Skip to main content

View CloudWatch logs

Access to CloudWatch

You must be on-boarded to GovWifi’s AWS account in order to access CloudWatch logs.

Please speak to the GovWifi reliability engineers or the delivery manager about this process.

Using gds-cli

This utility is being replaced with cod-cli (https://github.com/GovWifi/cod-cli).

The remainder of this section is retained until everyone has migrated to cod-cli

Logging in to CloudWatch

Log in to GovWifi AWS via the gds-cli or the AWS console.

You must be on the VPN to log in.

CLI login

Ensure gds-cli is configured on your laptop and your AWS credentials are set up. Note: it may be aliased to ‘gds’

Then run:

sh $ gds aws govwifi -l

Using the AWS service search bar, navigate to the CloudWatch service section.

Console login

  1. Log in to the AWS console
  2. Navigate to CloudWatch
  3. Choose “Log groups” from the “Logs” sidebar. You can also use “Insights” which is a log aggregation tool in CloudWatch.

You can read more about the CloudWatch Insights query DSL here.

CloudWatch logs

CloudWatch contains unstructured system and application logs for GovWifi’s APIs and infrastructure components.

Since the service is region-based, make sure you’re reviewing logs for the correct region by selecting the relevant region from the AWS service bar.

Application log types

The application log group naming is inconsistent. It roughly uses the following convention:

```

--log-group ``` | Service/API | Environment | Log group | |----------------|-------------|--------------------------------------------| | FreeRADIUS | Staging | `frontend` | | | Production | `frontend` | | Admin | Staging | `staging-admin-log-group` | | | Production | `wifi-admin-log-group` | | Authentication | Staging | `staging-authentication-api-docker-log-group` | | | Production | `wifi-authentication-api-docker-logs` | | User Sign-up | Staging | `staging-user-signup-api-docker-log-group` | | | Production | `wifi-user-signup-api-docker-log-group` | | Logging | Staging | `staging-logging-api-docker-log-group` | | | Production | `wifi-logging-api-docker-log-group` | | Grafana | Staging | `staging-grafana-log-group` | | | Production | `wifi-grafana-log-group` | | Prometheus | Staging | `staging-prometheus-log-group` | | | Production | `wifi-prometheus-log-group` | **Note**: - "Production" is referred to as "wifi" throughout the infrastructure. So `wifi-admin-log-group` refers to the Production Admin API log group. - We have deprecated the <staging | wifi>-frontend-docker-log-group groups since moving the Frontend ECS clusters from EC2 instances to ECS Fargate. ### System log types System logs for EC2 instances follow a separate pattern: ``` -/var/log/ ``` | EC2 instance | Environment | Log group | |----------------|-------------|--------------------------------------------| | Bastion | Staging | `staging-bastion/var/log/*` | | | Production | `wifi-bastion/var/log/*` | | Frontend ECS cluster | Staging | `staging/var/log/*` | | | Production | `wifi/var/log/*` | **Note**: The Frontend ECS clusters run on Fargate and follow this naming pattern: `/aws/ecs/containerinsights/frontend-fargate/*`
This page was last reviewed on 7 August 2025. It needs to be reviewed again on 7 February 2026 by the page owner #govwifi .