**Help improve this page** 

To contribute to this user guide, choose the **Edit this page on GitHub** link that is located in the right pane of every page.

# Monitor your cluster performance and view logs
<a name="eks-observe"></a>

You can observe your data in Amazon EKS using many available monitoring or logging tools. Your Amazon EKS log data can be streamed to Amazon services or to partner tools for data analysis. There are many services available in the Amazon Web Services Management Console that provide data for troubleshooting your Amazon EKS issues. You can also use an Amazon-supported open-source solution for [monitoring Amazon EKS infrastructure](https://docs.amazonaws.cn/grafana/latest/userguide/solution-eks.html).

After selecting **Clusters** in the left navigation pane of the Amazon EKS console, you can view cluster health and details by choosing your cluster’s name and choosing the **Observability** tab. To view details about any existing Kubernetes resources that are deployed to your cluster, see [View Kubernetes resources in the Amazon Web Services Management Console](view-kubernetes-resources.md).

Monitoring is an important part of maintaining the reliability, availability, and performance of Amazon EKS and your Amazon solutions. We recommend that you collect monitoring data from all of the parts of your Amazon solution. That way, you can more easily debug a multi-point failure if one occurs. Before you start monitoring Amazon EKS, make sure that your monitoring plan addresses the following questions.
+ What are your goals? Do you need real-time notifications if your clusters scale dramatically?
+ What resources need to be observed?
+ How frequently do you need to observe these resources? Does your company want to respond quickly to risks?
+ What tools do you intend to use? If you already run Amazon Fargate as part of your launch, then you can use the built-in [log router](fargate-logging.md).
+ Who do you intend to perform the monitoring tasks?
+ Whom do you want notifications to be sent to when something goes wrong?

## Monitoring and logging on Amazon EKS
<a name="logging-monitoring"></a>

Amazon EKS provides built-in tools for monitoring and logging. For supported versions, the observability dashboard gives visibility into the performance of your cluster. It helps you to quickly detect, troubleshoot, and remediate issues. In addition to monitoring features, it includes lists based on the control plane audit logs. The Kubernetes control plane exposes a number of metrics that can also be scraped outside of the console.

Control plane logging records all API calls to your clusters, audit information capturing what users performed what actions to your clusters, and role-based information. For more information, see [Logging and monitoring on Amazon EKS](https://docs.amazonaws.cn/prescriptive-guidance/latest/implementing-logging-monitoring-cloudwatch/amazon-eks-logging-monitoring.html) in the * Amazon Prescriptive Guidance*.

Amazon EKS control plane logging provides audit and diagnostic logs directly from the Amazon EKS control plane to CloudWatch Logs in your account. These logs make it easy for you to secure and run your clusters. You can select the exact log types you need, and logs are sent as log streams to a group for each Amazon EKS cluster in CloudWatch. For more information, see [Send control plane logs to CloudWatch Logs](control-plane-logs.md).

**Note**  
When you check the Amazon EKS authenticator logs in Amazon CloudWatch, the entries are displayed that contain text similar to the following example text.  

```
level=info msg="mapping IAM role" groups="[]" role="arn:aws-cn:iam::111122223333:role/XXXXXXXXXXXXXXXXXX-NodeManagerRole-XXXXXXXX" username="eks:node-manager"
```
Entries that contain this text are expected. The `username` is an Amazon EKS internal service role that performs specific operations for managed node groups and Fargate.  
For low-level, customizable logging, then [Kubernetes logging](https://kubernetes.io/docs/concepts/cluster-administration/logging/) is available.

Amazon EKS is integrated with Amazon CloudTrail, a service that provides a record of actions taken by a user, role, or an Amazon service in Amazon EKS. CloudTrail captures all API calls for Amazon EKS as events. The calls captured include calls from the Amazon EKS console and code calls to the Amazon EKS API operations. For more information, see [Log API calls as Amazon CloudTrail events](logging-using-cloudtrail.md).

The Kubernetes API server exposes a number of metrics that are useful for monitoring and analysis. For more information, see [Monitor your cluster metrics with Prometheus](prometheus.md).

To configure Fluent Bit for custom Amazon CloudWatch logs, see [Setting up Fluent Bit](https://docs.amazonaws.cn/AmazonCloudWatch/latest/monitoring/Container-Insights-setup-logs-FluentBit.html#Container-Insights-FluentBit-setup) in the *Amazon CloudWatch User Guide*.

## Amazon EKS monitoring and logging tools
<a name="eks-monitor-tools"></a>

Amazon Web Services provides various tools that you can use to monitor Amazon EKS. You can configure some tools to set up automatic monitoring, but some require manual calls. We recommend that you automate monitoring tasks as much as your environment and existing toolset allows.

The following table describes various monitoring tool options.


| Areas | Tool | Description | Setup | 
| --- | --- | --- | --- | 
|  Control plane  |   [Observability dashboard](observability-dashboard.md)   |  For supported versions, the observability dashboard gives visibility into the performance of your cluster. It helps you to quickly detect, troubleshoot, and remediate issues.  |   [Setup procedure](observability-dashboard.md)   | 
|  Applications / control plane  |   [Prometheus](https://docs.amazonaws.cn/prometheus/latest/userguide/what-is-Amazon-Managed-Service-Prometheus.html)   |  Prometheus can be used to monitor metrics and alerts for applications and the control plane.  |   [Setup procedure](prometheus.md)   | 
|  Applications  |   [CloudWatch Container Insights](https://docs.amazonaws.cn/AmazonCloudWatch/latest/monitoring/ContainerInsights.html)   |  CloudWatch Container Insights collects, aggregates, and summarizes metrics and logs from your containerized applications and microservices.  |   [Setup procedure](https://docs.amazonaws.cn/AmazonCloudWatch/latest/monitoring/deploy-container-insights-EKS.html)   | 
|  Applications  |   [Amazon Distro for OpenTelemetry (ADOT)](https://aws-otel.github.io/docs/introduction)   |  ADOT can collect and sends correlated metrics, trace data, and metadata to Amazon monitoring services or partners. It can be set up through CloudWatch Container Insights.  |   [Setup procedure](opentelemetry.md)   | 
|  Applications  |   [Amazon DevOps Guru](https://www.amazonaws.cn/about-aws/whats-new/2021/11/amazon-devops-guru-coverage-amazon-eks-metrics-cluster/)   |  Amazon DevOps Guru detects node-level operational performance and availability.  |   [Setup procedure](https://docs.amazonaws.cn/AmazonCloudWatch/latest/monitoring/deploy-container-insights-EKS.html)   | 
|  Applications  |   [Amazon X-Ray](https://docs.amazonaws.cn/xray/latest/devguide/aws-xray.html)   |   Amazon X-Ray receives trace data about your application. This trace data includes ingoing and outgoing requests and metadata about the requests. For Amazon EKS, the implementation requires the OpenTelemetry add-on.  |   [Setup procedure](https://docs.amazonaws.cn/xray/latest/devguide/xray-instrumenting-your-app.html)   | 
|  Applications  |   [Amazon CloudWatch](https://docs.amazonaws.cn/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html)   |  CloudWatch provides some basic Amazon EKS metrics for free on supported versions. You can expand this functionality with the CloudWatch Observability Operator to handle collecting metrics, logs, and trace data.  |   [Setup procedure](cloudwatch.md)   | 

The following table describes various logging tool options.


| Areas | Tool | Description | Setup | 
| --- | --- | --- | --- | 
|  Control plane  |   [Observability dashboard](observability-dashboard.md)   |  For supported versions, the observability dashboard shows lists based on the control plane audit logs. It also includes links to control plane logs in Amazon CloudWatch.  |   [Setup procedure](observability-dashboard.md)   | 
|  Applications  |   [Amazon CloudWatch Container Insights](https://docs.amazonaws.cn/AmazonCloudWatch/latest/monitoring/ContainerInsights.html)   |  Amazon CloudWatch Container Insights collects, aggregates, and summarizes metrics and logs from your containerized applications and microservices.  |   [Setup procedure](https://docs.amazonaws.cn/AmazonCloudWatch/latest/monitoring/Container-Insights-setup-EKS-quickstart.html)   | 
|  Control plane  |   [Amazon CloudWatch Logs](https://docs.amazonaws.cn/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html)   |  You can send audit and diagnostic logs directly from the Amazon EKS control plane to CloudWatch Logs in your account.  |   [Setup procedure](control-plane-logs.md)   | 
|  Control plane  |   [Amazon CloudTrail](logging-using-cloudtrail.md)   |  It logs API calls by a user, role, or service.  |   [Setup procedure](https://docs.amazonaws.cn/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html)   | 
|  Multiple areas for Amazon Fargate instances  |   [Amazon Fargate log router](fargate-logging.md)   |  For Amazon Fargate instances, the log router streams logs to Amazon services or partner tools. It uses [Amazon for Fluent Bit](https://github.com/aws/aws-for-fluent-bit). Logs can be streamed to other Amazon services or partner tools.  |   [Setup procedure](fargate-logging.md)   |