Automate your AWS Elastic Search Log Rollover Process
If you look over the internet you will find how to do something manually in multiple ways. But in Dev Ops world automating that takes priority. Same applies here. There are many places that talks about how to rollover logs using ES endpoints in AWS. But I am taking it to next level here and will talk about automating the process. For the completeness I will refer to my earlier solution on centralized logging[1] and will extend the same solution. But anything here will not bound to that solution and you will be able to use it to plug it to any solution.
Here I will be using the same method provided by Elastic Search to rollover logs. But my solution is to write a lambda to do all API calls and rollover logs. And then we can create a cloud watch rule as a cron job to execute in the frequency we need.
So the first part of the solution is writing the lambda to do API calls to rollover logs. My Node Js code is available in GitHub [2]. Here its first calling the index api to get all indices and then loop through them and get the alias to rollover and if alias is not there then create it. Here I am using specific pattern for my index name and you will need to change that in this code to apply it to yours.
Next thing will be about pushing logs to correct index. Ideal thing is (which we do when we configure manually) push logs to alias created. But this will be hard to do when we are fully automated. So easier way would be to find out the current log index and push to that index. So I have updated the lambda provided in my previous blog to just to do that. This involved some tricky Node Js features such as async and await as well [3].
Now you will need to zip your code and upload it to S3. Next step would be create resources using cloud formation stacks. You can use rollover stack and logs to es stack to deploy your resources without a fuss.
Hope I saved someone’s day. Good luck!!!