Forge Home


Configure AWS Cloudwatch Logs on Amazon Linux, Ubuntu, Red Hat & CentOS EC2 instances.


186,767 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 2.3.1 (latest)
  • 2.3.0
  • 2.2.1 (deleted)
  • 2.2.0
  • 2.1.0
  • 2.0.0
  • 1.1.2
  • 1.1.1
  • 1.1.0
  • 1.0.0
  • 0.1.0
released Dec 4th 2016
This version is compatible with:
  • Puppet Enterprise 3.x
  • Puppet >= 3.0.0
  • Amazon, Ubuntu, RedHat, CentOS
This module has been deprecated by its author since Jul 22nd 2021.

Start using this module


kemra102/cloudwatchlogs — version 2.3.1 Dec 4th 2016

cloudwatchlogs Build Status

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with cloudwatchlogs
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module


This module installs, configures and manages the service for the AWS Cloudwatch Logs Agent on Amazon Linux, Ubuntu, Red Hat & CentOS EC2 instances.

Module Description

CloudWatch Logs can be used to monitor your logs for specific phrases, values, or patterns. For example, you could set an alarm on the number of errors that occur in your system logs or view graphs of web request latencies from your application logs. You can view the original log data to see the source of the problem if needed. Log data can be stored and accessed for as long as you need using highly durable, low-cost storage so you don’t have to worry about filling up hard drives.


What cloudwatchlogs affects

  • The awslogs package.
  • Configuration files under /etc/awslogs.
  • The awslogs service.

Setup Requirements

This module does NOT manage the AWS CLI credentials. As such if you are not using an IAM role (recommended) then you will need some other way of managing the credentials.

This module by Justin Downing is recommended for this purpose.

Beginning with cloudwatchlogs

The minimum you need to get this module up and running is (assuming your instance is launched with a suitable IAM role):

include '::cloudwatchlogs'


The above minimal config can also be presented as:

class { '::cloudwatchlogs': }

On none Amazon Linux instances you also need to provide a default region:

class { '::cloudwatchlogs': region => 'eu-west-1' }

For each log you want sent to Cloudwatch Logs you create a cloudwatchlogs::log resource.

A simple example that might be used on the RedHat ::osfamily is:

class { '::cloudwatchlogs': region => 'eu-west-1' }

cloudwatchlogs::log { 'Messages':
  path => '/var/log/messages',
cloudwatchlogs::log { 'Secure':
  path => '/var/log/secure',

Another example that might be used on the RedHat ::osfamily to create individual log config files in /etc/awslogs/config/ is:

class { '::cloudwatchlogs': region => 'eu-west-1' }

cloudwatchlogs::compartment_log { 'Access':
  path => '/var/log/httpd/access_logs',
cloudwatchlogs::compartment_log { 'Error':
  path => '/var/log/httpd/error_logs',

Alternatively logs can be defined as part of the main cloudwatchlogs class:

class { '::cloudwatchlogs':
  region => 'eu-west-1',
  logs   => {
    'Messages' => {
      path => '/var/log/messages'
    'Secure'   => {
      path => '/var/log/secure'

See the examples/ directory for further examples.





  • Amazon Linux: /var/lib/awslogs/agent-state
  • Other: /var/awslogs/state/agent-state

State file for the awslogs agent.


Defaults: /etc/awslogs/awslogs_dot_log.conf

Config file for the awslogs agent logging system (


Default: undef


Default: undef

The region your EC2 instance is running in.

NOTE: This is required for none Amazon distros.



Default: undef

Optional. This is the absolute path to the log file being managed. If not set the name of the resource is used instead (and must be an absolute path if that this situation occurs).


Default: {instance_id}

The name of the stream in Cloudwatch Logs.


Default: %b %d %H:%M:%S

Specifies how the timestamp is extracted from logs. See the official docs for further info.


Default: Resource Name

Specifies the destination log group. A log group will be created automatically if it doesn't already exist.


Default: undef

Optional. This is a regex string that identifies the start of a log line. See the official docs for further info.

Http Proxy Usage

If you have a http_proxy or https_proxy then run the following puppet code after calling cloudwatchlogs to modify the launcher script as a workaround bcause awslogs python code currently doesn't have http_proxy support:

$launcher = "#!/bin/sh
# Version: 1.3.5
echo -n $$ > /var/awslogs/state/
/usr/bin/env -i AWS_CONFIG_FILE=/var/awslogs/etc/awscli.conf HOME=\$HOME HTTPS_PROXY=${http_proxy} HTTP_PROXY=${http_proxy} NO_PROXY=  /bin/nice -n 4 /var/awslogs/bin/aws logs push --config-file /var/awslogs/etc/awslogs.conf >> /var/log/awslogs.log 2>&1

file { '/var/awslogs/bin/':
  ensure  => file,
  owner   => root,
  group   => root,
  mode    => '0755',
  content => $launcher,
  require => Class['cloudwatchlogs'],


This module is currently only compatible with:

  • Amazon Linux AMI 2014.09 or later.
  • Ubuntu
  • Red Hat
  • CentOS

More information on support as well as information in general about the set-up of the Cloudwatch Logs agent can be found here.


Contributions are welcome via pull requests.



All other contributions: