Using Logging with AWS

This page describes how you can find the logs for your Amazon Elastic Compute Cloud (Amazon EC2) instances using the Google Cloud Console. This page is intended for system administrators and developers who want to view their logs using Cloud Logging.

Before you begin

To import logs from Amazon EC2 instances into Cloud Logging, do the following:

  1. Connect your Amazon account to Google Cloud. If you haven't performed this configuration, then follow the instructions for how to add a monitored project.

  2. Create a service account for the AWS connector project, create a private key for it, and then transfer the private key to your Amazon EC2 instances whose logs you want to exported to Google Cloud. The private key is used to authenticate the Cloud Logging agent.

    To create a service account and private key, do the following:

    1. In the Google Cloud Console, go to the Service Accounts page of IAM & Admin:

      Go to Service Accounts

    2. Click Select project and then select your AWS connector project. If you don't know the name of this project, see Finding the name of the AWS connector project.

    3. Click Create service account and complete the dialog. Grant the the following roles:

      • Logs writer
      • Monitoring Metric Writer
    4. After you create the service account, edit the service account and then create a private key. Select JSON as the KeyType. When you create a private key, it's downloaded to your workstation. Save a copy of that key to reuse across your Amazon EC2 instances—this is your only chance to save this particular key.

    For information about these steps, see Authorizing the agent.

  3. Install the Cloud Logging agent on those Amazon EC2 instances whose logs you want exported to Google Cloud. For information about installing the agent, see Installing the Cloud Logging agent on a single VM.

  4. (Optional) If you also want to export metric data from your Amazon EC2 instances, then install the Cloud Monitoring agent on those instances. For information about installing the agent, see Installing the Cloud Monitoring agent on a single VM.

Finding the name of the AWS connector project

To find the name of the AWS connector project that was created when you connected your AWS account to Google Cloud, do one of the following:

  • Find the AWS connector project by using the Google Cloud Console project picker.

  • Find the name of the Google Cloud project that added the AWS account as a monitored project, and then do the following:

    1. From the Google Cloud Console, select that Google Cloud project.
    2. From the Google Cloud Console navigation pane, go to Monitoring.
    3. From the Monitoring navigation pane, select Settings and then select the Summary tab.

      The AWS Accounts pane lists your AWS connector projects.

Accessing your AWS account logs

To view the logs for your AWS account, do the following:

  1. In the Google Cloud Console project picker, select the AWS connector project that you created when you connected your AWS account to Google Cloud. If you don't know the name of the connector project, see Finding the name of the AWS connector project.
  2. By using the navigation pane, select Logging and then select Logs.

For information about viewing logs, see Logs Explorer overview.