Skip to main content

View CloudWatch logs

Access to CloudWatch

You must be on-boarded to GovWifi’s AWS account in order to access CloudWatch logs.

Please speak to the GovWifi reliability engineers or the delivery manager about this process.

Using gds-cli

This utility is being replaced with cod-cli (https://github.com/GovWifi/cod-cli).

The remainder of this section is retained until everyone has migrated to cod-cli

Logging in to CloudWatch

Log in to GovWifi AWS via the gds-cli or the AWS console.

You must be on the VPN to log in.

CLI login

Ensure gds-cli is configured on your laptop and your AWS credentials are set up. Note: it may be aliased to ‘gds’

Then run:

$ gds aws govwifi -l

Using the AWS service search bar, navigate to the CloudWatch service section.

Console login

  1. Log in to the AWS console
  2. Navigate to CloudWatch
  3. Choose “Log groups” from the “Logs” sidebar. You can also use “Insights” which is a log aggregation tool in CloudWatch.

You can read more about the CloudWatch Insights query DSL here.

CloudWatch logs

CloudWatch contains unstructured system and application logs for GovWifi’s APIs and infrastructure components.

Since the service is region-based, make sure you’re reviewing logs for the correct region by selecting the relevant region from the AWS service bar.

Application log types

The application log group naming is inconsistent. It roughly uses the following convention:

<environment>-<service>-log-group
Service/API Environment Log group
FreeRADIUS Staging frontend
Production frontend
Admin Staging staging-admin-log-group
Production wifi-admin-log-group
Authentication Staging staging-authentication-api-docker-log-group
Production wifi-authentication-api-docker-logs
User Sign-up Staging staging-user-signup-api-docker-log-group
Production wifi-user-signup-api-docker-log-group
Logging Staging staging-logging-api-docker-log-group
Production wifi-logging-api-docker-log-group
Grafana Staging staging-grafana-log-group
Production wifi-grafana-log-group
Prometheus Staging staging-prometheus-log-group
Production wifi-prometheus-log-group

Note:

  • “Production” is referred to as “wifi” throughout the infrastructure. So wifi-admin-log-group refers to the Production Admin API log group.
  • We have deprecated the -frontend-docker-log-group groups since moving the Frontend ECS clusters from EC2 instances to ECS Fargate.

System log types

System logs for EC2 instances follow a separate pattern:

<environment>-<instance name>/var/log/<log-type.log>
EC2 instance Environment Log group
Bastion Staging staging-bastion/var/log/*
Production wifi-bastion/var/log/*
Frontend ECS cluster Staging staging/var/log/*
Production wifi/var/log/*

Note: The Frontend ECS clusters run on Fargate and follow this naming pattern: /aws/ecs/containerinsights/frontend-fargate/*

This page was last reviewed on 7 August 2025. It needs to be reviewed again on 7 February 2026 by the page owner #govwifi .