DEV Community

Contours on Cross Account Export of CloudWatch Logs to S3 Bucket

“ I have checked the documents of AWS to get the solution for export of cloudwatch logs to s3 bucket cross account. In terms of cost, need to pay for cloudwatch log and s3 bucket.”

Amazon Cloudwatch logs to monitor, store and access your log files from Amazon Elastic Compute Cloud instances, AWS Cloudtrail, Route53 and other sources.

Cloudwatch logs enable you to centralize the logs from all of your systems, applications and AWS services that you use, in a single, highly scalable service. You can then easily view them, search them for specific error codes or patterns, filter them based on specific fields or archive them securely for future analysis.

A log stream is a sequence of log events that share the same source. Each separate source of logs in cloudwatch logs makes up a separate log stream. A log group is a group of log streams that share the same retention, monitoring and access control settings. You can define log groups and specify which streams to put into each group. There is no limit on the number of log streams that can belong to one log group.

In this post, you will experience how contours on cross account export of cloudwatch logs to s3 bucket. Here I have created a s3 bucket, cloudwatch log group, IAM policy and s3 bucket policy.

Architecture Overview

Image description
The architecture diagram shows the overall deployment architecture with data flow, amazon cloudwatch, iam and amazon s3.

Solution overview

The blog post consists of the following phases:

  1. In Account B, Create of S3 Bucket with Required Configurations
  2. In Account A, Create of CloudWatch Log Group and IAM Policy
  3. In Account B, Add of Bucket Policy on S3 Bucket Created
  4. Output as CloudWatch Logs Export to S3 Bucket from Account A to Account B

Phase 1: In Account B, Create of S3 Bucket with Required Configurations

  1. Open the console of S3, create a bucket named “crossaccount-logs” with required and default configurations.

Image description

Image description

Image description

Image description

Image description

Image description

Phase 2: In Account A, Create of CloudWatch Log Group and IAM Policy

  1. Open the console of CloudWatch, create a log group with log events. Also create an IAM policy for s3 bucket to allow putobject for user to export logs to s3. In User, attach policy created for putobject, attach of s3 read only access and cloudwatch full access.

Image description

Image description

Image description

Image description

Phase 3: In Account B, Add of Bucket Policy on S3 Bucket Created

Image description

Image description

Image description

Phase 4: Output as CloudWatch Logs Export to S3 Bucket from Account A to Account B

Image description

Image description

Image description

Image description

Image description

Image description

Image description

Image description

Clean-up

Delete of IAM, Cloudwatch and S3.

Pricing

I review the pricing and estimated cost of this example.

Account A: Cost of CloudWatch = $0.0

Cost of Data Transfer = $0.0

Account B: Cost of Simple Storage Service = $0.02

Total Cost = $0.02

Summary

In this post, I showed “how to contours on cross account export of cloudwatch logs to s3 bucket”.

For more details on Amazon Cloudwatch, Checkout Get started Amazon Cloudwatch, open the Amazon Cloudwatch console. To learn more, read the Amazon Cloudwatch documentation.

Thanks for reading!

Connect with me: Linkedin
Image description

Top comments (0)