openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/rosa-set-up-cloudwatch-log-group.adoc
Jake Berger 12e4980335 ROSA-12691 New Feature: Log Forwarder
2026-01-26 15:47:05 +00:00

92 lines
2.7 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
// Module included in the following assemblies:
//
// * security/rosa-forwarding-control-plane-logs.adoc
:_mod-docs-content-type: PROCEDURE
[id="rosa-set-up-cloudwatch-log-group_{context}"]
= Setting up the CloudWatch log group
[role="_abstract"]
If you have logs requiring immediate action or organization, set up an Amazon CloudWatch log group.
.Prerequisites
* You have created an IAM role and policy.
.Procedure
. Create the CloudWatch log group by running the following command:
+
[source,terminal]
----
$ aws logs create-log-group log-group-name <your_log_group_name>
----
+
. In your {product-title} cluster, configure the log forwarder to use the CloudWatch log group by applying the following JSON sample:
+
[source,json]
----
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CreatePutLogs",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "<your_log_group_arn>:*"
},
{
"Sid": "DescribeLogs",
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups",
"logs:DescribeLogStreams"
],
"Resource": "*"
}
]
}
----
+
. Attach the policy to the CloudWatch role by running the following command:
+
[source,terminal]
----
$ aws iam put-role-policy \
--role-name CustomerLogDistribution-RH \
--policy-name Allow-CloudWatch-Writes \
--policy-document file://cloudwatch-policy.json
----
+
. Configure your {product-title} cluster to forward logs to the CloudWatch log group by applying the following sample YAML list:
+
[source,yaml]
----
cloudwatch:
cloudwatch_log_role_arn: "arn:aws:iam::123456789012:role/RosaCloudWatch"
cloudwatch_log_group_name: "rosa-logs"
applications:
- "<example_app1>"
groups:
- "<example_group1>"
----
<example_app1>:: Add one or more applications. For a list of applications, see the table in "Determining what log groups to use".
<example_group1>:: Add one or more of the following groups: `API`, `Authentication`, `Controller Manager`, `Scheduler`, and `Other`.
. Enable the log forwarder to send logs to your {product-title} cluster.
.. To enable control plane log forwarding on a new cluster, include the log forwarding configuration by running the following command:
+
[source,terminal]
----
$ rosa create cluster --log-fwd-config="<path_to_file>.yaml"
----
+
.. To enable control plane log forwarding on an existing cluster, include the log forwarding configuration by running the following command:
+
[source,terminal]
----
$ rosa create log-forwarder -c <cluster> --log-fwd-config="<path_to_file>.yaml"
----
View Git Blame Copy Permalink