CloudWatch
Integration
AWS Access
Either create programmatic access user or provide an existing one.
This user must have the following permissions:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
The AWSAppSyncPushToCloudWatchLogs premade role has these permissions.
Birch
Add the integration to your dashboard.
| Field | Value | Required |
|---|---|---|
| Name | A name to identify the drain | ✔ |
| Access Key ID | The access key id of the AWS user used to authenticate | ✔ |
| Secret Access Key | The secret access key of the user used to authenticate | ✔ |
| Region | Must match the region of your AWS account | ✔ |
| Log Group Name | The log group to place the logs in, many call it birch | ✔ |
Log Format
CloudWatch only supports the following:
- timestamp
- message
Log Stream
The log_stream ends up being the identifier of the source.
Example:
Birch.identifier is nil so logs end up in
log_group/source_uuid
Another example:
Birch.identifier = user.id so logs end up in
log_group/user.id
If the identifier changes on the source, the logs made under the old identifier continue to flow to the old log stream and new logs will flow to the new log stream.