How do I troubleshoot errors related to CloudWatch streaming for an Elastic Beanstalk environment?

Last updated: 2023-01-19

I want to troubleshoot errors related to Amazon CloudWatch streaming for an AWS Elastic Beanstalk environment.

Short description

Streaming your logs to CloudWatch can help safeguard your data. For example, if your Elastic Beanstalk environment experiences a terminated Elastic Compute Cloud (Amazon EC2) instance, then you can still recover your logs from CloudWatch. You can also use log rotation to protect against data loss.

If your environment's instance logs aren't streaming to CloudWatch even after activating log streaming, then you must look into the following common issues:

  • Your IAM instance profile role lacks the required IAM permissions.
  • You launched your environment in an AWS Region that doesn't support CloudWatch Logs.
  • One of your custom log files doesn't exist in the path you specified.

Resolution

1.    Verify that your Elastic Beanstalk environment instance profile role has the following permissions:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

2.    If you are streaming custom logs, then use a configuration file to directly install the CloudWatch Logs agent and to configure the files. Also, you must verify the format and indentation of that configuration file. For more information on streaming custom logs to CloudWatch, refer the sample configuration file.

3.    Check the CloudWatch agent status and agent logs to find out the causes of log streaming issues.

To check the old CloudWatch agent (awslogsd) status and logs:

  • agent status: systemctl status awslogsd.service
  • agent log location: /var/log/awslogs.log

To check the latest CloudWatch agent (amazon-cloudwatch-agent) status and logs:

  • agent status: systemctl status amazon-cloudwatch-agent.service
  • agent logs location: /opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log

For more information on customizing log files in Elastic Beanstalk, see How can I customize my log files in Elastic Beanstalk?


Did this article help?


Do you need billing or technical support?