Questions tagged with Amazon CloudWatch

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

2
answers
0
votes
24
views
asked 2 days ago

Capturing Application logs to Central log account CloudWatch using CWAgent

Can you take a look at credentials section of config file? I am working on a configuration file to send logs to directly Cross account CloudWatch, there by to S3 to eliminate the maintanance of S3 buckets at each account level. I am following this documentation of AWS: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-common-scenarios.html#CloudWatch-Agent-send-to-different-AWS-account Normally without credentials section, logs were going to same account CloudWatch. But if I add credentials section and add related policies in the sender and receiver account, I couldn't see logs in receiver's CloudWatch. Config File: ``` { "agent": { "credentials": { "role_arn": "arn:aws:iam::512425977391:role/CWAgent-Receive-Role" }, "metrics_collection_interval": 60, "region": "us-east-1", "debug": false }, "logs": { "logs_collected": { "files": { "collect_list": [ { "file_path": "C:\\AppData\\*", "log_group_name": "Server-1", "log_stream_name": "{instance_id}", "retention_in_days": 7 } ] } } } } ``` IAM Policy at Sender Account is: Role Name: CWAgent-Send-Role ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sts:AssumeRole" ], "Resource": [ "arn:aws:iam::512425977391:role/CWAgent-Receive-Role" ] } ] } ``` IAM Policy at Receiver Account is:(Which is added to trust relationship) Role Name: CWAgent-Receive-Role ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::166355562301:role/CWAgent-Send-Role" }, "Action": "sts:AssumeRole" } ] } ```
0
answers
0
votes
9
views
asked 6 days ago