tom-butler · January 18, 2018 05:20 · tom-butler · Oct 9, 2017
diff --git a/cloudwatch-log-config b/cloudwatch-log-config
 [general]
 state_file = /var/awslogs/state/agent-state
 
 [/var/log/syslog]
 file = /var/log/syslog
 log_group_name = appname
 log_stream_name = {instance_id}-/var/log/syslog
 datetime_format = %b %d %H:%M:%S

 [/var/log/tomcat8/catalina.out]
 file = /var/log/tomcat8/catalina.out
 log_group_name = appname
 log_stream_name = {instance_id}-/var/log/tomcat8/catalina.out
 datetime_format = %b %d %H:%M:%S

 [/var/log/apache2/error.log]
 file = /var/log/apache2/error.log
 log_group_name = appname
 log_stream_name = {instance_id}-/var/log/apache2/error.log
 datetime_format = %b %d %H:%M:%S
diff --git a/install.sh b/install.sh
 # Install cloudwatch monitoring scripts requirements
 sudo apt-get install -y python3-pip
 sudo pip3 install --upgrade awscli

 echo ==============================================================================
 echo Configure Log Export
 echo ==============================================================================

 cd /tmp/

 # Download the agent installer
 curl https://s3.amazonaws.com//aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O
 chmod +x ./awslogs-agent-setup.py

 # Run it passing our config
 sudo python3 ./awslogs-agent-setup.py -n -r ap-southeast-2 -c /tmp/files/cloudwatch-log-config
diff --git a/policy.tf b/policy.tf
 # The policy to allow access to cloudwatch
 resource "aws_iam_role_policy" "cloudwatch_logs_policy" {
  name = "${var.stack_name}_${var.environment}_logs_policy"
  
  
  # You will have to change this to point to your role.
  role = "${aws_iam_role.install_script_role.id}"

  policy = <<EOF
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "logs:DescribeLogStreams"
      ],
      "Resource": [
        "arn:aws:logs:*:*:*"
      ]
    }
  ]
 }
 EOF
 }
	[general]
	state_file = /var/awslogs/state/agent-state

	[/var/log/syslog]
	file = /var/log/syslog
	log_group_name = appname
	log_stream_name = {instance_id}-/var/log/syslog
	datetime_format = %b %d %H:%M:%S

	[/var/log/tomcat8/catalina.out]
	file = /var/log/tomcat8/catalina.out
	log_group_name = appname
	log_stream_name = {instance_id}-/var/log/tomcat8/catalina.out
	datetime_format = %b %d %H:%M:%S

	[/var/log/apache2/error.log]
	file = /var/log/apache2/error.log
	log_group_name = appname
	log_stream_name = {instance_id}-/var/log/apache2/error.log
	datetime_format = %b %d %H:%M:%S
	# Install cloudwatch monitoring scripts requirements
	sudo apt-get install -y python3-pip
	sudo pip3 install --upgrade awscli

	echo ==============================================================================
	echo Configure Log Export
	echo ==============================================================================

	cd /tmp/

	# Download the agent installer
	curl https://s3.amazonaws.com//aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O
	chmod +x ./awslogs-agent-setup.py

	# Run it passing our config
	sudo python3 ./awslogs-agent-setup.py -n -r ap-southeast-2 -c /tmp/files/cloudwatch-log-config
	# The policy to allow access to cloudwatch
	resource "aws_iam_role_policy" "cloudwatch_logs_policy" {
	name = "${var.stack_name}_${var.environment}_logs_policy"


	# You will have to change this to point to your role.
	role = "${aws_iam_role.install_script_role.id}"

	policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"logs:CreateLogGroup",
	"logs:CreateLogStream",
	"logs:PutLogEvents",
	"logs:DescribeLogStreams"
	],
	"Resource": [
	"arn:aws:logs:::*"
	]
	}
	]
	}
	EOF
	}