1. How to forward CodeDeploy logs to CloudWatch?


    To achieve log forwarding from CodeDeploy to CloudWatch, we can follow these steps:

    • Create a log group in CloudWatch where the logs from CodeDeploy will be forwarded.
    • Create an IAM role for CodeDeploy with CloudWatch permissions to write logs.
    • Associate the CloudWatch log group with the CodeDeploy application.

    Here's a Pulumi program that accomplishes this:

    import * as aws from "@pulumi/aws"; // Create a CloudWatch log group const logGroup = new aws.cloudwatch.LogGroup("codedeployLogGroup", {}); // Create an IAM Role for CodeDeploy logging const role = new aws.iam.Role("codedeployRole", { assumeRolePolicy: JSON.stringify({ Version: "2012-10-17", Statement: [ { Action: "sts:AssumeRole", Principal: { Service: "codedeploy.amazonaws.com", }, Effect: "Allow", Sid: "", }, ], }), }); // Create an IAM Role Policy to provide logging permissions new aws.iam.RolePolicy("codedeployLoggingPolicy", { role: role.id, policy: JSON.stringify({ Version: "2012-10-17", Statement: [{ Effect: "Allow", Action: [ "logs:CreateLogStream", "logs:PutLogEvents" ], Resource: `${logGroup.arn}:*` }], }), }); // Create a CodeDeploy application const app = new aws.codedeploy.Application("myapp", {}); // Create a CodeDeploy Deployment Group new aws.codedeploy.DeploymentGroup("myapp-deploymentgroup", { appName: app.name, serviceRoleArn: role.arn, autoRollbackConfiguration: { enabled: true, events: ["DEPLOYMENT_FAILURE", "DEPLOYMENT_STOP_ON_ALARM", "DEPLOYMENT_STOP_ON_REQUEST"], }, cloudwatchLogs: { enabled: true, groupName: logGroup.name, }, });

    Please replace the below variables accordingly:

    • Replace the "loggedResourceName" with the name of the logged resource.
    • Replace the "roleName" with the name of the IAM role you want to create.
    • Replace the "policyName" with the name of the IAM policy you want to create.
    • Replace the "applicationName" and "deploymentGroupName" with the names of your CodeDeploy application and deployment group, respectively.

    For more information, check the CodeDeploy Deployment Group documentation and the CloudWatch LogGroup documentation.