• Created by Unknown User (robertwilliams), last modified on Nov 14, 2018

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »


In order to log to AWS Cloudwatch Logs the application needs the following AWS IAM actions:
logs:PutLogEventslogs:DescribeLogStreams
If you want the application to be able to create the log group and streams for you it needs the following AWS IAM actions:
logs:CreateLogGrouplogs:CreateLogStream

Sample IAM policy:
{"Version": "2012-10-17","Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Resource": [ "arn:aws:logs:::*" ] } ]}
Authentication with the AWS Cloudwatch service is handled through the Boto3 library. There are a number of ways to configure the credentials so that the instance has access to cloudwatch logs. These options are documented in the Boto3 Credentials Documentation. If you are running the circulation manager in AWS the best practice is to configure logging to use an Instance IAM Role.

  • No labels

All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.