CloudWatch Logs - AWS IoT Core

CloudWatch Logs

The CloudWatch Logs (cloudwatchLogs) action sends data to Amazon CloudWatch Logs. You can specify the log group to which the action sends data.

Requirements

This rule action has the following requirements:

  • An IAM role that AWS IoT can assume to perform the logs:CreateLogStream, logs:DescribeLogStreams, and logs:PutLogEvents operations. For more information, see Granting AWS IoT the required access.

    In the AWS IoT console, you can choose or create a role to allow AWS IoT to perform this rule action.

  • If you use a customer-managed AWS KMS key (KMS key) to encrypt log data in CloudWatch Logs, the service must have permission to use the KMS key on the caller's behalf. For more information, see Encrypt log data in CloudWatch Logs using AWS KMS in the Amazon CloudWatch Logs User Guide.

Parameters

When you create an AWS IoT rule with this action, you must specify the following information:

logGroupName

The CloudWatch log group to which the action sends data.

Supports substitution templates: API and AWS CLI only

roleArn

The IAM role that allows access to the CloudWatch log group. For more information, see Requirements.

Supports substitution templates: No

Examples

The following JSON example defines a CloudWatch Logs action in an AWS IoT rule.

{ "topicRulePayload": { "sql": "SELECT * FROM 'some/topic'", "ruleDisabled": false, "awsIotSqlVersion": "2016-03-23", "actions": [ { "cloudwatchLogs": { "logGroupName": "IotLogs", "roleArn": "arn:aws:iam::123456789012:role/aws_iot_cw" } } ] } }

See also