1. Answers
  2. Scalable Log Analysis with AWS CloudWatch and Logstash in Python

How do I set up AWS CloudWatch Logs and Logstash for scalable log analysis in Python?

In this guide, we will set up AWS CloudWatch Logs and Logstash for scalable log analysis in Python using Pulumi. AWS CloudWatch Logs allows you to monitor, store, and access log files from various AWS services, while Logstash is a powerful tool for processing and transforming log data.

Steps to achieve this:

  1. Create a CloudWatch Log Group: This group will store logs from your application.
  2. Set up Logstash: Configure Logstash to pull logs from CloudWatch and process them.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create a CloudWatch Log Group
const logGroup = new aws.cloudwatch.LogGroup("appLogGroup", {
    retentionInDays: 7, // Set log retention period
});

// Create a CloudWatch Log Stream
const logStream = new aws.cloudwatch.LogStream("appLogStream", {
    logGroupName: logGroup.name,
});

// IAM Role for Logstash to access CloudWatch Logs
const logstashRole = new aws.iam.Role("logstashRole", {
    assumeRolePolicy: {
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Principal: {
                Service: "ec2.amazonaws.com",
            },
            Effect: "Allow",
            Sid: "",
        }],
    },
});

// Attach a policy to the role to allow reading from CloudWatch Logs
const logstashPolicy = new aws.iam.RolePolicy("logstashPolicy", {
    role: logstashRole.id,
    policy: {
        Version: "2012-10-17",
        Statement: [{
            Action: [
                "logs:DescribeLogGroups",
                "logs:DescribeLogStreams",
                "logs:GetLogEvents",
            ],
            Effect: "Allow",
            Resource: "*",
        }],
    },
});

// Security Group for Logstash instance
const logstashSecurityGroup = new aws.ec2.SecurityGroup("logstashSecurityGroup", {
    description: "Allow access to Logstash",
    ingress: [
        { protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] }, // SSH access
        { protocol: "tcp", fromPort: 5044, toPort: 5044, cidrBlocks: ["0.0.0.0/0"] }, // Logstash Beats input
    ],
    egress: [
        { protocol: "-1", fromPort: 0, toPort: 0, cidrBlocks: ["0.0.0.0/0"] },
    ],
});

// EC2 instance for Logstash
const logstashInstance = new aws.ec2.Instance("logstashInstance", {
    instanceType: "t2.micro",
    ami: "ami-0c55b159cbfafe1f0", // Amazon Linux 2 AMI
    securityGroups: [logstashSecurityGroup.name],
    iamInstanceProfile: logstashRole.name,
    userData: `#!/bin/bash
    yum update -y
    amazon-linux-extras install java-openjdk11 -y
    rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
    cat <<EOF > /etc/yum.repos.d/logstash.repo
    [logstash-7.x]
    name=Elastic repository for 7.x packages
    baseurl=https://artifacts.elastic.co/packages/7.x/yum
    gpgcheck=1
    gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
    enabled=1
    autorefresh=1
    type=rpm-md
    EOF
    yum install logstash -y
    systemctl enable logstash
    systemctl start logstash
    `,
    tags: {
        Name: "logstash-instance",
    },
});

// Export the Log Group name and Logstash instance public IP
export const logGroupName = logGroup.name;
export const logstashPublicIp = logstashInstance.publicIp;

Key Points:

  • CloudWatch Log Group: Stores application logs.
  • Logstash: Processes and transforms log data.
  • IAM Role and Policy: Grants Logstash permissions to read from CloudWatch Logs.
  • Security Group: Allows necessary network access to the Logstash instance.
  • EC2 Instance: Hosts Logstash with the necessary configuration.

Summary:

In this guide, we created a CloudWatch Log Group to store application logs and set up an EC2 instance running Logstash to process these logs. We configured the necessary IAM roles and policies to allow Logstash to access CloudWatch Logs, and set up security groups to manage network access. This setup enables scalable log analysis using AWS CloudWatch Logs and Logstash.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up