Monitor with Amazon CloudWatch Logs
Configure Amazon IoT SiteWise to log information to CloudWatch Logs to monitor and troubleshoot the service.
When you use the Amazon IoT SiteWise console, Amazon IoT SiteWise creates a service-linked role that allows the service to log information on your behalf. If you don't use the Amazon IoT SiteWise console, you must create a service-linked role manually to receive logs. For more information, see Create a service-linked role for Amazon IoT SiteWise.
You must have a resource policy that allows Amazon IoT SiteWise to put log events into CloudWatch streams. To
create and update a resource policy for CloudWatch Logs, run the following command. Replace
logging-policy-name
with the name of the policy to create.
aws logs put-resource-policy --policy-name
logging-policy-name
--policy-document "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"IoTSiteWiseToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"iotsitewise.amazonaws.com\" ] }, \"Action\":\"logs:PutLogEvents\", \"Resource\": \"*\" } ] }"
CloudWatch Logs also supports aws:SourceArn and aws:SourceAccount condition context keys. These condition context keys are optional.
To create or update a resource policy that allows Amazon IoT SiteWise to only put logs associated with the specified Amazon IoT SiteWise resource into CloudWatch streams, run the command and do the following:
-
Replace
logging-policy-name
with the name of the policy to create. -
Replace
source-ARN
with the ARN of your Amazon IoT SiteWise resource, such as an asset model or asset. To find the ARN for each Amazon IoT SiteWise resource type, see Resource types defined by Amazon IoT SiteWise in the Service Authorization Reference. -
Replace
account-ID
with the Amazon account ID associated with the specified Amazon IoT SiteWise resource.
aws logs put-resource-policy --policy-name
logging-policy-name
--policy-document "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"IoTSiteWiseToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"iotsitewise.amazonaws.com\" ] }, \"Action\":\"logs:PutLogEvents\", \"Resource\": \"*\", \"Condition\":{\"StringLike\":{\"aws:SourceArn\":[\"source-ARN
\"],\"aws:SourceAccount\":[\"account-ID
\"]}}}]}"
By default, Amazon IoT SiteWise doesn't log information to CloudWatch Logs. To activate logging, choose a logging
level other than Disabled (OFF
). Amazon IoT SiteWise supports the following
logging levels:
-
OFF
– Logging is turned off. -
ERROR
– Errors are logged. -
INFO
– Errors and informational messages are logged.
You can configure SiteWise Edge gateways to log information to CloudWatch Logs through Amazon IoT Greengrass. For more information, see Monitor SiteWise Edge gateway logs.
You can also configure Amazon IoT Core to log information to CloudWatch Logs if you are troubleshooting an Amazon IoT SiteWise rule action. For more information, see Troubleshoot a Amazon IoT SiteWise rule action.
Contents
Manage logging in Amazon IoT SiteWise
Use the Amazon IoT SiteWise console or Amazon CLI for the following logging configuration tasks.
Find your logging level
Change your logging level
Use the following procedure to change your logging level in the Amazon IoT SiteWise console or using Amazon CLI.
Example: Amazon IoT SiteWise log file entries
Each Amazon IoT SiteWise log entry includes event information and relevant resources for that event, so you can understand and analyze log data.
The following example shows a CloudWatch Logs entry that Amazon IoT SiteWise logs when you successfully create an asset model.
{ "eventTime": "2020-05-05T00:10:22.902Z", "logLevel": "INFO", "eventType": "AssetModelCreationSuccess", "message": "Successfully created asset model.", "resources": { "assetModelId": "a1b2c3d4-5678-90ab-cdef-11111EXAMPLE" } }