*~ You must have installed XCode and accepted the licensing agreemment before continuing with this document ~*
Install Homebrew
$ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
*~ Homebrew allows us to easily install and manage packages with dependencies ~*
Use Homebrew to install Node
$ brew install node
*~ Javascript runtime required to run Lambda cli tools ~*
Install Node latest Distribution from Distributions
*~ Javascript runtime required to run Lambda cli tools ~*
Clone this repository to somewhere under your home directory. (we recommend ~/workspace)
$ git clone git@github.com:alertlogic/cloudwatch-logs-s3-export.git cloudwatch-logs-s3-export
$ cd cloudwatch-log-s3-export
Execute the Lambda development environment installation script.
$ build/install.sh
Skip to the Setup section if you want to use pre-built Lambda package.
Run npm run build
to create a versioned, distributable zip artifact.
This artifcat is properly packaged to upload directly to AWS Lambda and work with the default configuration.
run npm run release
to update the version
Note: Build process will prompt for aws credentials profile name in
order to upload generated lambda zip file to S3 for subsequent
deployment into S3.
In order for the Lambda deployment to work, the package must
exist in each region and therefore you will, currently, need to
create 4 buckets in each supported region.
The Cloud Watch Logs Export To S3 utility is deployed via a CloudFormation Service using the template references in the Supported AWS Regions table. When setting up a new stack in AWS CloudFormation service, select 'Specify an Amazon S3 template URL' option and specify corresponding region's template.
- AWS VPC Flow Log
- AWS Lambda
- AWS IoT
- Ensure that VPC Flow Logs is correctly enabled for your VPC and the logs are present in the Cloud Watch Logs.
- Create an S3 bucket to send VPC Flow Logs into.
- In AWS console, select CloudFormation Service and make sure to select correct deployment region.
- Specify CloudFormation name.
- Create new stack using the template references in Supported AWS Regions table.
- Specify CloudWatch Log Group where your VPC Flog Logs are sent.
- Choose Log Format.
- Specify S3 Bucket to store VPC Flog Logs.
- Create CloudFormation stack.
- Note: Due to the eventual consistency nature of the AWS services, the CloudFormation creation may fail during creation of the Kinesis Event Stream Mapping. The problem is the CloudFormation service sees IAM Policy created while Kinesis service doesn't. If this happens, delete failed stack and re-run CloudFormation stack creation.