Versions Compared

Old Version 5

changes.mady.by.user Unknown User (robertwilliams)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (robertwilliams)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In order to log to AWS Cloudwatch Logs you need to create a IAM role which grants the Circulation Manager application the following AWS IAM actions:
logs:PutLogEvents
logs:DescribeLogStreams

If you want the application to be able to create the log group and streams for you it needs the following AWS IAM actions:
logs:CreateLogGroup
logs:CreateLogStream

Sample IAM Policy

To support these actions, you should add a policy for the IAM Role. It will have the following attributes as a minimum:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "logs:DescribeLogStreams"
      ],
      "Resource": [
        "arn:aws:logs:::*"
      ]
    }
  ]
} 

Authentication with the AWS Cloudwatch service is handled through the Boto3 library. There are a number of ways to configure the credentials so that the instance has access to Cloudwatch Logs. These options are documented in the Boto3 Credentials Documentation. If you are running the Circulation Manager in AWS, the best practice is to configure logging to use an Instance IAM Role.

...