Configuring AWS CLB Access Logging
This content is authored by Red Hat experts, but has not yet been tested on every supported configuration.
This guide will show you how to enable access logging on the default Classic Load Balancer ingress controller used in Red Hat OpenShift Service on AWS (ROSA) version 4.13 and earlier.
Prerequisites
- A ROSA Cluster (Version 4.13 or earlier)
- A logged in
ocCLI - A logged in
awsCLI
S3 Bucket Creation
Run the following command, making sure to update the name of the S3 bucket you wish to create and the account number of the Elastic Load Balancing root account (this is not your AWS account):
While my example uses the
us-east-1root account, ensure you select the proper account number for the region from the AWS documentation .Create your S3 bucket for your access logs to be stored. For this example, we will call our bucket rosa-clb-access-logs
Create and apply the following AWS S3 Bucket Policy to ensure that the Elastic Load Balancing account can log to designated S3 bucket:
Run the following command to annotate the default ingress controller with the necessary annotations to enable Elastic Load Balancing access logging:
Congratulations! You have now enabled access logging on your Classic Load Balancer. Your logs will begin to flow into the bucket that you have created, as shown below:
