openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/rosa-set-up-cloudwatch-log-group.adoc

92 lines
2.7 KiB
Plaintext
Raw Permalink Normal View History

ROSA-12691 New Feature: Log Forwarder
2026-01-13 16:17:03 -05:00
// Module included in the following assemblies:
//
// * security/rosa-forwarding-control-plane-logs.adoc
:_mod-docs-content-type: PROCEDURE
[id="rosa-set-up-cloudwatch-log-group_{context}"]
= Setting up the CloudWatch log group
[role="_abstract"]
If you have logs requiring immediate action or organization, set up an Amazon CloudWatch log group.
.Prerequisites
* You have created an IAM role and policy.
.Procedure
. Create the CloudWatch log group by running the following command:
+
[source,terminal]
----
$ aws logs create-log-group log-group-name <your_log_group_name>
----
+
. In your {product-title} cluster, configure the log forwarder to use the CloudWatch log group by applying the following JSON sample:
+
[source,json]
----
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CreatePutLogs",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "<your_log_group_arn>:*"
},
{
"Sid": "DescribeLogs",
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups",
"logs:DescribeLogStreams"
],
"Resource": "*"
}
]
}
----
+
. Attach the policy to the CloudWatch role by running the following command:
+
[source,terminal]
----
$ aws iam put-role-policy \
--role-name CustomerLogDistribution-RH \
--policy-name Allow-CloudWatch-Writes \
--policy-document file://cloudwatch-policy.json
----
+
. Configure your {product-title} cluster to forward logs to the CloudWatch log group by applying the following sample YAML list:
+
[source,yaml]
----
cloudwatch:
cloudwatch_log_role_arn: "arn:aws:iam::123456789012:role/RosaCloudWatch"
cloudwatch_log_group_name: "rosa-logs"
applications:
- "<example_app1>"
groups:
- "<example_group1>"
----
<example_app1>:: Add one or more applications. For a list of applications, see the table in "Determining what log groups to use".
<example_group1>:: Add one or more of the following groups: `API`, `Authentication`, `Controller Manager`, `Scheduler`, and `Other`.
. Enable the log forwarder to send logs to your {product-title} cluster.
.. To enable control plane log forwarding on a new cluster, include the log forwarding configuration by running the following command:
+
[source,terminal]
----
$ rosa create cluster --log-fwd-config="<path_to_file>.yaml"
----
+
.. To enable control plane log forwarding on an existing cluster, include the log forwarding configuration by running the following command:
+
[source,terminal]
----
$ rosa create log-forwarder -c <cluster> --log-fwd-config="<path_to_file>.yaml"
----
Copy Permalink