Amazon CloudWatch now supports multi-account and region log centralization based on data source
Amazon CloudWatch centralization now supports centralizing logs based on data source name and type. CloudWatch allows customers to copy log data from multiple AWS accounts and regions into a single destination account using centralization rules. With today's launch, customers can now define rules that target data sources by name and type, such as VPC Flow Logs, EKS Audit Logs, and CloudTrail Logs, in addition to the existing log group name-based selection.
Data source name and type are discovered automatically by CloudWatch for AWS service logs and are based on log group tags for application logs. Now, customers can specifically target which logs they want to centralize using these parameters. For example, a central security team can create a rule that centralizes all logs from CloudTrail and VPC data sources across their entire organization without needing to know or maintain a list of individual log group names.
To get started, create or modify a centralization rule in the Amazon CloudWatch console or through the AWS CLI and AWS SDKs, and specify your data source selection criteria in the centralization rule configuration.
Data source selection criteria is available in all AWS commercial regions where CloudWatch log centralization is available. Standard CloudWatch Logs pricing applies for log ingestion, storage, and data transfer. For more information, see the CloudWatch Logs Centralization documentation.