials.

Substitute: ORG_NAME, AWS_SECRET and possibly the region, retentionDays, groupName and streamName.

YAML

kind: org
name: ORG_NAME
spec:
  logging:
    cloudWatch:
      region: us-east-1
      credentials: //secret/AWS_SECRET
      retentionDays: 7
      groupName: $gvc
      streamName: $workload

On this page

Overview
Step 1 - Credential Procurement
Step 2 - Configure External Logging
Enable Logging using the UI Console
Enable Logging using the CLI

Overview

Follow the steps below to configure log shipping to CloudWatch.

Step 1 - Credential Procurement

AWS credentials are required to ship logs to CloudWatch.

To obtain AWS credentials and store it, follow the guide here: AWS key

Step 2 - Configure External Logging

External logging can be configured by using either the UI Console or CLI.

For groupName and streamName follow Fluent Bit templating. Use $stream,$ location, $provider,$ replica, $workload,$ gvc, $org,$ container, $version to template.

Enable Logging using the UI Console

From the Control Plane Console UI, click on Org in the left menu.
Click External Logs in the middle context menu.
Select CloudWatch and fill out the required fields.
Select the AWS secret created to authenticate to AWS. Refer to the credential procurement section to obtain and configure the necessary credentials.
Click Save.
After the configuration is complete, log entries will be available at CloudWatch within a few minutes.

Enable Logging using the CLI

The external logging configuration can be created / updated using the CLI’s cpln org patch ORG_NAME -f FILE.yaml command.

Below is an example Org manifests (in YAML). Edit and save the YAML as a file and use it as an input to the CLI’s cpln org patch ORG_NAME -f FILE.yaml command.

Refer to the credential procurement section to obtain and configure the necessary credentials.

Substitute: ORG_NAME, AWS_SECRET and possibly the region, retentionDays, groupName and streamName.

YAML

kind: org
name: ORG_NAME
spec:
  logging:
    cloudWatch:
      region: us-east-1
      credentials: //secret/AWS_SECRET
      retentionDays: 7
      groupName: $gvc
      streamName: $workload

On this page

Overview
Step 1 - Credential Procurement
Step 2 - Configure External Logging
Enable Logging using the UI Console
Enable Logging using the CLI

Overview

Step 1 - Credential Procurement

Step 2 - Configure External Logging

Enable Logging using the UI Console

Enable Logging using the CLI

Overview

agent

auditctx

cloudaccount

domain

group

gvc

identity

image

location

org

policy

quota

secret

serviceaccount

task

user

volumeset

workload

CloudWatch

Overview

Step 1 - Credential Procurement

Step 2 - Configure External Logging

Enable Logging using the UI Console

Enable Logging using the CLI

​Overview

​Step 1 - Credential Procurement

​Step 2 - Configure External Logging

​Enable Logging using the UI Console

​Enable Logging using the CLI

Overview

agent

auditctx

cloudaccount

domain

group

gvc

identity

image

location

org

policy

quota

secret

serviceaccount

task

user

volumeset

workload

​Overview

​Step 1 - Credential Procurement

​Step 2 - Configure External Logging

​Enable Logging using the UI Console

​Enable Logging using the CLI

Overview

Step 1 - Credential Procurement

Step 2 - Configure External Logging

Enable Logging using the UI Console

Enable Logging using the CLI

Overview

Step 1 - Credential Procurement

Step 2 - Configure External Logging

Enable Logging using the UI Console

Enable Logging using the CLI