Tuesday, 7 February 2017

Getting your logs into AWS CloudWatch on CentOS 7

This tutorial will demonstrate how you can securely get your logs from your applications into the AWS CloudWatch service.

For this tutorial we will be forwarding specific syslog messages to CloudWatch (I would like to caputure radius AAA information.)


Firstly and most importantly lets setup a secure IAM Policy to ensure that we provide minimal access permissions to the host machine:

IAM >> Add User >> Let's call it 'remoteaccess' - we'll untick 'AWS Management Console access' as this won't be necessary for our needs.

We'll create a new group called 'Logging' and then finish the user creation.

Now click on the 'Groups' tab in the left-hand navigation pane and open the newly created 'Logging' group. Hit the permissions tab and expand the 'Inline Policies' >> Create >> Custom Policy and name it 'CloudWatchAccess' and add:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "logs:DescribeLogStreams"
    ],
      "Resource": [
        "arn:aws:logs:*:*:*"
    ]
  }
 ]
}

The next step is to install the 'CloudWatch Logs' service - as we are on CentOS 7 we will need to install it manually:

cd /tmp

wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py

sudo python ./awslogs-agent-setup.py --region <region-name>

Entering in your access key, secret key and path to the logs - which in my case will be:

/var/log/aaa

If you wish to manually change the access key etc. at a later date we can simplt issue:

aws configure

to modify the logging settings we can modify:

/var/awslogs/etc/awslogs.conf

and to help debug any problems we can tail:

/var/log/awslogs.log

and start the service with:

sudo service awslogs start

Source: http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html

0 comments:

Post a comment