How can log collection be automated?

By:
On:
In: DOP-C01
Tagged:
With: 0 Comments
A developer is maintaining a fleet of 50 Amazon EC2 Linux servers.The servers are part of an Amazon EC2 Auto Scaling group, and also use Elastic Load Balancing for load balancing.Occasionally, some application servers are being terminated after failing ELB HTTP health checks.The developer would like to perform a root cause analysis on the issue, but before being able to access application logs, the server is terminated.

How can log collection be automated?

Use Auto Scaling lifecycle hooks to put instances in a Pending:Wait state. Create an Amazon CloudWatch alarm for EC2 Instance Terminate Successful and trigger an AWS Lambda function that invokes an SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.

Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an AWS Config rule for EC2 instance-terminate Lifecycle Action and trigger a step function that invokes a script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.

Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon CloudWatch subscription filter for EC2 Instance Terminate Successful and trigger a CloudWatch agent that invokes a script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.

Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon EventBridge rule for EC2 Instance-terminate Lifecycle Action and trigger an AWS Lambda function that invokes an SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected.

Explanations:

Using Auto Scaling lifecycle hooks to put instances in the Pendingstate will delay instance termination, but the action should occur during the Terminatingstate to allow the server to be collected before being terminated.

AWS Config rules are used for compliance checks and are not suited for triggering lifecycle actions during instance termination. A step function is also an unnecessary complexity for this use case.

CloudWatch subscription filters are for filtering logs, not for triggering actions during the termination process. It is better to use Lambda and EventBridge for automation.

Using Auto Scaling lifecycle hooks with Terminatingstate allows the instance to pause before termination. EventBridge can trigger an AWS Lambda function that invokes an SSM Run Command script to collect logs and store them in S3, completing the lifecycle action. This provides an automated solution for collecting logs before instance termination.

Leave a Reply

Your email address will not be published. Required fields are marked *

fifteen − 14 =