Enable Amazon EKS Control Plane Logging¶
This guide will walk you through enabling Amazon EKS control plane logging and sending logs to CloudWatch Logs.
Fast Forward
If you have already enabled Amazon EKS control plane logging, expand this box to fast-forward.
- Proceed to the Verify section.
See also
Overview
What You’ll Need¶
- A configured management environment.
- Your clone of the Arrikto GitOps repository.
- An existing EKS cluster.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsRestore the required context from previous sections:
root@rok-tools:~/ops/deployments# source <(cat deploy/env.eks-cluster)root@rok-tools:~/ops/deployments# export EKS_CLUSTEREnable Amazon EKS control plane logging:
root@rok-tools:~/ops/deployments# aws eks update-cluster-config \ > --name ${EKS_CLUSTER?} \ > --logging '{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":true}]}'Troubleshooting
InvalidParameterException
If the command failed with the following message:
An error occurred (InvalidParameterException) when calling the UpdateClusterConfig operation: No changes needed for the logging config providedit means that you have already enabled Amazon EKS control plane logging. Ingore this error and proceed.
Verify¶
Verify that you have enabled control plane logging for your EKS cluster:
root@rok-tools:~/ops/deployments# aws eks describe-cluster \ > --name ${EKS_CLUSTER?} \ > --query cluster.logging.clusterLogging[].[types,enabled] \ > --output text \ > | paste - - True api audit authenticator controllerManager schedulerVerify that you have enabled logging for your EKS control plane by checking that the corresponding log group has been created in Amazon CloudWatch Logs:
root@rok-tools:~/ops/deployments# aws logs describe-log-groups \ > --log-group-name-prefix /aws/eks/${EKS_CLUSTER?} \ > --query logGroups[].[logGroupName] \ > --output text /aws/eks/arrikto-cluster/cluster