AWSSupport-CollectEKSInstanceLogs - AWS Systems Manager
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门




The AWSSupport-CollectEKSInstanceLogs Automation document gathers operating system and Amazon Elastic Kubernetes Service (Amazon EKS) related log files from an Amazon Elastic Compute Cloud (Amazon EC2) instance to help you troubleshoot common issues. While the automation is gathering the associated log files, changes are made to the file system structure including the creation of temporary directories, the copying of log files to the temporary directories, and compressing the log files into an archive. This activity can result in increased CPUUtilization on the EC2 instance. For more information about CPUUtilization, see Instance metrics in the Amazon CloudWatch 用户指南.

If you specify a value for the LogDestination parameter, the automation evaluates the policy status of the Amazon Simple Storage Service (Amazon S3) bucket you specify. To help with the security of the logs gathered from your EC2 instance, if the policy status isPublic is set to true, or if the access control list (ACL) grants READ|WRITE permissions to the All Users Amazon S3 predefined group, the logs are not uploaded. For more information about Amazon S3 predefined groups, see Amazon S3 predefined groups in the Amazon Simple Storage Service 开发人员指南.


This automation requires at least 10 percent of available disk space on the root Amazon Elastic Block Store (Amazon EBS) volume attached to your EC2 instance. If there is not enough available disk space on the root volume, the automation stops.

运行此 Automation(控制台)








  • AutomationAssumeRole


    说明:(可选)允许 Systems Manager Automation 代表您执行操作的 AWS Identity and Access Management (IAM) 角色的 Amazon 资源名称 (ARN)。如果未指定任何角色,则 Systems Manager Automation 使用运行此文档的用户的权限。

  • EKSInstanceId

    类型: 字符串

    描述:(Required) ID of the Amazon EKS EC2 instance you want to collect logs from.

  • LogDestination

    类型: 字符串

    描述:(Optional) The S3 bucket in your account to upload the archived logs to.

所需的 IAM 权限

AutomationAssumeRole 需要执行以下操作才能成功运行 Automation 文档。

  • ssm:ExecuteAutomation

  • ssm:GetAutomationExecution

  • ssm:SendCommand

We recommend that the EC2 instance receiving the command has an IAM role with the AmazonSSMManagedInstanceCore Amazon managed policy attached. To upload the log archive to the S3 bucket you specify in the LogDestination parameter, you must add the s3:PutObject permission.


  • aws:assertAwsResourceProperty - Confirms the operating system of the value specified in the EKSInstanceId parameter is Linux.

  • aws:runCommand - Gathers operating system and Amazon EKS related log files, compressing them into an archive in the /var/log directory.

  • aws:branch - Confirms whether a value was specified for the LogDestination parameter.

  • aws:runCommand - Uploads the log archive to the S3 bucket you specify in the LogDestination parameter.