Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Amazon CloudWatch: How to find ARN of CloudWatch Log group

I configure Custom Access Logging for Amazon API Gateway and I need to specify CloudWatch Group name, but when I put these just name of log group in format like "API-Gateway-Execution-Logs_3j5w5m7kv9/stage-name" I get such error:

Invalid ARN specified in the request. ARNs must start with 'arn:': API-Gateway-Execution-Logs_3j5w5m7kv9/stage-name

When I open page of this log group in CloudWatch I just see the same name there and don't see ARN value. How can I find it?

like image 581
Gleb Avatar asked May 10 '18 13:05

Gleb


People also ask

Does CloudWatch have an Arn?

For log groups, CloudWatch Logs supports identifying specific resources using the resource ARNs (also referred to as resource-level permissions) for some of the API actions.

How do I search in CloudWatch log group?

Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/ . In the navigation pane, choose Log groups. For Log Groups, choose the name of the log group containing the log stream to search. For Log Streams, choose the name of the log stream to search.

What is AWS CloudWatch log group?

A log group is a group of log streams that share the same retention, monitoring, and access control settings. You can define log groups and specify which streams to put into each group. There is no limit on the number of log streams that can belong to one log group.

Which key contains the name Group of the Amazon CloudWatch Logs?

Encryption using AWS KMS is enabled at the log group level, by associating a key with a log group, either when you create the log group or after it exists. CloudWatch Logs now supports encryption context, using kms:EncryptionContext:aws:logs:arn as the key and the ARN of the log group as the value for that key.


4 Answers

Go to Cloudwatch logs, find your log group, open it and you'll see a list of log streams. There is settings icon on top right: enter image description here

Click it and you'll see an option to show stream arn:

enter image description here

Save the settings and you'll see stream arns. The part before semicolon looks like Log Group arn

like image 140
jny Avatar answered Sep 24 '22 08:09

jny


The CloudWatch Group ARN format is arn:aws:logs:{region}:{account-id}:log-group:API-Gateway-Execution-Logs_{rest-api-id}/{stage-name}, cf. https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html

like image 23
holm50 Avatar answered Sep 24 '22 08:09

holm50


arn:aws:logs:region:account-id:log-group:log_group_name

See this documentation

like image 2
Tim Boemker Avatar answered Sep 24 '22 08:09

Tim Boemker


You can also use AWS CLI

aws logs describe-log-groups | grep <log_group_name> | awk '/arn/'

like image 1
Surya Prakash Patel Avatar answered Sep 23 '22 08:09

Surya Prakash Patel