[英]Unable to view Logs under Cloudwatch for AWS MQ
Below TF code executes without issues and also creates MQ broker but I am unable to see the logs of MQ under CloudWatch log stream group which is by default created.下面的 TF 代码执行没有问题,并且还创建了 MQ 代理,但我无法在默认创建的 CloudWatch 日志 stream 组下查看 MQ 的日志。 Could any one suggest me where I am missing so that I can add cloudwatch enable under main.tf?
有人可以建议我在哪里失踪,以便我可以在 main.tf 下添加 cloudwatch enable 吗?
resource "aws_mq_broker" "broker" {
broker_name = "example-mq"
tags = merge(
var.common_tags,
map("Classification", "private"),
map("Name", "example-mq")
)
configuration {
id = "${aws_mq_configuration.mq-config.id}"
revision = "${aws_mq_configuration.mq-config.latest_revision}"
}
apply_immediately = true
engine_type = "ActiveMQ"
engine_version = "5.15.9"
auto_minor_version_upgrade = true
deployment_mode = "ACTIVE_STANDBY_MULTI_AZ"
subnet_ids = "subnet-12341234123"
security_groups = "sg-123123123"
host_instance_type = "mq.m5.large"
publicly_accessible = false
user {
username = "mq_username"
password = "mq_password"
groups = "admin_group"
console_access = true
}
logs {
general = true
audit = false
}
depends_on = ["aws_mq_configuration.mq-config"]
}
resource "aws_mq_configuration" "mq-config" {
name = "mq-config"
engine_type = "ActiveMQ"
engine_version = "5.15.9"
data = "${data.template_file.mq_configuration_data.rendered}"
tags = merge(
var.common_tags,
map("Classification", "private"),
map("Name", "mq-config")
)
depends_on = ["data.template_file.mq_configuration_data"]
}
# data for MQ broker configuration
data "template_file" "mq_configuration_data" {
template = "${file("files/data.xml.tpl")}"
vars = {
upload = upload
processing = processing
}
}
According to the Amazon MQ documentation , you need to create a resource-based policy to allow Amazon MQ to publish logs to CloudWatch:根据Amazon MQ 文档,您需要创建基于资源的策略以允许 Amazon MQ 将日志发布到 CloudWatch:
data "aws_iam_policy_document" "mq_logs" {
statement {
actions = [
"logs:CreateLogStream",
"logs:PutLogEvents",
]
resources = ["arn:aws:logs:*:*:log-group:/aws/amazonmq/*"]
principals {
identifiers = ["mq.amazonaws.com"]
type = "Service"
}
}
}
resource "aws_cloudwatch_log_resource_policy" "mq_logs" {
policy_document = data.aws_iam_policy_document.mq_logs.json
policy_name = "mq-logs"
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.