By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS AppStream is unable to push session script logs to s3

0

I have configured session scripts to log stdout and stderr to s3 bucket as described in https://docs.aws.amazon.com/appstream2/latest/developerguide/use-session-scripts.html#enable-S3-bucket-storage-session-script-logs & https://docs.aws.amazon.com/appstream2/latest/developerguide/create-session-scripts.html .

The log files are created successfully on a running appstream instance at /opt/appstream/SessionScripts/logs , but they are not pushed to s3 buckets.

Based on the article above, we do not need to perform any additional settings to make this happen.

  • I assigned a policy to the fleet that has full access to s3 (AmazonS3FullAccess).
  • There is no error about permissions or failure etc logged in CloudWatch or in /var/logs/ on a running instance.

What could be causing this issue? Anything else to be checked?

Topics
StorageNetworking & Content DeliveryManagement & GovernanceEnd User ComputingSecurity, Identity, & Compliance
Tags
Amazon Simple Storage ServiceAmazon VPCAWS Command Line InterfaceAmazon AppStreamIAM Policies
Language
English
rePost-User-0424427
asked a year ago462 views
1 Answer
1

Hi,

If you are experiencing issues with AWS AppStream not being able to push session script logs to Amazon S3, there are a few troubleshooting steps you can take:

  1. Verify IAM Role Permissions: Ensure that the IAM role associated with your AppStream fleet or stack has the necessary permissions to write logs to the specified S3 bucket. The role should have permissions for the s3:PutObject action on the target S3 bucket and appropriate access to the relevant S3 resources.
  2. Confirm S3 Bucket Configuration: Double-check the configuration of the S3 bucket you are trying to push the session script logs to. Make sure the bucket exists, is accessible, and has the correct permissions configured to receive the logs. Confirm that the bucket name and region are accurate.
  3. Check AppStream Fleet Configuration: Review the fleet settings in AppStream. Ensure that the correct S3 bucket and path are specified for the session script logs. Verify that the logging configuration is enabled and properly configured for the desired fleet.
  4. Verify Network Connectivity: Check the network connectivity between the AppStream instances and the S3 service. Ensure that the instances have the necessary outbound internet access or VPC endpoint connectivity to communicate with S3. Network configurations or security group rules may need to be adjusted to allow the necessary traffic.
  5. Check Session Script Logs: Review the session script logs generated by AppStream instances for any error or warning messages related to the log delivery. These logs can provide insights into any specific issues encountered during the log upload process.
  6. Monitor CloudWatch Metrics: Monitor the CloudWatch metrics related to your AppStream fleet, such as LogStreamingFailure and LogStreamingSuccess. These metrics can help identify any patterns or anomalies that may be affecting the log delivery process.

Let me know if this works out or helps you out. Otherwise we can check together on the issue.

himanshustallongmailcom
answered a year ago
  • rePost-User-0424427
    a year ago

    Thanks Himanshu. I have verified all of the above without any further luck. A running instance is able to successfully ping s3.amazonaws.com & curl -O https://s3.amazonaws.com/<bucket-name>/<file-name>

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content