Design considerations - Centralized Logging

Design considerations

Custom sizing

This solution offers three preset Amazon OpenSearch Service cluster sizes to help support your anticipated log traffic:

  • Small:

    • 3 dedicated primary nodes; c5.large.search instance type

    • 4 data nodes; r5.large.search instance type

  • Medium:

    • 3 dedicated primary nodes; c5.large.search instance type

    • 6 data nodes; r5.2xlarge.search instance type

  • Large:

    • 3 dedicated primary nodes; c5.large.search instance type

    • 6 data nodes; r5.4xlarge.search instance type

Scalability

You can modify your cluster’s instance count and type directly in Amazon OpenSearch Service to accommodate your changing environment and requirements, without having to reconfigure the solution’s architecture or manage backend resources. As a best practice, we recommend that you monitor your cluster’s performance metrics, which can help you update the cluster size for future business needs. Refer to the Amazon OpenSearch Service FAQs for information about Amazon OpenSearch Service clusters.

Deployment options

This solution offers the following deployment options:

  1. Deploy the primary template into your AWS account without enabling sample logs; toggle the Sample Log parameter to No.

  2. Deploy the primary template into your AWS account with sample logs activated, which sets up a single region within the primary account for generating demo data; toggle the Sample Log parameter to Yes.

  3. Deploy the primary template into your AWS account and deploy the demo template into spoke accounts or spoke Regions to test the multi-account, multi-Region set up; enter the necessary information in the primary template’s Spoke Accounts and Spoke Regions parameters.

Sample logs

This solution provides sample logs you can use for testing purposes. You can activate these sample logs from the AWS CloudFormation template, under the Sample Logs parameter. You can either activate this parameter during initial deployment, or post-deployment, when you update the stack. When activated, the AWS CloudFormation template launches the centralized-logging-demo nested stack. For additional information about sample logs, refer to Sample logs.

Important

Since the sample logs Apache web server is publicly accessible, we do not recommend deploying the demo AWS CloudFormation template in a production environment.

Logging across accounts and Regions

This solution creates Amazon CloudWatch Logs destinations that accepts log data from spoke AWS accounts and different AWS Regions. Customers can provide Spoke Accounts and additional AWS Regions (Spoke Regions) as template parameters during stack deployment. Setting up these parameters provides the necessary permission for the CloudWatch Logs destinations access policy to accept streaming log events across spokes accounts and different AWS Regions. Refer to the parameters table in Launch the stack.

You can update these parameters, adding or removing Spoke Accounts or Spoke Regions, at any time post-deployment by updating the stack. Refer to Adding custom CloudWatch Logs for additional information about adding custom CloudWatch Logs.

Note

The latest version of this solution no longer requires you to install a separate spoke template in your secondary AWS accounts for multi-account usage. You can assign spoke accounts and spoke Regions from the primary template’s parameters; and run the command mentioned in the output section of the template from the spoke accounts or Regions.

Solution updates

If you are using a previous version of this solution (v3.x or earlier), we recommend deploying the latest version of the AWS CloudFormation template as a new stack. You can migrate your existing solution’s data to the new version by following the migration steps in Migrate your solution data. After you have migrated your data, we recommend uninstalling the previous version to save on costs. Refer to Uninstall the solution for instructions to uninstall the primary AWS CloudFormation template.

Regional deployments

This solution uses Amazon Cognito which is available in specific AWS Regions only. You must launch this solution’s primary template in a Region that supports Amazon Cognito. (For the most current service availability by Region, refer to the AWS Regional Services List.