AWS CloudWatch
Query CloudWatch logs directly from Sazabi without moving data.
CloudWatch as an external backend is coming soon. You can currently use CloudWatch as a data source to forward logs to Sazabi.
Overview
AWS CloudWatch Logs is a common log aggregation service for AWS workloads. With Sazabi's CloudWatch backend, you can query your CloudWatch logs directly from Chat without forwarding data to Sazabi's storage.
What you can query
When CloudWatch is configured as a backend, Chat can access:
- Log groups: Query logs from any log group in your AWS account
- Log streams: Filter logs by specific log streams
- CloudWatch Logs Insights: Run CloudWatch Logs Insights queries
Authentication
Sazabi authenticates with AWS CloudWatch using:
- IAM Role: Cross-account IAM role with read permissions
- Access Keys: AWS access key and secret key (not recommended for production)
The IAM role requires the following permissions:
logs:DescribeLogGroupslogs:DescribeLogStreamslogs:GetLogEventslogs:FilterLogEventslogs:StartQuerylogs:GetQueryResults
CloudWatch as data source vs backend
AWS CloudWatch can be used as both a data source and a backend:
| Mode | Data flow | Use case |
|---|---|---|
| Data Source | CloudWatch logs are forwarded to Sazabi | Fast queries, unified storage |
| Backend | Sazabi queries CloudWatch directly | Keep data in AWS, no duplication |
Many teams use CloudWatch as a data source for their most critical logs while keeping CloudWatch as a backend for less frequently accessed log groups.
Coming soon
This page will include:
- Step-by-step setup instructions
- IAM policy templates
- Cross-account configuration
- Troubleshooting common issues