CloudWatch Logs

Suggest Edits

CloudWatch Logs allow subscription filters to be used with Kinesis Data Streams, Lambda, or Kinesis Data Firehose.

Connecting your cloudWatch logs to Dr. Droid platform should take about 15 minutes of your time to setup and would requires one input from us (as mentioned in pre-req). We typically respond in less than 24 hours.

Note: You will need our team's assistance in Step 2(i). Please request for access here.

Steps:

  1. Select a particular log group within your CloudWatch Logs Console.
  1. Go to Subscription Filters → Create Kinesis Firehose Subscription Filter.
    1. If you have not yet created a Kinesis Firehose to connect with Dr. Droid, read here on how to create a Kinesis Firehose Stream for Dr. Droid.
  1. After you've created one, come back to the portal and select the same firehose.

  1. Create a new IAM role to enable events from CloudWatch → Firehose:

    1. Select "Kinesis" --> Firehose as the trusted entity.
    2. While "adding permissions", create a new policy and paste the below mentioned policy:

    Resource will look like - `arn:aws:firehose:<aws_region>:<aws_account_id>:deliverystream/<firehose_delivery_stream_name>`

{
  "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "AllowCloudWatchToFirehose",
        "Effect": "Allow",
        "Action": [
          "firehose:PutRecord",
          "firehose:PutRecordBatch"
        ],
        "Resource": "ARN of firehose delivery stream created"
      }
    ]
}

Resource will look like - arn:aws:firehose:<aws_region>:<aws_account_id>:deliverystream/<firehose_delivery_stream_name>

Once the policy is added, go to next page and add role name.

Modify the trust policy with the following. This allows your log streams to be trusted as the source. 

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "Statement1",
			"Effect": "Allow",
			"Principal": {
				"Service": "logs.<aws_region>.amazonaws.com"
			},
			"Action": "sts:AssumeRole",
			"Condition": {
				"StringLike": {
					"aws:SourceArn": "arn:aws:logs:<aws_region>:<aws_account_id>:*"
				}
			}
		}
	]
}

Save the role.

  1. Subscription Filter Pattern: Add the filtering rule to decide what to send to Doctor Droid platform. To read more about how you can filter events by pattern related to a keyword, variable value or more complex expression, read this documentation.
  1. “Start Streaming”.

As soon as you start filtering, you should be able to start seeing events on our platform.

Updated about 2 months ago