Reputation: 613
AWS CloudWatch and EC2 Role + Policy
I've followed a great tutorial by Martin Thwaites outlining the process of logging to AWS CloudWatch using Serilog and .Net Core.
I've got the logging portion working well to text and console, but just can't figure out the best way to authenticate to AWS CloudWatch from my application. He talks about inbuilt AWS authentication by setting up an IAM policy which is great and supplies the JSON to do so but I feel like something is missing. I've created the IAM Policy as per the example with a LogGroup matching my appsettings.json, but nothing comes though on the CloudWatch screen.
My application is hosted on an EC2 instance. Are there more straight forward ways to authenticate, and/or is there a step missing where the EC2 and CloudWatch services are "joined" together?
More Info:
Policy EC2CloudWatch attached to role EC2Role.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
ALL EC2 READ ACTIONS HERE
],
"Resource": "*"
},
{
"Sid": "LogStreams",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:log-group:cloudwatch-analytics-staging
:log-stream:*"
},
{
"Sid": "LogGroups",
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups"
],
"Resource": "arn:aws:logs:*:*:log-group:cloudwatch-analytics-staging"
}
]
}
Upvotes: 0
Views: 932
Answers (1)
Reputation: 51624
In order to effectively apply the permissions, you need to assign the role to the EC2 instance.
Upvotes: 1
Related Questions
- AWS Cloudwatch Monitoring
- Trigger AWS CloudWatch Event Manually
- Restricting AWS Cloudwatch Dashboard exclusive to some role
- AWS CloudWatch to start/stop EC2 instances
- AWS: CloudWatch agent configuration file
- CloudWatch agent doesn't recognize presence of IAM Role
- AWS Cloudwatch custom action
- Cloudwatch permissions to running instance with no IAM role
- CloudWatch log role ARN
- Configuring cloudwatch alarm - alarm-actions option