本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
步驟 1:建立與 OpenSearch Service 的整合
第一個步驟是建立與 OpenSearch Service 的整合,您只需要執行一次。建立整合會在您的帳戶中建立下列資源。
沒有高可用性OpenSearch Service 的時間序列集合。
集合是一組 OpenSearch Service 索引,可一起運作以支援工作負載。
集合的兩個安全政策。一個定義加密類型,其具有客戶受管 AWS KMS 金鑰或服務擁有的金鑰。其他政策會定義網路存取,允許 OpenSearch Service 應用程式存取集合。如需詳細資訊,請參閱 Amazon OpenSearch Service 的靜態資料加密。
OpenSearch Service 資料存取政策,定義誰可以存取集合中的資料。
OpenSearch Service 直接查詢資料來源,其中 CloudWatch Logs 定義為來源。
名為 的 OpenSearch Service 應用程式
aws-analytics。應用程式將設定為允許建立工作區。如果名為 的應用程式aws-analytics已存在,則會將其更新為新增此集合做為資料來源。OpenSearch Service 工作區會託管儀表板,並允許獲得存取權限的每個人從工作區讀取。
所需的許可
若要建立整合,您必須登入具有 CloudWatchOpenSearchDashboardsFullAccess 受管 IAM 政策或同等許可的帳戶,如下所示。您也必須具備這些許可,才能刪除整合、建立、編輯和刪除儀表板,以及手動重新整理儀表板。
{ "Version": "2012-10-17", "Statement": [{ "Sid": "CloudWatchOpenSearchDashboardsIntegration", "Effect": "Allow", "Action": [ "logs:ListIntegrations", "logs:GetIntegration", "logs:DeleteIntegration", "logs:PutIntegration", "logs:DescribeLogGroups", "opensearch:ApplicationAccessAll", "iam:ListRoles", "iam:ListUsers" ], "Resource": "*" }, { "Sid": "CloudWatchLogsOpensearchReadAPIs", "Effect": "Allow", "Action": [ "aoss:BatchGetCollection", "aoss:BatchGetLifecyclePolicy", "es:ListApplications" ], "Resource": "*", "Condition": { "StringEquals": { "aws:CalledViaFirst": "logs.amazonaws.com" } } }, { "Sid": "CloudWatchLogsOpensearchCreateServiceLinkedAccess", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/opensearchservice.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService", "Condition": { "StringEquals": { "iam:AWSServiceName": "opensearchservice.amazonaws.com", "aws:CalledViaFirst": "logs.amazonaws.com" } } }, { "Sid": "CloudWatchLogsObservabilityCreateServiceLinkedAccess", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/observability.aoss.amazonaws.com/AWSServiceRoleForAmazonOpenSearchServerless", "Condition": { "StringEquals": { "iam:AWSServiceName": "observability.aoss.amazonaws.com", "aws:CalledViaFirst": "logs.amazonaws.com" } } }, { "Sid": "CloudWatchLogsCollectionRequestAccess", "Effect": "Allow", "Action": [ "aoss:CreateCollection" ], "Resource": "*", "Condition": { "StringEquals": { "aws:CalledViaFirst": "logs.amazonaws.com", "aws:RequestTag/CloudWatchOpenSearchIntegration": [ "Dashboards" ] }, "ForAllValues:StringEquals": { "aws:TagKeys": "CloudWatchOpenSearchIntegration" } } }, { "Sid": "CloudWatchLogsApplicationRequestAccess", "Effect": "Allow", "Action": [ "es:CreateApplication" ], "Resource": "*", "Condition": { "StringEquals": { "aws:CalledViaFirst": "logs.amazonaws.com", "aws:RequestTag/OpenSearchIntegration": [ "Dashboards" ] }, "ForAllValues:StringEquals": { "aws:TagKeys": "OpenSearchIntegration" } } }, { "Sid": "CloudWatchLogsCollectionResourceAccess", "Effect": "Allow", "Action": [ "aoss:DeleteCollection" ], "Resource": "*", "Condition": { "StringEquals": { "aws:CalledViaFirst": "logs.amazonaws.com", "aws:ResourceTag/CloudWatchOpenSearchIntegration": [ "Dashboards" ] } } }, { "Sid": "CloudWatchLogsApplicationResourceAccess", "Effect": "Allow", "Action": [ "es:UpdateApplication", "es:GetApplication" ], "Resource": "*", "Condition": { "StringEquals": { "aws:CalledViaFirst": "logs.amazonaws.com", "aws:ResourceTag/OpenSearchIntegration": [ "Dashboards" ] } } }, { "Sid": "CloudWatchLogsCollectionPolicyAccess", "Effect": "Allow", "Action": [ "aoss:CreateSecurityPolicy", "aoss:CreateAccessPolicy", "aoss:DeleteAccessPolicy", "aoss:DeleteSecurityPolicy", "aoss:GetAccessPolicy", "aoss:GetSecurityPolicy" ], "Resource": "*", "Condition": { "StringLike": { "aoss:collection": "cloudwatch-logs-*", "aws:CalledViaFirst": "logs.amazonaws.com" } } }, { "Sid": "CloudWatchLogsAPIAccessAll", "Effect": "Allow", "Action": [ "aoss:APIAccessAll" ], "Resource": "*", "Condition": { "StringLike": { "aoss:collection": "cloudwatch-logs-*" } } }, { "Sid": "CloudWatchLogsIndexPolicyAccess", "Effect": "Allow", "Action": [ "aoss:CreateAccessPolicy", "aoss:DeleteAccessPolicy", "aoss:GetAccessPolicy", "aoss:CreateLifecyclePolicy", "aoss:DeleteLifecyclePolicy" ], "Resource": "*", "Condition": { "StringLike": { "aoss:index": "cloudwatch-logs-*", "aws:CalledViaFirst": "logs.amazonaws.com" } } }, { "Sid": "CloudWatchLogsDQSRequestQueryAccess", "Effect": "Allow", "Action": [ "es:AddDirectQueryDataSource" ], "Resource": "arn:aws:opensearch:*:*:datasource/cloudwatch_logs_*", "Condition": { "StringEquals": { "aws:CalledViaFirst": "logs.amazonaws.com", "aws:RequestTag/CloudWatchOpenSearchIntegration": [ "Dashboards" ] }, "ForAllValues:StringEquals": { "aws:TagKeys": "CloudWatchOpenSearchIntegration" } } }, { "Sid": "CloudWatchLogsStartDirectQueryAccess", "Effect": "Allow", "Action": [ "opensearch:StartDirectQuery", "opensearch:GetDirectQuery" ], "Resource": "arn:aws:opensearch:*:*:datasource/cloudwatch_logs_*" }, { "Sid": "CloudWatchLogsDQSResourceQueryAccess", "Effect": "Allow", "Action": [ "es:GetDirectQueryDataSource", "es:DeleteDirectQueryDataSource" ], "Resource": "arn:aws:opensearch:*:*:datasource/cloudwatch_logs_*", "Condition": { "StringEquals": { "aws:CalledViaFirst": "logs.amazonaws.com", "aws:ResourceTag/CloudWatchOpenSearchIntegration": [ "Dashboards" ] } } }, { "Sid": "CloudWatchLogsPassRoleAccess", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringLike": { "iam:PassedToService": "directquery.opensearchservice.amazonaws.com", "aws:CalledViaFirst": "logs.amazonaws.com" } } }, { "Sid": "CloudWatchLogsAossTagsAccess", "Effect": "Allow", "Action": [ "aoss:TagResource" ], "Resource": "arn:aws:aoss:*:*:collection/*", "Condition": { "StringEquals": { "aws:CalledViaFirst": "logs.amazonaws.com", "aws:ResourceTag/CloudWatchOpenSearchIntegration": [ "Dashboards" ] }, "ForAllValues:StringEquals": { "aws:TagKeys": "CloudWatchOpenSearchIntegration" } } }, { "Sid": "CloudWatchLogsEsApplicationTagsAccess", "Effect": "Allow", "Action": [ "es:AddTags" ], "Resource": "arn:aws:opensearch:*:*:application/*", "Condition": { "StringEquals": { "aws:ResourceTag/OpenSearchIntegration": [ "Dashboards" ], "aws:CalledViaFirst": "logs.amazonaws.com" }, "ForAllValues:StringEquals": { "aws:TagKeys": "OpenSearchIntegration" } } }, { "Sid": "CloudWatchLogsEsDataSourceTagsAccess", "Effect": "Allow", "Action": [ "es:AddTags" ], "Resource": "arn:aws:opensearch:*:*:datasource/*", "Condition": { "StringEquals": { "aws:ResourceTag/CloudWatchOpenSearchIntegration": [ "Dashboards" ], "aws:CalledViaFirst": "logs.amazonaws.com" }, "ForAllValues:StringEquals": { "aws:TagKeys": "CloudWatchOpenSearchIntegration" } } } ] }
建立整合
使用這些步驟來建立整合。
將 CloudWatch Logs 與 整合 Amazon OpenSearch Service
透過 https://console.aws.amazon.com/cloudwatch/
開啟 CloudWatch 主控台。 在左側導覽窗格中,選擇 Logs Insights,然後選擇使用 OpenSearch 分析索引標籤。
選擇建立整合。
對於整合名稱,輸入整合的名稱。
(選用) 若要加密寫入 OpenSearch Service Serverless 的資料,請輸入您要在 KMS AWS KMS 金鑰 ARN 中使用的金鑰 ARN。 如需詳細資訊,請參閱《Amazon OpenSearch Service 開發人員指南》中的靜態加密。
針對資料保留,輸入您希望保留 OpenSearch Service 資料索引的時間量。這也會定義您可以在儀表板中檢視資料的最長期間。選擇更長的資料保留期會產生額外的搜尋和索引成本。如需詳細資訊,請參閱 OpenSearch Service Serverless 定價
。 最長保留期間為 30 天。
資料保留長度也會用來建立 OpenSearch Service 收集生命週期政策。
針對要寫入 OpenSearch 集合的 IAM 角色,請建立新的 IAM 角色,或選取要用來寫入 OpenSearch Service 集合的現有 IAM 角色。
建立新角色是最簡單的方法,而角色將建立並具有必要的許可。
注意
如果您建立角色,它將具有從帳戶中所有日誌群組讀取的許可。
如果您想要選取現有的角色,它應該具有 中列出的許可整合所需的許可。或者,您可以選擇使用現有角色,然後在驗證所選角色的存取許可區段中,選擇建立角色。如此一來,您可以使用 中列出的許可整合所需的許可做為範本,並進行修改。例如,如果您想要指定更精細的日誌群組控制。
對於可以檢視儀表板的 IAM 角色和使用者,您可以選取如何授予 IAM 角色和 IAM 使用者的存取權,以進行自動記錄儀表板存取:
若要將儀表板存取限制為某些使用者,請選擇選取 IAM 角色和可以檢視儀表板的使用者,然後在文字方塊中搜尋並選擇您要授予存取權的 IAM 角色和 IAM 使用者。
若要將儀表板存取權授予所有使用者,請選擇允許此帳戶中的所有角色和使用者檢視儀表板。
重要
選取角色或使用者,或選擇所有使用者,只會將其新增至存取儲存儀表板資料的 OpenSearch Service 集合所需的資料存取政策。 OpenSearch 若要讓他們能夠檢視已結束的日誌儀表板,您還必須授予這些角色和使用者CloudWatchOpenSearchDashboardAccess受管 IAM 政策。
選擇建立整合
建立整合需要幾分鐘的時間。
