Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[aws-eks] Control Plane Logs #5709

Closed
kossmoboleat opened this issue Jan 8, 2020 · 3 comments
Closed

[aws-eks] Control Plane Logs #5709

kossmoboleat opened this issue Jan 8, 2020 · 3 comments
Assignees
@eladb @iliapolo
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p1

Comments

@kossmoboleat
Copy link

❓ General Issue

The Question

We're trying to setup log shipping from EKS clusters to CloudWatch according to this AWS guide. This logging setup needs to setup the instance role of the cluster to allow sending to CloudWatch. CDK seems to create a role that doesn't have this permission by default.

I don't see how we can specify/craete or modify the IAM role to add permissions for writing/modifying CloudWatch. Is there another way to achieve this or would this be a feature request?

I've also created a stackoverflow question about this.

Environment

  • CDK CLI Version: 1.18.0
  • Module Version: 1.18.0
  • OS: OSX Mojave
  • Language: TypeScript

Other information
@kossmoboleat kossmoboleat added the needs-triage This issue or PR still needs to be triaged. label Jan 8, 2020
@SomayaB SomayaB added guidance Question that needs advice or information. @aws-cdk/aws-cloudwatch Related to Amazon CloudWatch @aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service labels Jan 8, 2020
@RicoToothless
Copy link

I think use IRSA is best practice
and it's working on it
#3949

@kossmoboleat
Copy link
Author

The role seems to be created based on the AutoScalingGroup according to the CDK code. I assume this can be overwritten to add different roles...

@eladb eladb changed the title How to Specify EKS Instance Role to Enable Log Shipping from EKS Cluster to CloudWatch? EKS: Enable Log Shipping from EKS Cluster to CloudWatch Jan 22, 2020
@eladb eladb added feature-request A feature should be added or improved. effort/small Small work item – less than a day of effort and removed guidance Question that needs advice or information. @aws-cdk/aws-cloudwatch Related to Amazon CloudWatch labels Jan 22, 2020
@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label Mar 4, 2020
@eladb eladb added the p1 label Mar 9, 2020
@ccfife ccfife mentioned this issue Mar 9, 2020
Closed
19 tasks
@eladb eladb changed the title EKS: Enable Log Shipping from EKS Cluster to CloudWatch EKS: Control Plan Logs Jun 24, 2020
@eladb eladb added this to the EKS Developer Preview milestone Jun 24, 2020
@eladb
Copy link
Contributor

eladb commented Jun 24, 2020

Duplicate #4159

@eladb eladb closed this as completed Jun 24, 2020
@eladb eladb removed this from the EKS Developer Preview milestone Jun 24, 2020
@iliapolo iliapolo changed the title EKS: Control Plan Logs [aws-eks] Control Plane Logs Aug 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eladb eladb

@iliapolo iliapolo

Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@eladb @iliapolo @kossmoboleat @SomayaB @RicoToothless