https://github.com/garysassano/cdk-aws-cross-account-cwl-sub-org

CDK app showcasing how to use CloudWatch Logs cross‑account account-level subscriptions for sending OTel traces to a centralized location.
https://github.com/garysassano/cdk-aws-cross-account-cwl-sub-org

aws aws-cdk aws-lambda cdk cloudwatch-logs cw-logs kinesis-data-streams opentelemetry otel

Last synced: 22 days ago
JSON representation

CDK app showcasing how to use CloudWatch Logs cross‑account account-level subscriptions for sending OTel traces to a centralized location.

• Host: GitHub
• URL: https://github.com/garysassano/cdk-aws-cross-account-cwl-sub-org
• Owner: garysassano
• License: apache-2.0
• Created: 2025-08-12T03:35:12.000Z (about 2 months ago)
• Default Branch: main
• Last Pushed: 2025-09-13T13:32:26.000Z (23 days ago)
• Last Synced: 2025-09-13T13:58:39.540Z (23 days ago)
• Topics: aws, aws-cdk, aws-lambda, cdk, cloudwatch-logs, cw-logs, kinesis-data-streams, opentelemetry, otel
• Language: TypeScript
• Homepage:
• Size: 173 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# cdk-aws-cross-account-cwl-sub-org

CDK app showcasing how to use [CloudWatch Logs cross‑account account-level subscriptions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CrossAccountSubscriptions-Kinesis-Account.html) for sending OTel traces to a centralized location.

## Prerequisites

- **_AWS:_**

  - Must have completed the steps detailed in the [Configuration](#configuration) section.

- **_Node.js + npm:_**

  - Must be [installed](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm) in your system.

- **_Poetry:_**

  - Must be [installed](https://python-poetry.org/docs/#installation) in your system.

## Configuration

Set the following variables in your local environment:

- `CDK_ACCOUNT_SRC` - The AWS account ID for the source stack (e.g. `123456789012`)

- `CDK_ACCOUNT_TRG` - The AWS account ID for the target stack (e.g. `123456789012`)

- `CDK_REGION_SHARED` - The AWS region for both source and target stacks  (e.g. `us-east-1`)

- `AWS_ORG_ID_SHARED` - The AWS organization ID used for cross-account permissions (e.g. `o-12345abcde`)

After that, complete the [CDK bootstrapping](https://docs.aws.amazon.com/cdk/v2/guide/bootstrapping.html) process for both the `SRC` and `TRG` accounts.

1. Execute the command below with a user having admin privileges in the `SRC` account:

   ```sh

   cdk bootstrap aws://$CDK_ACCOUNT_SRC/$CDK_REGION_SHARED

   ```

2. Execute the command below with a user having admin privileges in the `TRG` account:

   ```sh

   cdk bootstrap aws://$CDK_ACCOUNT_TRG/$CDK_REGION_SHARED --trust $CDK_ACCOUNT_SRC --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess

   ```

## Installation

```sh

npx projen install

```

## Deployment

Execute the command below as admin of the `SRC` account:

```sh

npx projen deploy --all --require-approval never

```

## Cleanup

Execute the command below as admin of the `SRC` account:

```sh

npx projen destroy --all --force

```

## Architecture Diagram

![Architecture Diagram](./src/assets/arch-diagram.svg)