CloudWatch log centralization - cross region and cross account

Question

Hey!

I'm looking for a solution to centralize the log of several accounts into one, but I want to centralize from different regions as well. I saw that CloudWatch has this feature, but it doesn't allow sharing logs between different regions. I saw that AWS itself suggests an ELK solution [https://aws.amazon.com/pt/what-is/elk-stack/]() (ElasticSearch/OpenSearch, Logstash and Kibana), but they say:
"Centralized Logging with OpenSearch supports ingesting AWS service logs and application logs from a different AWS account in the same region.

...Currently, Centralized Logging with OpenSearch does not automate the log ingestion from a different AWS Region. You need to ingest logs from other regions into pipelines provisioned by Centralized Logging with OpenSearch."

[https://docs.aws.amazon.com/solutions/latest/centralized-logging-with-opensearch/frequently-asked-questions.html]()

I've seen some other alternatives with Kinesis, but the cost concerns me. What's another solution?

Answer

CloudWatch has [cross account capabilities](https://aws.amazon.com/blogs/aws/new-amazon-cloudwatch-cross-account-observability/). Further resources:

- [Enable Cross-Account Observability in Amazon CloudWatch](https://www.youtube.com/watch?v=lUaDO9dqISc)

If you want an even more comprehensive solution (with VPC flow logs, CloudTrail etc), there is [Centralized logging and multiple-account security guardrails](https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/centralized-logging-and-multiple-account-security-guardrails.html).

CloudWatch log centralization - cross region and cross account

相關內容