Skip to content

Amazon CloudWatch Logs Addon using Fluent Bit.

Fluent Bit is an open source Log Processor and Forwarder which allows you to collect any data like metrics and logs from different sources, enrich them with filters and send them to multiple destinations.

AWS provides a Fluent Bit image with plugins for CloudWatch Logs, Kinesis Data Firehose, Kinesis Data Stream and Amazon OpenSearch Service.

This add-on will take care of handling both node and application level logging. It is configured to stream the worker node logs to CloudWatch Logs. The AWS for Fluent Bit image is available on the Amazon ECR Public Gallery. For more details, see AWS for Fluent Bit GitHub repository.

Usage

import 'source-map-support/register';
import * as cdk from 'aws-cdk-lib';
import * as blueprints from '@aws-quickstart/eks-blueprints';

const app = new cdk.App();

const addOn = new blueprints.addons.CloudWatchLogsAddon({
  namespace: 'aws-for-fluent-bit',
  createNamespace: true,
  serviceAccountName: 'aws-fluent-bit-for-cw-sa',
  logGroupPrefix: '/aws/eks/<your-cluster-name>',
  logRetentionDays: 90 
});

const blueprint = blueprints.EksBlueprint.builder()
  .version("auto")
  .addOns(addOn)
  .build(app, 'my-stack-name');

Validation

To validate whether CloudWatch Logs add-on is installed properly, ensure that the required kubernetes resources are running in the cluster.

kubectl get all -n aws-for-fluent-bit

Output

NAME                                                                  READY   STATUS    RESTARTS   AGE
pod/blueprints-addon-aws-fluent-bit-for-cw-aws-for-fluent-bit-46kkk   1/1     Running   0          3m15s
pod/blueprints-addon-aws-fluent-bit-for-cw-aws-for-fluent-bit-6x4xq   1/1     Running   0          3m18s

NAME                                                                       DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/blueprints-addon-aws-fluent-bit-for-cw-aws-for-fluent-bit   2         2         2       2            2           <none>          3h53m

Navigate to Log groups in Amazon CloudWatch console to see log groups starting with /aws/eks/<your-cluster-name>/workload.

Functionality

Applies the CloudWatch Logs add-on to an Amazon EKS cluster.

Performance Tuning

By default, we send Fluent Bit application logs and Kubernetes metadata to CloudWatch. If you want to reduce the volume of data being sent to CloudWatch, you can stop one or both of these data sources from being sent to CloudWatch. Please take a look at Amazon CloudWatch documentation on Reducing the log volume from Fluent Bit and please look at the filter section of aws-for-fluent-bit chart to find ways to apply filters to performance tune your logs that are sent to Cloudwatch.