Setting up AWS Cloudwatch Logging
  • 04 May 2022
  • 2 Minutes to read
  • Dark
    Light

Setting up AWS Cloudwatch Logging

  • Dark
    Light

Overview 

By leveraging power of AWS Cloud computing, and as a means of external Logging, v8. provides the ability to utilize AWS CloudWatch Integration as a means of Logging in a Decisions environment. 

Doing so allows the ability to track Logs from a Docker Container through the use of AWS. The following document demonstrates how to properly set up and run AWS CloudWatch Integration from a Containerized Decisions Installation.

Prerequisites
The following is required to properly establish an AWS CloudWatch Integration:

Example 

  1. Login to AWS with the respective IAM user Account credentials.
  2. Navigate to IAM > Access Management > Policies; then, click Create Policy
  3. From the Create policy window, navigate to the JSON tab. Then, input the following JSON value, replacing the bracketed values with each respective value, and click Next: Tags
    Obtaining ARN and Region
    The ARN (non-hypehenated Account ID) and Region can both be obtained by clicking the dropdown arrow beside the User Name of the AWS Account, and by clicking the arrow beside Global respectively. 
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "logs:CreateLogStream",
                    "logs:DescribeLogStreams",
                    "logs:PutLogEvents"
                ],
                "Resource": [
                    "arn:aws:logs:[REGION OF THE CONTAINER]:[NON-HYPHENATED ACCOUNT ID]:log-group:Decisions.Web:*",
                    "arn:aws:logs:[REGION OF THE CONTAINER]:[NON-HYPHENATED ACCOUNT ID]:log-group:Decisions.Core.Usage:*",
                    "arn:aws:logs:[REGION OF THE CONTAINER]:[NON-HYPHENATED ACCOUNT ID]:log-group:Decisions.Core.UsageDetails:*"
                ]
            },
            {
                "Sid": "VisualEditor1",
                "Effect": "Allow",
                "Action": "logs:CreateLogGroup",
                "Resource": [
                    "arn:aws:logs:[REGION OF THE CONTAINER]:[NON-HYPHENATED ACCOUNT ID]:log-group:Decisions.Web:*",
                    "arn:aws:logs:[REGION OF THE CONTAINER]:[NON-HYPHENATED ACCOUNT ID]:log-group:Decisions.Core.Usage:*",
                    "arn:aws:logs:[REGION OF THE CONTAINER]:[NON-HYPHENATED ACCOUNT ID]:log-group:Decisions.Core.UsageDetails:*"
                ]
            },
            {
                "Sid": "VisualEditor2",
                "Effect": "Allow",
                "Action": "logs:DescribeLogGroups",
                "Resource": "arn:aws:logs:[REGION OF THE CONTAINER]:[NON-HYPHENATED ACCOUNT ID]:log-group:*:*"
            }
        ]
    }

  4. Continue to the Review policy window, provide a Name, then click Create policy.

  5. Navigate to IAM > Users and click a new Add users.
  6. In the Add user window, provide the desired User name. Under Select AWS access type, check the box for Access key - Programmatic access. Then, click Next: Permissions
  7. From the Setpermissions screen, navigate to Attach existing policies directly. Then, locate and check the box beside the previously created Policy name, and click Next until the Review screen is reached. 
  8. From the Review screen, click Create user
  9. From the final Add user screen, copy the Access key ID and Secret access key into a Text Editor for later use. 
  10. Navigate to and update the Docker Stack with the copied AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, ARN, DECISIONS_LOG_SERILOG_DEBUG, and REGION values. 
  11. Restart Decisions and navigate to the Decisions Log group in AWS under the Logs category; observe that Logging has occurred. 

Alternate Method: Logging Settings

Alternatively to the method of updating the Stack with the respective Environment Variables, Logging can be established using Logging Settings.

Use Advisory
As this method involves less definition than updating the Docker Stack, it is advised to follow the previously described method to mitigate potential errors. 
  1. From the Decisions Studio, navigate to System > Settings > Logging Settings. Then, open AWS CloudWatch.
  2. From the AWS CloudWatch window, select the desired Levels. Then, provide the AWS Region for the AWS Account and click OK. 
  3. Restart Decisions, then navigate to o the Decisions Log group in AWS under the Logs category; observe that Logging has occurred. 

Serilog

Serilog.txt is a file that records any errors that occur with AWS Logging.

Adding "DECISIONS_LOG_SERILOG_DEBUG" the Docker Stack's list of environment variables and setting it to "true" will create the file within the /Logs directory. 


For more information regarding Docker and Modules, see Decisions Forum: Modules.

Was this article helpful?