Send Local Logs to CloudWatch

Scenario: You want to save gateway/relay logs to Amazon CloudWatch. This guide presents a simple method to send all gateway/relay logs to a CloudWatch log group.

Set up the Export

1. Enable relay logging in the Admin UI under Settings > Security within the Log Encryption & Storage tab. Ensure logging is set to FILE.

2. Generate an AWS access key and AWS secret access key from the AWS GUI. Ensure the key has the AWSAppSyncPushToCloudWatchLogs permission.

3. Install the Amazon CloudWatch logs agent on the gateway/relay following the Amazon Cloudwatch logs documentation directions. If you already have this agent running, skip to the next step for the lines to add to your /var/awslogs/etc/awslogs.conf file.

4. For the path, enter /home/<user>/.sdm/sdm.log*

5. For the destination log group name, call it SDM-logs or similar. If you have multiple gateways, ensure they all use the same log group name.

6. Under the timestamp format, use the following custom string: %Y-%m-%dT%H:%M:%SZ

7. For initial upload position, choose From start of file.

8. In /var/awslogs/etc/awslogs.conf, verify that you have a section that looks like this:

   Copy

   [/home/ubuntu/.sdm/sdm.log*]
   datetime_format = %Y-%m-%dT%H:%M:%SZ
   file = /home/ubuntu/.sdm/sdm.log*
   buffer_duration = 5000
   log_stream_name = {instance_id}
   initial_position = start_of_file
   log_group_name = SDM-gateway

9. Check /var/log/awslogs.log to ensure there are no errors.

10. Go to the CloudWatch console and verify that there is a log group by the name you specified above.

11. Look at logs to ensure timestamps are correct and logs are being delivered correctly.