By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Not getting logs from Amazon Managed Services for Prometheus workspace in Cloudwatch

0

I have an Amazon Managed Services for Prometheus (AMP) workspace. I have deployed several Prometheus servers using Fargate/ECS that remote writes to my AMP workspace. Everything seems to work as expected, I can access the Prometheus metrics when connecting the AMP workspace as a datasource to a Grafana instance, etc.

My problem is that I don't get any logs from my AMP workspace in Cloudwatch, even though I have enabled logging. When I navigate to the AMP workspace in Amazon Console, look under the Logs tab, the Log level is "All", Status is "Active" and the CloudWatch log group is "My-AMP-workspace". When I look in Cloudwatch, there are no log streams created for that log group. I have other log groups that receive logs from other services.

My questions are:

  1. Are there any other configs I need to make to enable logs for AMP to Cloudwatch, any pemissions or similar?
  2. What type of logs could I expect from the AMP workspace? I am trying to debug why Grafana threw a DatasourceError for my AMP workspace and would like to see if anything unexpected happened at that time.
  3. How can I test that logs are forwarded to Cloudwatch?
Topics
Management & Governance
Tags
Amazon PrometheusAmazon CloudWatch
Language
English
LilyB
asked 4 months ago909 views
2 Answers
1
Accepted Answer

Kindly check if the Policy is updated with the necessary permission. Please refer: https://docs.aws.amazon.com/prometheus/latest/userguide/CW-logs-config.html

profile pictureAWS
Anand
answered 4 months ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed 3 months ago
  • LilyB
    4 months ago

    Thank you for your reply. I had seen this part of the docs, but the problem was that I didn't understand which user or role I should attach that policy to. I just now tried to attach thse permissions to my personal IAM user that I used when setting up the AMP workspace, and since i got a logstream with the message "Permissions are set correctly to allow AWS CloudWatch Logs to write into your logs while creating a subscription." I guess that it worked. However, that means I should have used a generic/non-personal user to create the workspace, not my personal IAM user.

1

Hi, I tried adding the necessary permission to the account, then creating the log group and enabling logs on the AMP console. But still no luck, I can't see any logs, just the one with the message "Permissions are set correctly to allow AWS CloudWatch Logs to write into your logs while creating a subscription" as mentioned by LilyB. Can you provide more information about it? I think AMP is lacking some documentation in several aspects and there are not much examples of people using it.

Angelo
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content