Skip to main content Link Search Menu Expand Document (external link)

AWS CloudWatch

AWS CloudWatch Logs is used to monitor, and store log files from AWS EC2 (Elastic Compute Cloud) instances, AWS Route 53, and other sources. Fluency can retrieve these logs via an IAM user with the permissions to access CloudWatch.

The Official CloudWatch Logs user guide can be found at the following link:

https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html

In the figure below, we see an example of two CloudWatch Log Groups, both originating from EC2 instances.

For complete instructions on using AWS CloudWatch, you may vist the Official AWS Documentation:

https://aws.amazon.com/documentation/cloudwatch/

Additionally, each AWS service will have it’s own set of instructions on configuring and using CloudWatch logs.

https://aws.amazon.com/documentation/

Adding permissions to the IAM user

For CloudWatch Logs, the only required action is to configure the IAM user assigned to Fluency with Read-only permissions to CloudWatch services.

Navigate to the IAM section of the AWS Mangement console. In the “Users” tab, select the IAM user to modify.

Choose the Permissions tab, and select “Add permissions”.

In the “Attach existing polices directly” panel, add the following two pre-defined permissions to the IAM user. You may use the search functions to locate these entries.

CloudWatchReadOnlyAccess
CloudWatchLogsReadOnlyAccess

Review and add these permissions.

Fluency interface configurations

Configure the log groups to be collected by going to the Fluency interface.

Continue configuration on Fluency.

Page last updated: 2021 Dec 07