Publishing Aurora PostgreSQL Logs to Amazon CloudWatch Logs - Amazon Aurora

Publishing Aurora PostgreSQL Logs to Amazon CloudWatch Logs

You can configure your Aurora PostgreSQL DB cluster to publish log data to a log group in Amazon CloudWatch Logs. With CloudWatch Logs, you can perform real-time analysis of the log data, and use CloudWatch to create alarms and view metrics. You can use CloudWatch Logs to store your log records in highly durable storage.

Note

Be aware of the following:

  • Aurora PostgreSQL supports publishing logs to CloudWatch Logs for versions 9.6.12 and above and versions 10.7 and above.

  • From Aurora PostgreSQL, only postgresql logs can be published. Publishing upgrade logs isn't supported.

  • If exporting log data is disabled, Aurora doesn't delete existing log groups or log streams. If exporting log data is disabled, existing log data remains available in CloudWatch Logs, depending on log retention, and you still incur charges for stored audit log data. You can delete log streams and log groups using the CloudWatch Logs console, the AWS CLI, or the CloudWatch Logs API.

  • If you don't want to export audit logs to CloudWatch Logs, make sure that all methods of exporting audit logs are disabled. These methods are the AWS Management Console, the AWS CLI, and the RDS API.

You can publish Aurora PostgreSQL logs to CloudWatch Logs with the console.

To publish Aurora PostgreSQL logs from the console

  1. Open the Amazon RDS console at https://console.aws.amazon.com/rds/.

  2. In the navigation pane, choose Databases.

  3. Choose the Aurora PostgreSQL DB cluster that you want to publish the log data for.

  4. Choose Modify.

  5. In the Log exports section, choose Postgresql log.

  6. Choose Continue, and then choose Modify cluster on the summary page.

You can publish Aurora PostgreSQL logs with the AWS CLI. You can run the modify-db-cluster AWS CLI command with the following options:

  • --db-cluster-identifier—The DB cluster identifier.

  • --cloudwatch-logs-export-configuration—The configuration setting for the log types to be enabled for export to CloudWatch Logs for the DB cluster.

You can also publish Aurora PostgreSQL logs by running one of the following AWS CLI commands:

Run one of these AWS CLI commands with the following options:

  • --db-cluster-identifier—The DB cluster identifier.

  • --engine—The database engine.

  • --enable-cloudwatch-logs-exports—The configuration setting for the log types to be enabled for export to CloudWatch Logs for the DB cluster.

Other options might be required depending on the AWS CLI command that you run.

The following command creates an Aurora PostgreSQL DB cluster to publish log files to CloudWatch Logs.

For Linux, macOS, or Unix:

aws rds create-db-cluster \ --db-cluster-identifier my-db-cluster \ --engine aurora-postgresql \ --enable-cloudwatch-logs-exports postgresql

For Windows:

aws rds create-db-cluster ^ --db-cluster-identifier my-db-cluster ^ --engine aurora-postgresql ^ --enable-cloudwatch-logs-exports postgresql

The following command modifies an existing Aurora PostgreSQL DB cluster to publish log files to CloudWatch Logs. The --cloudwatch-logs-export-configuration value is a JSON object. The key for this object is EnableLogTypes, and its value is postgresql.

For Linux, macOS, or Unix:

aws rds modify-db-cluster \ --db-cluster-identifier my-db-cluster \ --cloudwatch-logs-export-configuration '{"EnableLogTypes":["postgresql"]}'

For Windows:

aws rds modify-db-cluster ^ --db-cluster-identifier my-db-cluster ^ --cloudwatch-logs-export-configuration '{\"EnableLogTypes\":[\"postgresql\"]}'
Note

When using the Windows command prompt, you must escape double quotes (") in JSON code by prefixing them with a backslash (\).

Example

The following example modifies an existing Aurora PostgreSQL DB cluster to disable publishing log files to CloudWatch Logs. The --cloudwatch-logs-export-configuration value is a JSON object. The key for this object is DisableLogTypes, and its value is postgresql.

For Linux, macOS, or Unix:

aws rds modify-db-cluster \ --db-cluster-identifier mydbinstance \ --cloudwatch-logs-export-configuration '{"DisableLogTypes":["postgresql"]}'

For Windows:

aws rds modify-db-cluster ^ --db-cluster-identifier mydbinstance ^ --cloudwatch-logs-export-configuration "{\"DisableLogTypes\":[\"postgresql\"]}"
Note

When using the Windows command prompt, you must escape double quotes (") in JSON code by prefixing them with a backslash (\).

You can publish Aurora PostgreSQL logs with the RDS API. You can run the ModifyDBCluster action with the following options:

  • DBClusterIdentifier—The DB cluster identifier.

  • CloudwatchLogsExportConfiguration—The configuration setting for the log types to be enabled for export to CloudWatch Logs for the DB cluster.

You can also publish Aurora PostgreSQL logs with the RDS API by running one of the following RDS API actions:

Run the RDS API action with the following parameters:

  • DBClusterIdentifier—The DB cluster identifier.

  • Engine—The database engine.

  • EnableCloudwatchLogsExports—The configuration setting for the log types to be enabled for export to CloudWatch Logs for the DB cluster.

Other parameters might be required depending on the AWS CLI command that you run.

Monitoring Log Events in Amazon CloudWatch

After enabling Aurora PostgreSQL log events, you can monitor the events in Amazon CloudWatch Logs. For more information about monitoring, see View Log Data Sent to CloudWatch Logs.

A new log group is automatically created for the Aurora DB cluster under the following prefix, in which cluster-name represents the DB cluster name, and log_type represents the log type.

/aws/rds/cluster/cluster-name/log_type

For example, if you configure the export function to include the postgresql log for a DB cluster named my-db-cluster, PostgreSQL log data is stored in the /aws/rds/cluster/my-db-cluster/postgresql log group.

All of the events from all of the DB instances in a DB cluster are pushed to a log group using different log streams.

If a log group with the specified name exists, Aurora uses that log group to export log data for the Aurora DB cluster. You can use automated configuration, such as AWS CloudFormation, to create log groups with predefined log retention periods, metric filters, and customer access. Otherwise, a new log group is automatically created using the default log retention period, Never Expire, in CloudWatch Logs. You can use the CloudWatch Logs console, the AWS CLI, or the CloudWatch Logs API to change the log retention period. For more information about changing log retention periods in CloudWatch Logs, see Change Log Data Retention in CloudWatch Logs.

You can use the CloudWatch Logs console, the AWS CLI, or the CloudWatch Logs API to search for information within the log events for a DB cluster. For more information about searching and filtering log data, see Searching and Filtering Log Data.