Edge Delta AWS CloudWatch Output
4 minute read
Overview
The AWS CloudWatch output will stream logs to a specified CloudWatch log group.
Before you can create an output, you must have available the CloudWatch log group name and log stream name. To learn how to create a log group, review this document from Amazon. To learn how to create a log stream, review this document from Amazon.
Example
The following sample configuration displays an output without the name of the organization-level integration:
- name: cloudwatch
type: cloudwatch
region: us-west-2
log_group_name: /ecs/microservice
log_stream_prefix: ecs
auto_create: true
features: log
If the auto_create parameter is not set, then you can assign the following permission to put log events into CloudWatch.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"logs:PutLogEvents"
],
"Resource": "*"
}]
}
If the auto_create parameter is set, then assign the following permission to taskExecutionRoleArn.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:CreateLogGroup",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
],
"Resource": "*"
}]
}
Parameters
name
Required
Enter a descriptive name for the output or integration.
For outputs, this name will be used to map this destination to a workflow.
name: cloudwatch-auto
integration_name
Optional
This parameter refers to the organization-level integration created in the Integrations page.
If you need to add multiple instances of the same integration into the config, then you can add a custom name to each instance via the name parameter. In this situation, the name should be used to refer to the specific instance of the destination in the workflows.
integration_name: orgs-cloudwatch
type: cloudwatch
Optional
Enter cloudwatch.
type: cloudwatch
aws_key_id
Optional
If you want to use role-based authentication, then do not enter an AWS key.
aws_key_id: '{{ Env "AWS_KEY_ID" }}'
aws_sec_key
Optional
If you want to use role-based authentication, then do not enter an AWS secret key.
aws_sec_key: '{{ Env "AWS_SECRET_KEY" }}'
region
Required
Enter the AWS region destination to send logs.
region: us-west-2
role_arn
Optional
To assume an AWS IAM role, enter the account ID and role name.
role_arn: "arn:aws:iam::<ACCOUNT_ID>:role/<ROLE_NAME>"
external_id
Optional
Enter a unique identifier to avoid a confused deputy attack.
external_id: "053cf606-8e80-47bf-b849-8cd1cc826cfc"
log_group_name
Required
Enter the CloudWatch log group name.
log_group_name: test_log_group
log_stream_name
Required
Enter the CloudWatch log stream name.
You can enter a name or prefix, but not both.
log_stream_name: test_log_stream
log_stream_prefix
Required
Enter the CloudWatch log stream prefix.
You can enter a name or prefix, but not both.
log_stream_prefix: ecs
allow_label_override
Optional
Enter true or false to override the default values for:
- log group name
- log stream name
- log stream prefix
The default values will be replaced based on the configurations for the following labels from your ECS or EKS deployment:
- ed_log_group_name
- ed_log_stream_name
- ed_log_stream_prefix
allow_label_override: true
auto_configure
Optional
Enter true or false to automatically create:
- LogGroupName in the /ecs/task_definition_family format
- LogsStreamPrefix in the ecs/container_name/task_id format
This parameter is only supported for ECS environments. Additionally, only region configurations can be provided.
auto_configure: true
host
Optional
If you enter a host, then this output will be tailed by the agent.
This parameter can be useful to avoid duplicate consumption if you have more than 1 agent running the same agent configuration.
host: "myhost"
features
Optional
This parameter defines which data types to stream to the destination.
You can enter log, edac, and / or cluster pattern.
To learn more, see the following section on supported feature types.
features: log
buffer_ttl
Optional
Enter a length of time to retry failed streaming data.
After this length of time is reached, the failed streaming data will no longer be tried.
buffer_ttl: 2h
buffer_path
Optional
Enter a folder path to temporarily store failed streaming data.
The failed streaming data will be retried until the data reaches its destinations or until the Buffer TTL value is reached.
If you enter a path that does not exist, then the agent will create directories, as needed.
buffer_path: /var/log/edgedelta/pushbuffer/
buffer_max_bytesize
Optional
Enter the maximum size of failed streaming data that you want to retry.
If the failed streaming data is larger than this size, then the failed streaming data will not be retried.
buffer_max_bytesize: 100MB
auto_create
Optional
If this parameter is set, then IAM policies will be set.
If this parameter is not set, then log group and log stream will be created.
auto_create: true
Supported Features
See Streaming Features.
| Feature Type | Supported? |
|---|---|
| Log | Yes |
| Metrics | No |
| Alert as event | No |
| Alert as log | No |
| Health | No |
| Dimensions as attribute | No |
| Send as is | No |
| Send as JSON | No |
| Custom tags | No |
| EDAC enrichment | No |
| Message template | No |
| outgoing_bytes.sum | Yes |
| outgoing__raw_bytes.sum | Yes |
| outgoing_lines.count | No |
| output buffering to disk | No |