-1

I have one lambda function on AWS, which is storing it's logs over AWS cloudwatch. I want to store ALL these logs to S3 using CLI. My linux server is already configured with CLI and has all the necessary permissions to access AWS resources.
I want that the logs that are getting displayed on my AWS cloudwatch console, should get created over an S3 bucket.
Once, these logs are stored to some location on S3, then I can easily export them to an SQL table over Redshift.
Any idea how to bring these logs to S3?
Thanks for reading.

Sidhant Gupta
  • 139
  • 14

2 Answers2

1

You can use boto3 in lambda and export logs into S3 need to write a lambda function thatcsubscribe to CloudWatch logs and triggered on cloud watch log events.

AWS Doc:

Example: https://medium.com/dnx-labs/exporting-cloudwatch-logs-automatically-to-s3-with-a-lambda-function-80e1f7ea0187

vaquar khan
  • 10,864
  • 5
  • 72
  • 96
1

Your question does not specify that you want to export it onetime or regular basis. Thus, there are two options to export the cloudwatch logs to s3 location:

  • Create a export task (onetime) You can create a task with below command:
aws logs create-export-task \
  --profile {PROFILE_NAME} \
  --task-name {TASK_NAME} \
  --log-group-name {CW_LOG_GROUP_NAME} \
  --from {START_TIME_IN_MILLS} \
  --to {END_TIME_IN_MILLS} \
  --destination {BUCKET_NAME} \
  --destination-prefix {BUCKET_DESTINATION_PREFIX}

You can refer this in detail.

  • A lambda to write the logs to s3 (event based from CloudWatch subscription)
exports.lambdaHandler = async (event, context) => {
  // get the logs content from the event
  // if any change to data
  // write the data to s3 location  
}

My recommendation would be to push the logs to ELK stack or any equivalent logging systems(Splunk, Loggly, etc) for better anylysis, visualization of the data.

Rishikesh Darandale
  • 3,222
  • 4
  • 17
  • 35
  • Thank you so much @Rishikesh Darandale. I have successfully exported logs to S3 using the create-export-task command, with the use of an IAM User of my account. But, I am facing one issue. I have to perform this same task through an EC2 machine. The EC2 machine uses an IAM Role instead of User. And I have to create the s3 logs using this IAM Role only. Now, in the create-export-task command, there's one argument of `--profile`. In case of IAM User, it was simply the profile name assigned to the User. What should be it's value in case of IAM Role. Can you please suggest? Thanks so much again!! – Sidhant Gupta Oct 21 '21 at 09:59
  • @SidhantGupta, if the correct policies are attached to your EC2 IAM role, then it should work OOB. You do not have to provide `--profile` when you have the correct policies assigned to your EC2 IAM role. – Rishikesh Darandale Oct 21 '21 at 13:04