CloudWatch log centralization - cross region and cross account

0

Hey!

I'm looking for a solution to centralize the log of several accounts into one, but I want to centralize from different regions as well. I saw that CloudWatch has this feature, but it doesn't allow sharing logs between different regions. I saw that AWS itself suggests an ELK solution https://aws.amazon.com/pt/what-is/elk-stack/ (ElasticSearch/OpenSearch, Logstash and Kibana), but they say: "Centralized Logging with OpenSearch supports ingesting AWS service logs and application logs from a different AWS account in the same region.

...Currently, Centralized Logging with OpenSearch does not automate the log ingestion from a different AWS Region. You need to ingest logs from other regions into pipelines provisioned by Centralized Logging with OpenSearch."

https://docs.aws.amazon.com/solutions/latest/centralized-logging-with-opensearch/frequently-asked-questions.html

I've seen some other alternatives with Kinesis, but the cost concerns me. What's another solution?

1 Answer
1

CloudWatch has cross account capabilities. Further resources:

If you want an even more comprehensive solution (with VPC flow logs, CloudTrail etc), there is Centralized logging and multiple-account security guardrails.

profile pictureAWS
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions