![\"ELK](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/05\/image2-1.png\")
<\/figure><\/div>\n\n\nPresented in this way, the simple “logging” management of our application could be relatively complex. However, this stack is used extensively today due to its versatility and scalability.<\/p>\n\n\n\n
But we are not going to talk about this structure, indeed we\u2019ll describe its cloud-native \u201cfork\u201d on the AWS world! In fact, we will deal with the EKK stack, the components that come into play become:<\/p>\n\n\n\n
- \n
- Amazon Elaticsearch service<\/strong>: the AWS service that supports an open source version of Elasticsearch (Open Distro for Elasticsearch)<\/li>\n\n\n\n
- Amazon Kinesis Firehose<\/strong>: A reliable, robust, near real-time streaming service used for scenarios such as data lakes or capturing video, audio, and clickstream<\/li>\n\n\n\n
- Kibana<\/strong><\/li>\n<\/ul>\n\n\n\n
The infrastructure diagram transforms as follows:<\/p>\n\n\n
\n![\"EKK](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/05\/image5-1024x460.png\")
<\/figure><\/div>\n\n\nConvenient isn’t it? Forget the provisioning and management of EC2 machines, as well as their scaling, maintenance and configuration in high availability. These services, fully managed by AWS, come to our rescue by allowing us to focus on our application and reduce costly activities, in terms of time, for the “trivial” infrastructure linked to the aggregation and presentation of logs.<\/p>\n\n\n\n
For the more suspicious, having to send data to Firehose may not be the best choice. So, let\u2019s describe the advantages of the proposed solution.<\/p>\n\n\n\n
First, there is a native integration between Kinesis and Elasticsearch managed by AWS! Furthermore, we can decide to carry out processing activities on all incoming data, indeed, by using AWS Lambda, we can format the incoming logs from all source systems.<\/p>\n\n\n\n
It is not enough? On Kinesis we can also select an S3 bucket to save logs, so they will be available in the future for any analysis or replication to other platforms.<\/p>\n\n\n\n
To reduce costs, nothing prevents us from moving data to a different S3 Tier cheaper than the Standard one.<\/p>\n\n\n\n
Among the functions offered by Kinesis, there is also that of batching, encryption and retry mechanism to better manage requests to the Elasticsearch server.<\/p>\n\n\n\n
But which sources can we use with Kinesis? Ideally, any! In fact, it is possible to directly call the APIs (for example, those provided by SDKs), or we can use tools already provided by AWS if we are using its best-known computing services.<\/p>\n\n\n\n
Let’s take some examples:<\/p>\n\n\n\n
- \n
- EC2<\/strong>: Thanks to Amazon Kinesis Agent<\/em>, a Java-based software that collects and sends logs independently to Kinesis<\/li>\n\n\n\n
- ECS Fargate<\/strong>: Integration with Kinesis can be done via the FireLens<\/em> log driver<\/li>\n\n\n\n
- Other service:<\/strong> By calling the Kinesis API directly.<\/li>\n<\/ul>\n\n\n\n
In summary, we have seen how to bring the classic ELK stack back into an AWS cloud-native perspective, then transforming it into an EKK stack to take advantage of the benefits of AWS managed services.<\/p>\n\n\n\n
Can’t wait to do some practice? Perfect! Let’s do a short demo using an ECS cluster in Fargate mode!<\/p>\n\n\n\n
EKK on ECS Fargate<\/h2>\n\n\n\n
Before starting with the demo, let’s describe the services we are going to use:<\/p>\n\n\n\n
- \n
- ECS Cluster Fargate<\/strong>: We have already seen extensively in this blog how to create it and configure any services and tasks.<\/li>\n\n\n\n
- Elasticsearch domain: <\/strong>We will not cover the details of its configuration. The advice I can give you is to pay attention to the following points:\n
- \n
- Sizing of the computational stack, tuning high availability, sizing of the appropriate storage you need<\/li>\n\n\n\n
- Manage access patterns to Elasticsearch server (similar to resource-policy)<\/li>\n\n\n\n
- Manage access to Kibana appropriately, in our case we used a Cognito User Pool together with Cognito Identity Pool<\/li>\n\n\n\n
- Network configuration: This part will no longer be editable after creation. In our case, we chose an instance with public internet access.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Kinesis Firehose<\/strong>: As per the infrastructure diagram, the AWS service will be used for data ingestion.<\/li>\n<\/ul>\n\n\n\n
Here is our Fargate cluster with the service<\/em> created for the demo, blog-ekk<\/em>:<\/p>\n\n\n
\n![\"Fargate](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/05\/image4-1024x446.png\")
<\/figure><\/div>\n\n\nParticular attention is to be paid in the definition of the task definition<\/em>, we will in fact use FireLens<\/em> for the native integration between Fargate and Firehose:<\/p>\n\n\n\n
FireLens is a log driver for containers hosted on Amazon ECS that extends its log management capabilities. It relies on FleuntD and Fluent Bit.<\/p>\n\n\n\n
Below is a simplification of the task definition used by us:<\/p>\n\n\n\n
{\n\t\"family\": \"firelens-example-firehose\",\n\t\"taskRoleArn\": \"arn:aws:iam::XXXXXXXXXXXX:role\/ecs_task_iam_role\",\n\t\"executionRoleArn\": \"arn:aws:iam::XXXXXXXXXXXX:role\/ecs_task_execution_role\",\n\t\"containerDefinitions\": [\n\t\t{\n\t\t\t\"essential\": true,\n\t\t\t\"image\": \"amazon\/aws-for-fluent-bit:latest\",\n\t\t\t\"name\": \"log_router\",\n\t\t\t\"firelensConfiguration\": {\n\t\t\t\t\"type\": \"fluentbit\"\n\t\t\t},\n\t\t\t\"logConfiguration\": {\n\t\t\t\t\"logDriver\": \"awslogs\",\n\t\t\t\t\"options\": {\n\t\t\t\t\t\"awslogs-group\": \"firelens-container\",\n\t\t\t\t\t\"awslogs-region\": \"eu-west-1\",\n\t\t\t\t\t\"awslogs-create-group\": \"true\",\n\t\t\t\t\t\"awslogs-stream-prefix\": \"firelens\"\n\t\t\t\t}\n\t\t\t},\n\t\t\t\"memoryReservation\": 50\n\t\t },\n\t\t {\n\t\t\t \"essential\": true,\n\t\t\t \"image\": \"your-image-uri\",\n\t\t\t \"name\": \"app\",\n\t\t\t \"logConfiguration\": {\n\t\t\t\t \"logDriver\":\"awsfirelens\",\n\t\t\t\t \"options\": {\n\t\t\t\t\t\"Name\": \"firehose\",\n\t\t\t\t\t\"region\": \"eu-west-1\"\",\n\t\t\t\t\t\"delivery_stream\": \"blog-ekk\"\n\t\t\t\t}\n\t\t\t},\n\t\t\t\"memoryReservation\": 100\n\t\t}\n\t]\n}<\/pre>\n\n\n\nIf you use the graphical interface to create the task definition, once the container is configured, by modifying the log router in firelens, the side container that relies on FluentBit will automatically appear (container image: amazon \/ aws-for-fluent -bit: latest<\/em>)<\/p>\n\n\n\n
Don’t forget to change the task definition role to have permission to write to Firehose!<\/p>\n\n\n\n
Perfect, the sender system has been configured! Let’s now move to the definition of the ingestion system: Kinesis Firehose!<\/p>\n\n\n\n
Its configuration is relatively simple. In our case we used S3 as a backup, Elasticsearch as destination and no Lambda transforms.<\/p>\n\n\n
\n![\"S3](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/05\/image1-1-979x1024.png\")
<\/figure><\/div>\n\n\nHave you configured everything? Make sure your ECS Service is up and running, in the log<\/em> section you can check that the side container is actually forwarding the logs to Kinesis.<\/p>\n\n\n\n
For further verification, you can check from the metrics on Kinesis for correct reception and forwarding to the Elasticsearch server.<\/p>\n\n\n\n
We just have to enter the Elasticsearch domain, on the overview page we will find the address to access Kibana. In our case, access will be authenticated using a username and password saved and managed by Cognito:<\/p>\n\n\n
\n![\"Elasticsearch](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/05\/image3-1024x538.png\")
<\/figure><\/div>\n\n\nAnd here is our dashboard on Kibana:<\/p>\n\n\n
\n![\"dashboard](\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/05\/image6-1024x566.png\")
<\/figure><\/div>\n\n\nThe behavior is as expected, we have in fact created a simple container that writes “bingo” <\/p>\n\n\n\n
Conclusions<\/h2>\n\n\n\n
To conclude, in this article we have described the benefits of the EKK stack, an AWS cloud-native version of the classic ELK stack.<\/p>\n\n\n\n
We then saw which AWS services can be used as source system, deepening the case of containers hosted on ECS in Fargate mode.<\/p>\n\n\n\n
Do you want to deepen this modality with a step-by-step guide? Or maybe you are curious about the solution starting from EC2 machines? Write us in the comments, and we will try to accommodate your requests!<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Introduction Nowadays it is increasingly important to be able to monitor and track the status of your applications, as well […]<\/p>\n","protected":false},"author":14,"featured_media":3154,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[482],"tags":[269,251,265],"yoast_head":"\n
Logging best practices on AWS: from an ELK to an EKK stack. - Proud2beCloud Blog<\/title>\n<meta name=\"description\" content=\"EKK stack (Amazon Elasticsearch Service - Amazon Kinesis - Kibana): an alternative to the ELK stack for logs management on AWS.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.besharp.it\/logging-best-practices-on-aws-from-an-elk-to-an-ekk-stack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Logging best practices on AWS: from an ELK to an EKK stack.\" \/>\n<meta property=\"og:description\" content=\"EKK stack (Amazon Elasticsearch Service - Amazon Kinesis - Kibana): an alternative to the ELK stack for logs management on AWS.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.besharp.it\/logging-best-practices-on-aws-from-an-elk-to-an-ekk-stack\/\" \/>\n<meta property=\"og:site_name\" content=\"Proud2beCloud Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-28T11:59:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-21T08:00:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/05\/beSharp_blog_Copertine_2021-Recuperato_28_05_2021_Twitter-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Alessandro Bertini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Logging best practices on AWS: from an ELK to an EKK stack.\" \/>\n<meta name=\"twitter:description\" content=\"EKK stack (Amazon Elasticsearch Service - Amazon Kinesis - Kibana): an alternative to the ELK stack for logs management on AWS.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/05\/beSharp_blog_Copertine_2021-Recuperato_28_05_2021_Twitter-2.png\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alessandro Bertini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.besharp.it\/logging-best-practices-on-aws-from-an-elk-to-an-ekk-stack\/\",\"url\":\"https:\/\/blog.besharp.it\/logging-best-practices-on-aws-from-an-elk-to-an-ekk-stack\/\",\"name\":\"Logging best practices on AWS: from an ELK to an EKK stack. - Proud2beCloud Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.besharp.it\/#website\"},\"datePublished\":\"2021-05-28T11:59:00+00:00\",\"dateModified\":\"2023-04-21T08:00:41+00:00\",\"author\":{\"@id\":\"https:\/\/blog.besharp.it\/#\/schema\/person\/06e173694a005ed650e6de35e965e0c9\"},\"description\":\"EKK stack (Amazon Elasticsearch Service - Amazon Kinesis - Kibana): an alternative to the ELK stack for logs management on AWS.\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.besharp.it\/logging-best-practices-on-aws-from-an-elk-to-an-ekk-stack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.besharp.it\/logging-best-practices-on-aws-from-an-elk-to-an-ekk-stack\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.besharp.it\/logging-best-practices-on-aws-from-an-elk-to-an-ekk-stack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.besharp.it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Logging best practices on AWS: from an ELK to an EKK stack.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.besharp.it\/#website\",\"url\":\"https:\/\/blog.besharp.it\/\",\"name\":\"Proud2beCloud Blog\",\"description\":\"il blog di beSharp\",\"alternateName\":\"Proud2beCloud Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.besharp.it\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.besharp.it\/#\/schema\/person\/06e173694a005ed650e6de35e965e0c9\",\"name\":\"Alessandro Bertini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.besharp.it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6138dfdbb6ddab5ec54e7b8be0bbef73?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6138dfdbb6ddab5ec54e7b8be0bbef73?s=96&d=mm&r=g\",\"caption\":\"Alessandro Bertini\"},\"description\":\"DevOps Engineer @ beSharp. I deal with Cloud-Native software development, strongly oriented to the serverless paradigm! Passionate about board games and video games (as the best geeks do!)\",\"url\":\"https:\/\/blog.besharp.it\/author\/alessandro-bertini\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Logging best practices on AWS: from an ELK to an EKK stack. - Proud2beCloud Blog","description":"EKK stack (Amazon Elasticsearch Service - Amazon Kinesis - Kibana): an alternative to the ELK stack for logs management on AWS.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.besharp.it\/logging-best-practices-on-aws-from-an-elk-to-an-ekk-stack\/","og_locale":"en_US","og_type":"article","og_title":"Logging best practices on AWS: from an ELK to an EKK stack.","og_description":"EKK stack (Amazon Elasticsearch Service - Amazon Kinesis - Kibana): an alternative to the ELK stack for logs management on AWS.","og_url":"https:\/\/blog.besharp.it\/logging-best-practices-on-aws-from-an-elk-to-an-ekk-stack\/","og_site_name":"Proud2beCloud Blog","article_published_time":"2021-05-28T11:59:00+00:00","article_modified_time":"2023-04-21T08:00:41+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/05\/beSharp_blog_Copertine_2021-Recuperato_28_05_2021_Twitter-2.png","type":"image\/png"}],"author":"Alessandro Bertini","twitter_card":"summary_large_image","twitter_title":"Logging best practices on AWS: from an ELK to an EKK stack.","twitter_description":"EKK stack (Amazon Elasticsearch Service - Amazon Kinesis - Kibana): an alternative to the ELK stack for logs management on AWS.","twitter_image":"https:\/\/blog.besharp.it\/wp-content\/uploads\/2021\/05\/beSharp_blog_Copertine_2021-Recuperato_28_05_2021_Twitter-2.png","twitter_misc":{"Written by":"Alessandro Bertini","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.besharp.it\/logging-best-practices-on-aws-from-an-elk-to-an-ekk-stack\/","url":"https:\/\/blog.besharp.it\/logging-best-practices-on-aws-from-an-elk-to-an-ekk-stack\/","name":"Logging best practices on AWS: from an ELK to an EKK stack. - Proud2beCloud Blog","isPartOf":{"@id":"https:\/\/blog.besharp.it\/#website"},"datePublished":"2021-05-28T11:59:00+00:00","dateModified":"2023-04-21T08:00:41+00:00","author":{"@id":"https:\/\/blog.besharp.it\/#\/schema\/person\/06e173694a005ed650e6de35e965e0c9"},"description":"EKK stack (Amazon Elasticsearch Service - Amazon Kinesis - Kibana): an alternative to the ELK stack for logs management on AWS.","breadcrumb":{"@id":"https:\/\/blog.besharp.it\/logging-best-practices-on-aws-from-an-elk-to-an-ekk-stack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.besharp.it\/logging-best-practices-on-aws-from-an-elk-to-an-ekk-stack\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.besharp.it\/logging-best-practices-on-aws-from-an-elk-to-an-ekk-stack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.besharp.it\/"},{"@type":"ListItem","position":2,"name":"Logging best practices on AWS: from an ELK to an EKK stack."}]},{"@type":"WebSite","@id":"https:\/\/blog.besharp.it\/#website","url":"https:\/\/blog.besharp.it\/","name":"Proud2beCloud Blog","description":"il blog di beSharp","alternateName":"Proud2beCloud Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.besharp.it\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.besharp.it\/#\/schema\/person\/06e173694a005ed650e6de35e965e0c9","name":"Alessandro Bertini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.besharp.it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6138dfdbb6ddab5ec54e7b8be0bbef73?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6138dfdbb6ddab5ec54e7b8be0bbef73?s=96&d=mm&r=g","caption":"Alessandro Bertini"},"description":"DevOps Engineer @ beSharp. I deal with Cloud-Native software development, strongly oriented to the serverless paradigm! Passionate about board games and video games (as the best geeks do!)","url":"https:\/\/blog.besharp.it\/author\/alessandro-bertini\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/posts\/3128"}],"collection":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/comments?post=3128"}],"version-history":[{"count":0,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/posts\/3128\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/media\/3154"}],"wp:attachment":[{"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/media?parent=3128"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/categories?post=3128"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.besharp.it\/wp-json\/wp\/v2\/tags?post=3128"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Elasticsearch domain: <\/strong>We will not cover the details of its configuration. The advice I can give you is to pay attention to the following points:\n
- ECS Fargate<\/strong>: Integration with Kinesis can be done via the FireLens<\/em> log driver<\/li>\n\n\n\n
- Amazon Kinesis Firehose<\/strong>: A reliable, robust, near real-time streaming service used for scenarios such as data lakes or capturing video, audio, and clickstream<\/li>\n\n\n\n