README
aws multi-role log viewer
description
Uses AWS CloudWatch Insights to query multiple log groups across multiple STS roles in parallel, and then combines and sorts them all by timestamp. The default query it uses is fields @message, @timestamp in the last 5 minutes
installation
npm i @exodus/aws-multilog -g
Requirements:
Install pip install qaws, pip install awsume
Then configure your amazon config including mfa_token and source_profile for all roles...
For example in my ~/.aws/config I have
[profile staging]
region = us-east-1
output = json
mfa_serial = arn:aws:iam::myuserid:mfa/myusername
[profile staging-myrole]
source_profile = staging
role_arn = arn:aws:iam::accountid:role/rolename
and in ~/.aws/credentials I have:
[staging]
aws_access_key_id = myid
aws_secret_access_key = mykey
if you have mfa_serial specified then make sure you do awsume staging (or whatever your role is) to ensure your mfa token is cached and working
configuration
Create the file ~/.aws/multilog.json to hold your log group configuration:
[
{
"profile": "staging",
"groups": [
"/aws/lambda/staging-lambda",
"/aws/lambda/database-lambda"
],
"color": "blue"
},
{
"profile": "production",
"groups": [
"/aws/lambda/production-lambda"
],
"color": "blueBright"
}
]
usage
$ aws-multilog
# defaults to 5 minutes, queries all messages
$ aws-multilog --time 1h
# all messages in last hour
$ aws-multilog --filter 'level = "error"'
# only get log level error (assuming your logs are json w/ "level": "error")
$ aws-multilog --time 1h --end 30m
# all messages between 1h to 30min ago
$ aws-multilog --limit 9999
# default is 1000, max is 9999
options
-q- quiet mode-v- verbose mode (show query metadata)--filter- shorthand for adding a insights filter--time- specify custom start time, i.e. 5m or 1h--end- specify end time--json- ndjson outpout--query- specify custom insights query string--limit- default 1000, max 9999