openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/rosa-set-up-s3-bucket.adoc
Jake Berger 12e4980335 ROSA-12691 New Feature: Log Forwarder
2026-01-26 15:47:05 +00:00

89 lines
2.7 KiB
Plaintext
Raw Permalink Blame History

// Module included in the following assemblies:
//
// * security/rosa-forwarding-control-plane-logs.adoc
:_mod-docs-content-type: PROCEDURE
[id="rosa-set-up-s3-bucket_{context}"]
= Setting up the S3 bucket
[role="_abstract"]
If you have logs that need long-term storage or large-scale data analysis, set up an Amazon S3 bucket.
.Prerequisites
* If you want to prevent limitations for the managed keys for your S3 bucket, you must have created an IAM role and policy.
.Procedure
. Create the S3 bucket by running the following command:
+
[source,terminal]
----
$ aws s3api create-bucket \
--bucket <your_s3_bucket_name> \
--region <your_aws_region> \
--create-bucket-configuration LocationConstraint=<cluster_aws_region>
----
+
. Configure the policy for the S3 bucket by applying the following S3 bucket policy sample:
+
[source,json]
----
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowCentralLogDistributionWrite",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::859037107838:role/ROSA-CentralLogDistributionRole-241c1a86"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::<your_s3_bucket_name>/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}
----
+
. Attach the policy to the S3 role by running the following command:
+
[source,terminal]
----
$ aws s3api put-bucket-policy \
--bucket <your_s3_bucket_name> \
--policy file://s3-bucket-policy.json
----
+
. Configure your {product-title} cluster to forward logs to the S3 bucket by applying the following sample YAML list:
+
[source,yaml]
----
s3:
s3_config_bucket_name: "my-log-bucket"
s3_config_bucket_prefix: "my-bucket-prefix"
applications:
- "<example_app1>"
groups:
- "<example_group1>"
----
<example_app1>:: Add one or more applications. For a list of applications, see the table in "Determining what log groups to use".
<example_group1>:: Add one or more of the following groups: `API`, `Authentication`, `Controller Manager`, `Scheduler`, and `Other`.
. Enable the log forwarder to send logs to your {product-title} cluster.
.. To enable control plane log forwarding on a new cluster, include the log forwarding configuration by running the following command:
+
[source,terminal]
----
$ rosa create cluster --log-fwd-config="<path_to_file>.yaml"
----
+
.. To enable control plane log forwarding on an existing cluster, include the log forwarding configuration by running the following command:
+
[source,terminal]
----
$ rosa create log-forwarder -c <cluster> --log-fwd-config="<path_to_file>.yaml"
----
View Git Blame Copy Permalink