Reputation: 975
How To Send Vault logs to CloudWatch
When running Hashicorp Vault on EC2, I'm able to install the CloudWatch agent and ship logs to over CloudWatch in order to create alerts and notifications on specific events.
However, when running Vault via a helm chart in Kubernetes, I'm not sure how to go about the same thing.
Is there a way to install the CloudWatch agent when running Vault in Kubernetes? Or some other way to get the logs to CloudWatch?
I have the file audit device enabled at vault/audit/vault_audit.log but all the logs are currently sitting on that file.
It's back by persistent storage, but ideally, ,I'd like to get it into CloudWatch somehow.
Upvotes: 1
Views: 503
Answers (1)
Reputation: 938
You will need to add a sidecar container (with a CWAgent or something like Vector) to the Vault pods, and write the audit log into the file located in a directory shared between Vault and this container. This sidecar will be responsible for watching the file, parsing it, and forwarding the logs to CloudWatch Logs.
Upvotes: 0
Related Questions
- How to send logs from on-premise servers to AWS Cloudwatch?
- Sending EMR Logs to CloudWatch
- AWS CloudWatch Logs Archive (not S3), how to use it
- How to Import Logs From An Amazon S3 Bucket to cloudwatch
- How to create cloudformation cloudwatch alarm for lambda/dynamo?
- Sending data to CloudWatch using the AWS-SDK
- How to Send Kubernetes Logs to AWS CloudWatch?
- Add CloudWatch Logs to To SNS Email
- How to insert AWS Cloudwatch logs into database?
- How to send application logs from docker to cloudwatch