--- title: Amazon CloudWatch Logs type: entity tags: [AWS, Observability, Logging, CloudOps] date: 2025-10-24 --- ## Overview **Amazon CloudWatch Logs** 是 AWS 的监控日志服务,用于监控、存储和访问来自 AWS 资源、应用程序和服务的日志。本方案中 central-cloudformation-logs Log Group 作为所有账户 CloudFormation 事件的集中存储。 ## Key Capabilities - **Log Groups**:日志组,定义日志流的保留、加密和监控设置 - **Log Streams**:日志流,来自同一来源的日志序列 - **CloudWatch Logs Insights**:交互式日志分析和查询服务 - **Metric Filters**:从日志中提取指标用于 CloudWatch Alarms - **Subscription Filters**:实时流式日志到 Kinesis/EventBridge/Lambda ## In This Solution CloudWatch Logs 在多账户 CloudFormation StackSets 监控方案中的角色: - **central-cloudformation-logs**:中心 Log Group,存储所有成员账户的 CloudFormation 事件 - **加密**:使用客户管理的 AWS KMS 密钥加密日志 - **查询**:CloudWatch Logs Insights 支持跨账户、跨区域的日志分析 ## Log Group: central-cloudformation-logs - **Purpose**:聚合所有 AWS 账户的 CloudFormation 部署事件 - **Encryption**:客户托管 KMS 密钥(encryption at rest) - **Retention**:可配置保留期(本方案未指定具体值) - **Access**:管理账户可访问,成员账户通过 EventBridge 写入 ## CloudWatch Logs Insights 查询 ```sql fields @timestamp, account, region | parse @message /"resource-type":"(?[^"]+)"/ | parse @message /"status":"(?[^"]+)"/ | parse @message /"logical-resource-id":"(?[^"]+)"/ | sort @timestamp desc ``` ## Related Concepts - [[Centralized Logging]]:CloudWatch Logs 是 AWS 集中日志存储的核心 - [[StackSets Deployment Visibility]]:CloudWatch Logs 存储 StackSets 部署事件 - [[Cross-Account Monitoring]]:CloudWatch Logs Insights 支持跨账户查询 - [[Cloud Service Delivery]]:CloudWatch Logs 是云服务交付可观测性的基础设施 - [[APM]](Application Performance Monitoring):CloudWatch Logs 与 CloudWatch Metrics/Dashboards 共同构成 APM 能力 ## Related Entities - [[AWS CloudFormation StackSets]]:CloudWatch Logs 存储其部署事件 - [[Amazon EventBridge]]:EventBridge 将事件路由到 CloudWatch Logs - [[AWS]](entity):CloudWatch Logs 是 AWS 监控服务家族的核心成员 ## Sources - [[sources/how-to-simplify-multi-account-deployments-monitoring-centralized-logs-for-aws-cloudformation-stacksets.md]] - AWS CloudWatch Logs 官方文档