Overview

AWS CloudWatch is a comprehensive monitoring and management service designed to provide real-time insights into your AWS resources and applications. It enables you to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS environment. By utilizing AWS CloudWatch, you can gain valuable insights into your system’s performance, troubleshoot issues promptly, and maintain a high level of operational health. Its integration with other AWS services makes it an essential tool for maintaining and optimizing your cloud infrastructure. Follow the steps below to configure log shipping to CloudWatch.

Step 1 - Credential Procurement

AWS credentials are required to ship logs to CloudWatch. To obtain AWS credentials and store it, follow the guide here: AWS key

Step 2 - Configure External Logging

External logging can be configured by using either the UI Console or CLI.
For groupName and streamName follow Fluent Bit templating. Use stream,stream, location, provider,provider, replica, workload,workload, gvc, org,org, container, $version to template.

Enable Logging using the UI Console

  1. From the Control Plane Console UI, click on Org in the left menu.
  2. Click External Logs in the middle context menu.
  3. Select CloudWatch and fill out the required fields.
  4. Select the AWS secret created to authenticate to AWS. Refer to the credential procurement section to obtain and configure the necessary credentials.
  5. Click Save.
  6. After the configuration is complete, log entries will be available at CloudWatch within a few minutes.

Enable Logging using the CLI

The external logging configuration can be created / updated using the CLI’s cpln org patch ORG_NAME -f FILE.yaml command. Below is an example Org manifests (in YAML). Edit and save the YAML as a file and use it as an input to the CLI’s cpln org patch ORG_NAME -f FILE.yaml command. Refer to the credential procurement section to obtain and configure the necessary credentials.
  • Substitute: ORG_NAME, AWS_SECRET and possibly the region, retentionDays, groupName and streamName.
YAML
kind: org
name: ORG_NAME
spec:
  logging:
    cloudWatch:
      region: us-east-1
      credentials: //secret/AWS_SECRET
      retentionDays: 7
      groupName: $gvc
      streamName: $workload