Push Logs to AWS S3 bucket
You can continually push logs from mongod, mongos, and audit logs to an
AWS S3 bucket from an M10+ cluster.
Atlas exports logs every 5 minutes.
Required Access
To push logs to an AWS S3 bucket, you must have
Project Owner or Organization Owner access to
Atlas.
To push logs to an AWS S3 bucket using the Atlas Administration API, you
must have Project Owner access to Atlas.
Considerations
You can't specify which logs to send. Atlas sends all
mongod,mongos, and audit logs.Push-based log export doesn't support Bring Your Own Key (BYOK).
You can only push logs to an AWS S3 bucket from an
M10+Atlas cluster.Atlas doesn't export log lines over 10 MB.
Prerequisites
You will need:
an AWS IAM role with sts:AssumeRole that grants Atlas access to your AWS resource with a maximum session duration set to 12 hours.
an existing AWS S3 bucket.
An
M10+Atlas cluster.
Procedure
Note
During the procedure, Atlas creates a role policy to access the S3 bucket with the following permissions:
To continually push logs to an AWS S3 bucket, follow these steps.
In Atlas, go to the Advanced page for your project.
Warning
Navigation Improvements In Progress
We're currently rolling out a new and improved navigation experience. If the following steps don't match your view in the Atlas UI, see the preview documentation.
If it's not already displayed, select the organization that contains your project from the Organizations menu in the navigation bar.
If it's not already displayed, select your project from the Projects menu in the navigation bar.
In the sidebar, click Advanced under the Security heading.
The Advanced page displays.