# Automated CloudWatch Logs Exports to Amazon S3 using AWS Lambda

# Introduction:

In the realm of cloud computing, effective log management is essential. Amazon CloudWatch Logs offers centralized log storage, while AWS Lambda provides serverless computing capabilities. Combining these services enables the automated export of logs to Amazon S3, enhancing data durability and simplifying log management workflows. In this guide, we'll walk through setting up an AWS Lambda function to streamline the process of exporting CloudWatch Logs to an S3 bucket, offering a scalable and efficient solution for organizations seeking improved log data management in the AWS ecosystem.

GitHub Repo: [https://github.com/saadkhan024/Cloudwatchlogs-to-S3bucket](https://github.com/saadkhan024/Cloudwatchlogs-to-S3bucket)

## Creating a Lambda function.

We need to create a lambda function which will invoke with Cloudawatch

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705479086320/dd58df24-7baf-4e0b-b2f0-fbb86441426c.png align="center")

You can select create new role as i am doing for testing purpose.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705479164826/1154c164-b752-4518-a3df-1f6becd6a973.png align="center")

We will write some dummy function to test the case.

This is my Test function code

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705479602746/7211efbc-11e5-4162-b02a-36812c31cfab.png align="center")

You can see that after executing it run successfully.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705479644439/8553c67c-0a40-4522-b8e7-c25b238c731e.png align="center")

For checking the logs has been created or not, go to CloudWatch and check on Logs group.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705479924363/1e8d59db-b3cd-41be-aca4-2db0b4101d2d.png align="center")

Log has been generated.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705479991741/0df4b97e-b933-4d80-9b4d-d8e03fe1aa11.png align="center")

For sending the logs from cloudwatch to s3 we will require IAM role.

## Creating and IAM role.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705481162963/901069f1-134a-4697-8a86-1b476fc66949.png align="center")

and we will select the given policy and edit the trust policy.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705481201482/7b3ae4ce-8222-47eb-97b1-7228191beca9.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705482662977/afa0bf95-0138-44d3-95e2-e70ed370b41b.png align="center")

We will setup the lambda function with attaching the IAM role which we have created.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705482947296/4786ee74-8cb0-4baf-a71a-6ffac8e0b4c6.png align="center")

We need to change some default configuration time to 15 min of highest.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705483079898/dc17b809-80d3-4020-8cb7-830cf879a38d.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705483175234/16a95469-9996-43aa-bf01-58be774424c4.png align="center")

Now we have to change the lambda function with our customized code and deploy.

you can find the code in my github repo.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705483488040/6c43e5c4-3b08-4a34-92e8-059b6d8f75a6.png align="center")

# Creating an S3 bucket.

Go to search bar and type S3 and click on create and put the info.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705483722785/26b59136-598b-4ce0-9610-ca58f4f0f439.png align="center")

We will edit the policy under s3 with our inline policy you can find the same on github repo.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705484027500/26540623-d6d4-456f-916d-090c61319a62.png align="center")

After deploying the script you can see that logs has been generated.

Thank You...
