Centralized Logging on AWS
Centralized Logging on AWS

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Appendix A: Sample Logs

The centralized logging solution includes an AWS CloudFormation template that deploys sample logs you can use for testing purposes. This template launches an Amazon Elastic Compute Cloud (Amazon EC2) instance with a reference Apache server that hosts a simple web application in an Amazon Virtual Private Cloud (Amazon VPC). During initial launch, the Amazon CloudWatch Logs agent is automatically installed on the instance, which is used to direct raw log data to Amazon CloudWatch.

VPC Flow Logs are enabled in the VPC to capture information about IP traffic to, from, and within the network. Customers can use this example to enable VPC Flow Logs in other VPCs; this data is automatically published to a log group in Amazon CloudWatch Logs.

The demo template turns on AWS CloudTrail and creates a trail for the account, and also creates an Amazon Simple Storage Service (Amazon S3) bucket to store CloudTrail logs, which are automatically delivered to Amazon CloudWatch.

An Amazon CloudWatch event triggers the solution’s custom AWS Lambda function, which uploads any new log data (VPC flow logs, CloudTrail logs, and Apache logs) from Amazon CloudWatch to Amazon ES for analysis and visualization.

The primary solution template includes a parameter you can use to automatically deploy the demo template in the primary account. The secondary template also includes a parameter you can use to automatically deploy the demo template in secondary accounts.