CloudWatch Internal Agent Configuration

Question

We are a tier 1 service owner and because of high traffic we want to push client logs to client owned accounts

I am using Cloudwatch Internal Agent in Amazon and wanted to check if this is possible

This is my agent configuration

```
{
  "agent": {
    "metrics_collection_interval": 1,
    "region": "us-west-1",
    "logfile": "/opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log",
    "debug": false,
    "run_as_user": "nobody"
  },
  "logs": {
    "logs_collected": {
      "files": {
        "collect_list": [
          {
            "file_path": "/apollo/env/SampleDOTAdopter/var/output/logs/website-log-pusher*",
            "log_group_name": "SampleDOTAdopter/{stage}/application_log",
            "log_stream_name": "{hostname}",
            "timezone": "UTC",
            "retention_in_days": 30
          }
        ]
      }
    },
    "credentials": {
      "role_arn" : "**:role/SampleDOTAdopter"
    }
  },
  "logs": {
    "logs_collected": {
      "files": {
        "collect_list": [
          {
            "file_path": "/apollo/env/SampleDOTAdopter/var/output/logs/service_log.*",
            "log_group_name": "SampleDOTAdopter/{stage}/service_log.",
            "log_stream_name": "{hostname}",
            "timezone": "UTC",
            "retention_in_days": 30
          }
        ]
      }
    },
    "credentials": {
      "role_arn" : "**:role/DOTPlayground"
    }

}
}

```

Answer

I don't know with the CW Agent, I haven't tried that. But with something like Fluent-Bit you most definitely can do that. I have started off a blog post in fact here to document just that.

I typically output all the logs to CW Logs in the same account, but you can change that behaviour by using an IAM role to assume to publish the logs into another account. I prefer to use Firehose to send the logs into another account which lands the log files to S3 but that pretty much achieves the same thing.

CloudWatch Internal Agent Configuration

Relevant content