本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AWSSupport-CollectEKSInstanceLogs
描述
The AWSSupport-CollectEKSInstanceLogs Automation document gathers operating system
and Amazon Elastic Kubernetes Service (Amazon EKS) related log files from an Amazon
Elastic Compute Cloud (Amazon EC2) instance to help you troubleshoot common issues.
While the automation is gathering the associated log files, changes are made to the
file system structure including the creation of temporary directories, the copying
of log files to the temporary directories, and compressing the log files into an archive.
This activity can result in increased CPUUtilization
on the EC2 instance. For more information about CPUUtilization
, see Instance metrics in the Amazon CloudWatch 用户指南.
If you specify a value for the LogDestination
parameter, the automation evaluates the policy status of the Amazon Simple Storage
Service (Amazon S3) bucket you specify. To help with the security of the logs gathered
from your EC2 instance, if the policy status isPublic
is set to true
, or if the access control list (ACL) grants READ|WRITE
permissions to the All Users
Amazon S3 predefined group, the logs are not uploaded. For more information about
Amazon S3 predefined groups, see Amazon S3 predefined groups in the Amazon Simple Storage Service 开发人员指南.
This automation requires at least 10 percent of available disk space on the root Amazon Elastic Block Store (Amazon EBS) volume attached to your EC2 instance. If there is not enough available disk space on the root volume, the automation stops.
文档类型
Automation
所有者
Amazon
平台
Linux
参数
-
AutomationAssumeRole
类型:字符串
说明:(可选)允许 Systems Manager Automation 代表您执行操作的 AWS Identity and Access Management (IAM) 角色的 Amazon 资源名称 (ARN)。如果未指定任何角色,则 Systems Manager Automation 使用运行此文档的用户的权限。
-
EKSInstanceId
类型: 字符串
描述:(Required) ID of the Amazon EKS EC2 instance you want to collect logs from.
-
LogDestination
类型: 字符串
描述:(Optional) The S3 bucket in your account to upload the archived logs to.
所需的 IAM 权限
AutomationAssumeRole
需要执行以下操作才能成功运行 Automation 文档。
-
ssm:ExecuteAutomation
-
ssm:GetAutomationExecution
-
ssm:SendCommand
We recommend that the EC2 instance receiving the command has an IAM role with the
AmazonSSMManagedInstanceCore Amazon managed policy attached. To upload the log archive to the S3 bucket you specify
in the LogDestination
parameter, you must add the s3:PutObject
permission.
文档步骤
-
aws:assertAwsResourceProperty - Confirms the operating system of the value specified in the
EKSInstanceId
parameter is Linux. -
aws:runCommand - Gathers operating system and Amazon EKS related log files, compressing them into an archive in the
/var/log
directory. -
aws:branch - Confirms whether a value was specified for the
LogDestination
parameter. -
aws:runCommand - Uploads the log archive to the S3 bucket you specify in the
LogDestination
parameter.