9

I have been reading various articles/docs and watching some videos on this topic. My issue is that they all conflict in one way or another.

My goal is to use winston to send all console.logs/error messages from my ec2 server to Cloudwatch so that no logs are ever logged on the ec2 terminal itself.

Points of confusion:

  1. If I use winston-aws-cloudwatch or winston-cloudwatch, do I still need to setup an IAM user on AWS or will these auto generate logs within Cloudwatch?
  2. If I setup Cloudwatch as per AWS documentation will that automatically stream any would be console.logs from the EC2 server to Cloudwatch or will it do both? If the first one, then I don't need Winston?
  3. Can I send logs from my local development server to Cloudwatch (just for testing purposes, as soon as it is clear it works, then I would test on staging and finally move it to production) or must it come from an EC2 instance?
  4. I assume the AWS Cloudwatch key is the same as the AWS key I use for the rest of my account?

Present code:

var winston = require('winston'),
  CloudWatchTransport = require('winston-aws-cloudwatch');

const logger = new winston.Logger({
  transports: [
    new (winston.transports.Console)({
      timestamp: true,
      colorize: true
    })
  ]
});

const cloudwatchConfig = {
  logGroupName: 'groupName',
  logStreamName: 'streamName',
  createLogGroup: false,
  createLogStream: true,
  awsConfig: {
    aws_access_key_id: process.env.AWS_KEY_I_USE_FOR_AWS,
    aws_secret_access_key: process.env.AWS_SECRET_KEY_I_USE_FOR_AWS,
    region: process.env.REGION_CLOUDWATCH_IS_IN
  },
  formatLog: function (item) {
    return item.level + ': ' + item.message + ' ' + JSON.stringify(item.meta)
  }
};

logger.level = 3;

if (process.env.NODE_ENV === 'development') logger.add(CloudWatchTransport, cloudwatchConfig);

logger.stream = {
  write: function(message, encoding) {
    logger.info(message);
  }
};

logger.error('Test log');
Brandon
  • 1,447
  • 2
  • 21
  • 41

1 Answers1

5
  1. Yes
  2. Depends on the transports you configure. If you configure only CloudWatch than it will only end up there. Currently your code has 2 transports, the normal Console one and the CloudWatchTransport so with your current code, both.
  3. As long as you specify your keys as you would normally do with any AWS service (S3, DB, ...) you can push logs from your local/dev device to CloudWatch.
  4. Depends on your IAM user if he has the privileges or not. But it is possible yes.
spa900
  • 927
  • 9
  • 19
  • Point 1 wasn't a yes or no question. Is that 'yes' you need to setup an IAM user or 'yes' they will auto generate logs. I assume the former but wanted to check. – Alexander Swann Nov 16 '18 at 12:32
  • You always need an IAM user to authenticate to CloudWatch. How could the client auto generate logs on a service on which it is not authenticated to? You need some way of authentication, an IAM user is one of the methods. – spa900 Nov 16 '18 at 15:39
  • I thought that was the case. Might be worth editing you answer rather than putting Yes as it's unclear and might be confusing to others less familiar with AWS. – Alexander Swann Nov 17 '18 at 18:53