0Pricing
AWS Solutions Architect · Lesson

CloudWatch Logs and Log Insights

Aggregate logs from EC2, Lambda, and containers into log groups, and run CloudWatch Logs Insights queries to find errors and patterns.

CloudWatch Logs Overview

Amazon CloudWatch Logs is a fully managed log aggregation service that collects, stores, and analyses log data from AWS services and your own applications. Unlike traditional log management where you SSH into servers to read files, CloudWatch Logs centralises all logs in a durable, encrypted store with built-in querying, filtering, metric extraction, and retention management. It integrates natively with EC2, Lambda, ECS, EKS, API Gateway, CloudTrail, and VPC Flow Logs.

Log Groups and Log Streams

Logs are organised hierarchically: a log group is a named container for logs that share the same retention and access control settings (for example, /aws/lambda/my-function). Within a log group, each log stream represents a single source of sequential log events — one EC2 instance, one Lambda container, or one ECS task. A log group can have thousands of streams, but each stream belongs to exactly one log group.

# Create a log group with 30-day retention
aws logs create-log-group \
  --log-group-name /myapp/production/api

aws logs put-retention-policy \
  --log-group-name /myapp/production/api \
  --retention-in-days 30

# List log streams in a group
aws logs describe-log-streams \
  --log-group-name /myapp/production/api \
  --order-by LastEventTime \
  --descending

All lessons in this course

  1. CloudWatch Metrics, Namespaces, and Dimensions
  2. CloudWatch Alarms and Composite Alarms
  3. CloudWatch Logs and Log Insights
  4. CloudWatch Dashboards and Container Insights
← Back to AWS Solutions Architect