Amazon CloudWatch Logs
User Guide

Quick Start: Use AWS CloudFormation to Send Log Data to CloudWatch Logs

AWS CloudFormation enables you to describe your AWS resources in JSON format. With AWS CloudFormation, you can describe and then quickly and consistently provision log groups and metric filters in CloudWatch Logs. You can also use AWS CloudFormation to install and configure the CloudWatch Logs agent on EC2 instances. For example, if you have multiple Apache web servers on EC2 instances, you can write a single AWS CloudFormation template that defines the web server logs and the information from those logs that you want to monitor. You can then reuse the template for all of your Apache web servers. For more information, see the AWS CloudFormation User Guide.

For more information about CloudWatch resources in AWS CloudFormation, see the AWS::Logs::LogGroup and AWS::Logs::MetricFilter in the AWS CloudFormation User Guide.


The following template snippet creates a log group and metric filter. The log group retains log events for 7 days. The metric filter counts the number of 404 occurrences. It sends a metric value of 1 each time the status code field equals 404.

"WebServerLogGroup": { "Type": "AWS::Logs::LogGroup", "Properties": { "RetentionInDays": 7 } }, "404MetricFilter": { "Type": "AWS::Logs::MetricFilter", "Properties": { "LogGroupName": { Ref": "WebServerLogGroup" }, "FilterPattern": "[ip, identity, user_id, timestamp, request, status_code = 404, size, ...]", "MetricTransformations": [ { "MetricValue": "1", "MetricNamespace": "test/404s", "MetricName": "test404Count" } ] } }

For a stack named MyStack, the example creates a log group named "MyStack-LogGroup-unique-hash" and a metric filter named "MetricFilter-unique-hash. For a complete sample template that includes an EC2 instance and CloudWatch alarms, see Amazon CloudWatch Logs Sample in the AWS CloudFormation User Guide.