Pushing EC2 logs to CloudWatch

AWS CloudWatch is a centralized logs aggregation services what provided by AWS with the high availability and unlimited storage capacity. It’s a default log location for most of the AWS services and you may also manually push the log from your EC2 to the CloudWatch for storage.

To push your log from EC2 to CloudWatch basically you need to do a following step:

  1. Open IAM console at https://console.aws.amazon.com/iam/
  2. Navigate to Roles

3. Click on create role, then select AWS Service–> EC2, click on next button

4. Click on create policy, a new tab/window will be pop up

5. Choose the JSON tab and paste the following JSON policy document

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "logs:DescribeLogStreams"
    ],
      "Resource": [
        "*"
    ]
  }
 ]
}

6. Click next to review and give a new name and description for the policy

7. Close the pop up window, and go back to Add Permission page to continue, click on refresh to make sure that newly created policy get update from the list, and then select the newly created policy to attach to your role.

8. Choose Attach policy.

Configure your EC2

  1. Login to your EC2 using SSH
  2. update your EC2 instance to pick up the latest changes in the package repo
sudo yum update -y

3. Install CloudWatch agent

sudo yum install -y awslogs

4. Edit /etc/awslogs/awslogs.conf file to configure the logs to track.

5. Edit /etc/awslogs/awscli.conf file to configure which region and log group you want to push your log to, by default, it will push to us-east-1 region.

6. Start the awslogs service

sudo service awslogsd start

7. CloudWatch agent will auto create the logs file in /var/log/awslogs.log, any errors and message will be logged

8. Run the following command to start the service at each system boot.

sudo systemctl enable awslogsd.service

9. Check the logs that push to CloudWatch by navigate to CloudWatch console, search for the logs group name /var/log/ and click into the log group, you should see the instance id, if you have instance push the log to CloudWatch, click the instance id you will see the detail logs which push from your ec2 to the CloudWatch

For more detail about how to install and configure CloudWatch logs agent: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html

Leave a Reply

google.com, pub-3772983857049267, DIRECT, f08c47fec0942fa0
%d bloggers like this: