AWS EKS Monitoring and Logging (Using Container Insights)
We must grant IAM permissions to enable Amazon EKS worker nodes to send metrics and logs to CloudWatch:
- Attach AWS managed
CloudWatchAgentServerPolicy
to the IAM roles of the EKS worker nodes.
- Policy
ARN
: arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
This terraform module provides an option to attach IAM Policy to EKS nodegroup roles :
# Attach CloudWatchAgentServerPolicy to EKS nodegroup roles
nodegroup_roles = [
"kubecloud-eks-private-nodegroup",
"kubecloud-eks-public-nodegroup",
]
With IAM Policy attachment option:
module "eks_monitoring_logging" {
source = "shamimice03/eks-monitoring-logging/aws"
cluster_name = "kubecloud-eks"
aws_region = "ap-northeast-1"
namespace = "amazon-cloudwatch"
enable_cwagent = true
enable_fluent_bit = true
# Attach CloudWatchServerPolicy to EKS nodegroup roles
nodegroup_roles = [
"kubecloud-eks-private-nodegroup",
"kubecloud-eks-public-nodegroup",
]
}
Without IAM Policy attachment option:
module "eks_monitoring_logging" {
source = "shamimice03/eks-monitoring-logging/aws"
cluster_name = "kubecloud-eks"
aws_region = "ap-northeast-1"
namespace = "amazon-cloudwatch"
enable_cwagent = true
enable_fluent_bit = true
}
Variable |
Type |
Description |
Default |
cluster_name |
string |
EKS Cluster Name |
null |
aws_region |
string |
Provide Cluster Region |
null |
namespace |
string |
Name of the namespace |
amazon-cloudwatch |
nodegroup_roles |
list(any) |
List of EKS nodegroup roles |
[ ] |
Variable |
Type |
Description |
Default |
enable_fluent_bit |
bool |
Enable or Disable Fluent-bit Agent on EKS cluster |
true |
fluent_bit_http_server |
string |
Enable or Disable fluent bit HTTP server |
On |
fluent_bit_http_port |
string |
Define fluent-bit HTTP Port |
2020 |
fluent_bit_read_head |
string |
Enable or Disable fluent-bit Head read |
Off |
fluent_bit_read_tail |
string |
Enable or Disable fluent-bit Tail read |
On |
fluentbit_configmap_name |
string |
Name of the ConfigMap for Fluent Bit |
fluent-bit-cluster-info |
CloudWatch Agent (CW Agent) Variables:
Variable |
Type |
Description |
Default |
enable_cwagent |
bool |
Enable or Disable CloudWatch Agent on EKS cluster |
true |
cwagent_configmap_name |
string |
Name of the ConfigMap for CloudWatch Agent |
cwagentconfig |
Resources (kubernetes manifests):
Required providers and versions: