AWS CloudWatch

Overview

The AWS CloudWatch integration ingests CloudWatch logs from AWS via the AWS SDK for CloudWatch Logs.

Supported platforms

Linux: Logs
Windows: Logs
macOS: Logs

Authentication Configuration

AWS CloudWatch supports AWS access-key, assume-role, and IMDS credentials.

Parameter	Type	Description
credential_type	option	`aws` for access keys or assume role; `awsimds` for EC2 metadata credentials.
auth_method	option	Use `access_keys` or `iam_role` for `aws` credentials.
access_key_id	string	AWS access key. Required for `access_keys`; optional source creds for role.
secret_access_key	string	AWS secret key. Required for `access_keys`; optional source creds for role.
session_token	string	Optional session token for temporary credentials.
role_arn	string	IAM role ARN to assume when `auth_method` is `iam_role`.
role_session_name	string	Optional session name for the assumed role.
profile	string	Optional AWS shared config profile.
imds_endpoint	string	Optional IMDS endpoint for `awsimds` credentials.

Note: The Credential Type field is required if not using default AWS credentials.

Basic Configuration

Parameter	Type	Default Value	Required	Description
region	string	none	Yes	The AWS region where your CloudWatch logs are located.
start_from	string	none	No	Timestamp in RFC3339 format indicating where to start reading logs.
poll_interval	string	1m	No	Time to wait between log requests (minimum 1s).
max_events_per_request	integer	1000	No	Maximum number of events to process per request to CloudWatch.
persist_offsets	boolean	true	No	Persist CloudWatch log reading offsets to resume from where left off.

Advanced Configuration

Log Groups Configuration

Parameter	Type	Default Value	Required	Description
log_group_discovery_type	string	autodiscover	No	Choose how to discover log groups: Auto Discovery or Named Groups.

Auto Discovery Settings

Parameter	Type	Default Value	Required	Description
limit	integer	50	Conditional	Maximum number of log groups to discover.
prefix	string	none	Conditional	Prefix for log group names to filter discovery.
pattern	string	none	Conditional	Case-sensitive substring that must be present in log group names.
account_identifiers	array	[]	Conditional	AWS account IDs to filter log groups by.
include_linked_accounts	boolean	false	Conditional	When using a monitoring account, include log groups from linked source accounts.

Stream Filters

Parameter	Type	Default Value	Required	Description
names	array	[]	No	Full log stream names to filter (exact matches).
prefixes	array	[]	No	Prefixes to filter log streams (e.g., `["kube-apiserver"]`).

Note: Stream filters apply to discovered log groups. Use names for exact stream matches or prefixes for partial matches. Only one of prefix or pattern can be specified for log group discovery. If both are omitted, all log streams up to the limit are collected.

Named Log Groups

Array of log group configs with:

Parameter	Type	Default Value	Required	Description
log_group_name	string	none	Yes	Full log group name to collect logs from.
names	array	[]	No	Full log stream names to filter.
prefixes	array	[]	No	Prefixes to filter log streams.

Example Configuration

{
  "region": "us-west-2", // required

  "logs": {
    "start_from": "2024-01-01T00:00:00Z",
    "poll_interval": "1m", // default: "1m"
    "max_events_per_request": 1000, // default: 1000
    "persist_offsets": true, // default: true

    "groups": {
      "log_group_discovery_type": "autodiscover", // default: "autodiscover"

      "autodiscover": {
        "limit": 50, // default: 50
        "prefix": "/aws/eks/",
        "pattern": "kube",
        "account_identifiers": ["123456789012"],
        "include_linked_accounts": false,
        "streams": {
          "names": [],
          "prefixes": ["kube-apiserver"],
        },
      },
    },
  },
}

Overview​

Authentication Configuration​

Basic Configuration​

Advanced Configuration​

Log Groups Configuration​

Auto Discovery Settings​

Stream Filters​

Named Log Groups​

Example Configuration​