Recently vRealize LogInsight Cloud announced Multi-Cloud support which allows you to forward logs from AWS and Azure. For more details, you can refer to the blog
In this blog, I would demonstrate how to deploy AWS Lambda to forward the following AWS service logs to vRealize LogInsight Cloud using
- S3 Bucket Logs
- S3 Bucket Events
- CloudWatch Logs
Once you execute the Terraform scripts it will create 3 AWS Lambda which will get the logs flowing to vRealize LogInsight Cloud.
What is Terraform
provides Infrastructure as a Code to provision and manage any cloud, infrastructure, or service
Pre-requisites
Following are the pre-requisites
- Access to VMware vRealize LogInsight Cloud
- API Key for VMware vRealize LogInsight Cloud
- AWS Access Key and ID
- PowerUser role should be enough for creating the required resources.
- AWS IAM role which has Lambda Service
- It needs to exist before executing the script.
- S3 Bucket for which you want logs.
- It needs to exist before executing the script.
- Cloud Watch Log group for which you want logs.
- Log group needs to exist before executing the script.
Download the Lambda Package
Download Lambda code by executing the below command from a terminal
wget https://github.com/vmware/vmware-log-collectors-for-public-cloud/releases/download/v1.0.3/Lambda.zip
Download Terraform Scripts
Clone following Terraform Repo from my
git clone
https://github.com/munishpalmakhija/Terraform.git
Following are the directories for vRLI Cloud
- Deploy-vRLICloud-AWS-Lambda-S3BucketLogs
- It creates AWS Lambda with S3 Trigger when a new object created event happens in the bucket.
- Deploy-vRLICloud-AWS-Lambda-S3Events
- It creates AWS Lambda with S3 Trigger when a new object created event happens in the bucket.
- Deploy-vRLICloud-AWS-Lambda-CloudWatchLogs
- It creates AWS Lambda with Cloudwatch Trigger (Subscription)
Deploy AWS Lambda
Update the terraform.tfvars for all 3 scripts
Navigate to the folder Deploy-vRLICloud-AWS-Lambda-S3BucketLogs & update the terraform.tfvars with your environment details
Navigate to the folder Deploy-vRLICloud-AWS-Lambda-S3Events & update the terraform.tfvars with your environment details
Navigate to the folder Deploy-vRLICloud-AWS-Lambda-CloudWatchLogs & update the terraform.tfvars with your environment details
Initialize Terraform
terraform init
Create an Execution Plan
terraform plan
Apply the config to the environment
terraform apply
-auto-approve
Similarly, you can execute the other 2 scripts for S3 Bucket Events and Cloudwatch Logs
You should be able to view logs by using the following filter
log_type starts with aws
This is an amazing blog, thank you so much for sharing such valuable information with us.Workday Studio Online Training HyderabadWorkday Studio Training India