🔷

CloudWatch Logs

Organizes data into:

Log Groups → logical container (e.g., application/service name)
Log Streams → individual sources within a group (e.g., EC2 instance, container)

Retention policy: from 1 day to 10 years, or never expire

Delivery options:

Amazon S3 (exports)
Kinesis Data Streams / Firehose
AWS Lambda
Amazon OpenSearch Service

Encryption:

Enabled by default with AWS-owned keys
Option to use KMS CMKs for customer-managed encryption

Log Sources

CloudWatch Logs Agent / Unified Agent (EC2 & on-prem)

AWS SDK

Elastic Beanstalk (application logs)

ECS (container logs)

AWS Lambda (execution logs)

VPC Flow Logs (VPC network traffic)

API Gateway (API request/response logs)

CloudTrail (event logs with filters)

Route 53 (DNS query logs)