How can log collection be automated?

By:
In: DOP-C02
Tagged:
With: 1 Comment
A developer is maintaining a fleet of 50 Amazon EC2 Linux servers.The servers are part of an Amazon EC2 Auto Scaling group, and also use Elastic Load Balancing for load balancing.Occasionally, some application servers are being terminated after failing ELB HTTP health checks.The developer would like to perform a root cause analysis on the issue, but before being able to access application logs, the server is terminated.

How can log collection be automated?

Use Auto Scaling lifecycle hooks to put instances in a Pending:Wait state. Create an Amazon CloudWatch alarm for EC2 Instance Terminate Successful and trigger an AWS Lambda function that invokes an SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.

Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an AWS Config rule for EC2 Instance-terminate Lifecycle Action and trigger a step function that invokes a script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.

Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon CloudWatch subscription filter for EC2 Instance Terminate Successful and trigger a CloudWatch agent that invokes a script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.

Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon EventBridge rule for EC2 Instance-terminate Lifecycle Action and trigger an AWS Lambda function that invokes an SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.

Explanations:

While using Auto Scaling lifecycle hooks to put instances in a Pendingstate can allow for additional actions, the EC2 Instance Terminate Successful alarm does not directly trigger log collection actions. This approach does not adequately address the log collection before termination.

This option proposes using a rule for EC2 Instance-terminate Lifecycle Action, but AWS Config rules are not designed to trigger immediate actions in the context of instance termination and do not support automatic log collection before an instance is terminated.

Although this option suggests using Auto Scaling lifecycle hooks and CloudWatch subscription filters, subscription filters are for log streaming and not directly for triggering scripts to collect logs during the termination process. This method does not facilitate log collection before the instance termination completes.

This option correctly utilizes Auto Scaling lifecycle hooks to put instances in a Terminatingstate, allowing for log collection before termination. It employs an EventBridge rule that triggers a Lambda function to invoke an SSM Run Command to gather logs and store them in S3, ensuring that log collection occurs before the instance is fully terminated.

2025-10-14

1 Comment

  1. John
    Author

    I guess:
    Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon EventBridge rule for EC2 Instance-terminate Lifecycle Action and trigger an AWS Lambda function that invokes an SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.

Leave a Reply

Your email address will not be published. Required fields are marked *

ten − 4 =