Configuring CLP#

To use object storage with CLP, follow the steps below to configure each use case you require.

Note

If CLP is already running, shut it down, update its configuration, and then start it again.

Configuration for input logs#

To configure CLP to compress logs from S3, update the logs_input key in <package>/etc/clp-config.yml with the values in the code block below, replacing the fields in angle brackets (<>) with the appropriate values:

logs_input:
  type: "s3"
  aws_authentication:
    type: "<type>"
    # type-specific settings

<type> and the type-specific settings are described in the configuring AWS authentication section.

Configuration for archive storage#

To configure CLP to store archives on S3, update the archive_output.storage key in <package>/etc/clp-config.yml with the values in the code block below, replacing the fields in angle brackets (<>) with the appropriate values:

archive_output:
  storage:
    type: "s3"
    staging_directory: "var/data/staged-archives"  # Or a path of your choosing
    s3_config:
      region_code: "<region-code>"
      bucket: "<bucket-name>"
      key_prefix: "<key-prefix>"
      aws_authentication:
        type: "<type>"
        # type-specific settings

  # archive_output's other config keys
  • staging_directory is the local filesystem directory where archives will be temporarily stored before being uploaded to S3.

  • s3_config configures both the S3 bucket where archives should be stored and the credentials for accessing it.

    • <region-code> is the AWS region code for the bucket.

    • <bucket-name> is the bucket’s name.

    • <key-prefix> is the “directory” where all archives will be stored within the bucket and must end with a trailing forward slash (e.g., archives/).

    • <type> and the type-specific settings are described in the configuring AWS authentication section.

Configuration for stream storage#

To configure CLP to cache stream files on S3, update the stream_output.storage key in <package>/etc/clp-config.yml with the values in the code block below, replacing the fields in angle brackets (<>) with the appropriate values:

stream_output:
  storage:
    type: "s3"
    staging_directory: "var/data/staged-streams"  # Or a path of your choosing
    s3_config:
      region_code: "<region-code>"
      bucket: "<bucket-name>"
      key_prefix: "<key-prefix>"
      aws_authentication:
        type: "<type>"
        # type-specific settings

  # stream_output's other config keys
  • staging_directory is the local filesystem directory where streams will be temporarily stored before being uploaded to S3.

  • s3_config configures both the S3 bucket where streams should be stored and the credentials for accessing it.

    • <region-code> is the AWS region code for the bucket.

    • <bucket-name> is the bucket’s name.

    • <key-prefix> is the “directory” where all streams will be stored within the bucket and must end with a trailing forward slash (e.g., streams/).

    • <type> and the type-specific settings are described in the configuring AWS authentication section.

Note

CLP currently doesn’t explicitly delete the cached streams. This limitation will be addressed in a future release.

Configuring AWS authentication#

For each use case above, you can configure its AWS authentication method through the aws_authentication config object, which includes the authentication method type to use and any additional settings necessary for the chosen authentication type.

Note

The code blocks below show aws_authentication as a top-level key, but it should be nested under logs_input, archive_output.storage.s3_config, or stream_output.storage.s3_config depending on the use case.

Settings for each type are described below:

credentials#

Settings for this type are shown below. Replace fields in angle brackets (<>) with the appropriate values:

aws_authentication:
  type: "credentials"
  credentials:
    access_key_id: "<aws-access-key-id>"
    secret_access_key: "<aws-secret-access-key>"

<aws-access-key-id> and <aws-secret-access-key> should be replaced with long-term credentials for an IAM user.

profile#

Settings for this type are shown below. Replace fields in angle brackets (<>) with the appropriate values:

aws_authentication:
  type: "profile"
  profile: "<profile-name>"

<profile-name> should be the name of an existing AWS CLI profile.

In addition, the top-level config aws_config_directory must be set to the directory containing the profile configurations (typically ~/.aws):

aws_config_directory: "<aws-config-dir>"

Note

If profiles are not used for AWS authentication, aws_config_directory should be commented or set to null.

env_vars#

Settings for this type are shown below.

aws_authentication:
  type: "env_vars"

The environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY should be used to specify a set of long-term IAM user credentials.

ec2#

Settings for this type are shown below.

aws_authentication:
  type: "ec2"

This authentication method will only work on an EC2 instance with a role attached.