For this tutorial we will be forwarding specific syslog messages to CloudWatch (I would like to caputure radius AAA information.)
Firstly and most importantly lets setup a secure IAM Policy to ensure that we provide minimal access permissions to the host machine:
IAM >> Add User >> Let's call it 'remoteaccess' - we'll untick 'AWS Management Console access' as this won't be necessary for our needs.
We'll create a new group called 'Logging' and then finish the user creation.
Now click on the 'Groups' tab in the left-hand navigation pane and open the newly created 'Logging' group. Hit the permissions tab and expand the 'Inline Policies' >> Create >> Custom Policy and name it 'CloudWatchAccess' and add:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Resource": [
"arn:aws:logs:*:*:*"
]
}
]
}The next step is to install the 'CloudWatch Logs' service - as we are on CentOS 7 we will need to install it manually:
cd /tmp
wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py
sudo python ./awslogs-agent-setup.py --region <region-name>
Entering in your access key, secret key and path to the logs - which in my case will be:
/var/log/aaa
If you wish to manually change the access key etc. at a later date we can simplt issue:
aws configure
to modify the logging settings we can modify:
/var/awslogs/etc/awslogs.conf
and to help debug any problems we can tail:
/var/log/awslogs.log
and start the service with:
sudo service awslogs start
Source: http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html
0 comments:
Post a Comment