Written by Gerald Frilot. Posted by Tony Harper.
AWS CloudWatch is a unified monitoring service for AWS services and your cloud applications. UsingAWS Cloud Watch, you can:
- monitor your AWS account and resources
- generate a stream of events
- trigger alarms and actions for specific conditions
- Manually export CloudWatch log groups to an Amazon S3 Bucket
Exporting data to an S3 bucket is an important process if your organization needs to report CloudWatch data beyond the specified retention time. When the retention time expires, the log groups are permanently deleted. Manual export in this case reduces the risks associated with data loss, but a major drawback of manually exporting log files as defined inAWS Documents, is that each AWS account can only support one export job at a time. This action is possible if you only want to export a few log groups, but it can become very time consuming and error-prone if you frequently need to manually export more than 100 log groups.
Let's use a step-by-step solution to automate the process of exporting large groups of log files to an S3 bucket using a Lambda instance to generate traffic based on CloudWatch events. You can use an existing S3 bucket orcreate a new instance of S3.
Amazon Simple Storage Service (S3)
Log in to your AWS account, search for the Amazon S3 service and follow these steps to enable the simple storage service:
- Choose a meaningful name
- Select an AWS region
- keep all standards
- Disabled ACLs (recommended)
- Block all public access (disabled)
- Bucket version (disable)
- Default encryption (disable)
- to electcreate reach(This creates a new S3 data store instance)
Once the bucket is created, navigate to the Entitlements tab:
updatebucket policywhich allows CloudWatch to store objects in the S3 bucket. Use the following to complete this process:
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Instructor": { | |
| "Service": "logs.UW-REGIO.amazonaws.com" | |
| }, | |
| "Action": "s3:GetBucketAcl", | |
| "Recurso": "arn:aws:s3:::BUCKET_NAME_HERE" | |
| }, | |
| { | |
| "Effect": "Allow", | |
| "Instructor": { | |
| "Service": "logs.UW-REGIO.amazonaws.com" | |
| }, | |
| "Action": "s3:PutObject", | |
| "Recurso": "arn:aws:s3:::BUCKET_NAME_HERE/*", | |
| "disease": { | |
| "StringEquals":{ | |
| "s3:x-amz-acl": "bak has full control" | |
| } | |
| } | |
| } | |
| ] | |
| } |
AWS Lambda
The S3 bucket is now configured to allow write objects from our CloudWatch service. Our next step is to create a Lambda instance that hosts the source code to receive events from CloudWatch and store them in our S3 instance.
Search for the Lambda service in your AWS account, navigate to the features and selectcreate role.
Follow these steps:
- to electZero model author
- Under Basic Information we need to provide:
- roll name
- Duration (Python 3.9)
- Instruction Set Architecture (x86_64standard)
- Keep the default settings in the Driver role and advanced settings drop-down menu and select Create role
Python-script (pseudocode)
The Python script imports the boto3 aws-sdk module to create, configure, and manage AWS services along with an OS and time module. We instantiate a new instance of CloudWatch Logs and a new instance of AWS Systems Manager Parameter Store. Inside the lambda handler method, we initialize an empty object and two empty arrays. The empty object can be useful if we just want to target a specific log group name prefix.
Our first array is for all log groups and the second array is used to determine which log groups to export. Next, we check if the S3 bucket environment variable exists, otherwise we return an error. Otherwise, we enter a series of loops. The first loop calls the AWS DescribeLogGroups method and adds it to our first set of log groups. Once all the log groups are added, we'll start our second loop that looks for the ExportToS3 tag in the initial log group array. If this tag exists, we update the second array with the groups of logs to export.
The last loop iterates over the second array and uses the name of the log group as a prefix for searching the parameter store. If a match is found, we check the stored time value and compare it to our current time. When 15 minutes have passed, we update the S3 bucket with our data and then update the parameter store value with the current time.
- Select Deploy to save our code changes and then navigate to the Configuration tab
- Now we need to create an environment variable that points to the S3 bucket where our CloudWatch events are stored
Observation: The key must be set to S3_BUCKET and the value must be set to your S3 bucket name. This is referenced in the lambda code and must be set before enabling this feature.
- Our next action is to update the lambda-run base function. This allows our lambda to perform read/update operations on individual AWS services. Use the following to complete the process:
{
"Version": "2012-10-17",
"Statement": [
Avoid contact center outages: schedule your upgrade to Amazon Connect
Learn the six most common pitfalls when upgrading your call center and how Amazon Connect can help you avoid them.
get the guide
{
"Sid": "Editor Visual0",
"Effect": "Allow",
"Therapy": [
"logs:ListTagsLogGroup",
"logs:DescribeLogGroups",
"logs:CreateLogGroup",
"logs:CreateExportTask",
"ssm:getparameter",
"ssm:PutParameter"
],
"Resource": "arn:aws:logs:{your region}:{your aws account number}:*"
},
{
"Sid": "Editor Visual1",
"Effect": "Allow",
"Therapy": [
"logs:ListTagsLogGroup",
"logs:MaakLogStream",
"logs:DescribeLogGroups",
"logs:PutLogEvents",
"logs:CreateExportTask",
"ssm:getparameter",
"ssm:PutParameter",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:logs:{uw regio}:{uw aws-accountnummer}:log-group:/aws/lambda/{ Rolnaam}:*"
},
{
"Sid": "Editor Visual2",
"Effect": "Allow",
"Action": "ssm:DescribeParameters",
"Bron": "*"
},
{
"Sid": "Editor Visual3",
"Effect": "Allow",
"Therapy": [
"ssm:getparameter",
"ssm:PutParameter"
],
"Resource": "arn:aws:ssm:{ your region}:{aws account number}:parameter/log-exporter-*"
},
{
"Sid": "Editor Visual4",
"Effect": "Allow",
"Therapy": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:ObterObjeto",
"s3:GetObjectAcl",
"s3:Delete Object"
],
"Bron": [
"arn:aws:s3:::{aws bucketnaam}",
"arn:aws:s3:::{name of aws block}/*"
]
}
]
}
AWS-parameteropslag
Now that the S3 bucket and Lambda are fully configured, we can turn to the called AWS serviceParameterachterstandwhich provides secure, hierarchical storage for managing configuration data and managing secrets. This service is for reference only, as our lambda method takes care of the initial setup and naming conventions for this service. When a CloudWatch event is triggered, our code references the Parameter Store to determine if 15 minutes have passed since we last stored data in our S3 bucket. The first call sets the parameter store value to 0 and then checks/updates this value with every 15 minute thresholds recurring event. Data is never overwritten and our initial setup runs smoothly with no user intervention.
Lambda-triggers
Let's go back to our Lambda instance and do a final update toConfiguration > Triggersaba
- to electadd trigger
- Fill in the fields below and make your choiceAdd
- CloudWatch logs (click the cursor to select the drop-down menu and select the appropriate service)
- recording group
- filter name
- Repeat steps 1 and 2 for each group of log files required for S3 storage.
Observation:The previous step and the next step are performed in this order to avoid writing data to the S3 bucket for a live environment.
Highlight from CloudWatch
Our code only exports groups of logs that contain a tag, and this operation can only be performed from a terminal. Referring toAWS CLIfor more information on configuring command line access (CLI) for your AWS environment. Once the command line access is complete, we can configure each group of log files to be exported via the command line. Use the following command to complete this process:
aws --region us-west-2 logs tag-log-group --log-group-name /api/aws/connect --tags ExportToS3=true
We are now automatically configured to export CloudWatch log groups to our S3 bucket!
AWS solution delivered
We chooseAWS servicesfor its flexibility and ability to deliver results to market in a timely manner. By focusing our attention on the AWS Cloud, we were able to efficiently export data to an event-driven S3 bucket from CloudWatch.
Contact us
They're done, we're ehAPN Advanced Consulting Partner voor Amazon Connectgiving us a unique set of skills to accelerate your cloud, agent and customer experience.
Perficient prides itself on our personalized approach to the customer journey, helping enterprise customers transform and modernize their contact center and CRM experience with platforms like Amazon Connect.For more information on how Perficient can help you get the most out of Amazon Lex,contact us here.
FAQs
How do I automatically export from CloudWatch Logs to S3? ›
Open the lambda console, create a lambda function with environment variables and required custom parameter values. Open the eventbridge console, create a rule for target as lambda function to run every 5 min to export the cloudwatch logs to s3 bucket.
How do I export CloudWatch metrics to S3? ›- Create an S3 bucket using the code below. ...
- Set up access policies and permissions for the S3 bucket; by default, all buckets are private. ...
- Once the policy is created, set the policy on the S3 bucket: aws s3api put-bucket-policy --bucket techtarget-bucket-92 --policy file://policy.json.
-In the left navigation pane, choose Logs. -Select the log group that contains the log stream you want to download. -Select the log stream that contains the log events you want to download. -Choose the log events that you want to download.
How do I extract data from CloudWatch Logs? ›- Use subscription filters to stream log data to another receiving source in real time.
- Run a query with CloudWatch Logs Insights.
- Export log data to Amazon Simple Storage Service (Amazon S3) for batch use cases.
- Call GetLogEvents or FilterLogEvents in the CloudWatch API.
- Env variable S3_BUCKET needs to be set. ...
- Creates a Cloudwatch Logs Export Task.
- It only exports logs from Log Groups that have a tag ExportToS3=true.
- It will use the log group name as the prefix folder when exporting.
- Provide the function name & choose Python 3.7.
- Attach the IAM Role - serverless-cw-to-s3-exporter-role.
- Get code here.
- Save the lambda function.
- Create an input parameter for your GetMetricData API call (metric-data-queries. json). ...
- Publish sample metric data as custom metrics using PutMetricData. ...
- Run the command aws cloudwatch get-metric-data with your input parameters.
- Review the output.
- In the navigation pane, choose Logs, and then choose Log groups.
- Choose the name of the log group.
- Choose Actions , and then choose Create metric filter.
- For Filter pattern, enter a filter pattern.
Daily storage metrics for buckets ‐ Monitor bucket storage using CloudWatch, which collects and processes storage data from Amazon S3 into readable, daily metrics. These storage metrics for Amazon S3 are reported once per day and are provided to all customers at no additional cost.
How do I download S3 logs? ›To download and read a log file
Open the Amazon S3 console at https://console.aws.amazon.com/s3/ . Choose the bucket and choose the log file that you want to download. Choose Download or Download as and follow the prompts to save the file. This saves the file in compressed format.
How do I send application logs to S3? ›
- In Destination, select S3.
- In Name, enter a human-readable description for the destination.
- In Bucket, enter the name of the bucket you created in the S3 account where you want to store logs.
- In Folder path, provide the path to the folder within the bucket where you want to store logs.
- Create an IAM role with S3 write access or admin access.
- Map the IAM role to an EC2 instance.
- Install AWS CLI in EC2 instance.
- Run the AWS s3 cp command to copy the files to the S3 bucket.
Start Event Viewer by going to Start > search box (or press Windows key + R to open the Run dialog box) and type eventvwr . Within Event Viewer, expand Windows Logs. Click the type of logs you need to export. Ensure that the Save as type is set to .
How do I query CloudWatch logs in AWS? ›- Use the unified CloudWatch agent to get started With CloudWatch Logs.
- Use the previous CloudWatch Logs agent to get started with CloudWatch Logs. Quick Start: Install the agent on a running EC2 Linux instance. ...
- Quick Start: Use AWS CloudFormation to get started with CloudWatch Logs.
To leverage on AWS CloudWatch capability you can actually forward logs real time from S3 to CloudWatch using the configuration below. The configuration for sending the logs involves the following steps: Create IAM Role with the relevant permission to access S3 and write logs to cloudwatch.
Does S3 have automated backup? ›Many features are available for S3 backups, including Backup Audit Manager. You can use a single backup policy in AWS Backup to centrally automate the creation of backups of your application data.
How do I transfer data from aws to S3? ›- Set up.
- Sign in to the console.
- Create an agent. Deploy your agent. Choose a service endpoint. Activate your agent.
- Discover your storage. Add your on-premises storage system. Start your discovery job.
- Transfer your data. Create a source location. Create a destination location. ...
- Clean up resources.