This PR adds support for caching temporary session credentials, using the same mechanism as used in the AWS CLI.

The main benefit of this feature is a much improved experience for users that require MFA for API access. Prior to this PR, the experience is that users have to re-enter MFA token each time they run the command:

$ awslogs groups
Enter MFA code: ******
/my/log/group

$ awslogs get /my/log/group
Enter MFA code: ******
...
...

With this PR, the user experience will be that they only need to enter an MFA code once for the lifetime of the session credentials (e.g. once per hour):

$ awslogs groups
Enter MFA code: ******
/my/log/group

$ awslogs get /my/log/group
...
...

Caching is invoked only if the assume-role provider is active, which happens when you are using a profile that assumes a role:

$ export AWS_PROFILE=some-account-admin
$ cat ~/.aws/config
[profile some-account-admin]
source_profile=users-account
role_arn=arn:aws:iam::012345678912:role/admin
mfa_serial=arn:aws:iam::219876543210:mfa/justin.menga
region=us-west-2

AWS Cloudwatch limits are only 5 queries / second. As such, the current amount of threads that can be run at a single time is 5.

Exposed a public variable named interval, to allow the user to change the interval at which awslogs queries Cloudwatch.

Trying to use awslogs for the first time, already had aws-cli setup with credentials but get this error:

Version: 0.0.1 Python: 2.7.8 (default, Sep 26 2014, 11:28:16) [GCC 4.2.1 Compatible Apple LLVM 5.1 (clang-503.0.40)] boto version: 2.38.0 Platform: Darwin-14.3.0-x86_64-i386-64bit Config: {'color_enabled': True, 'aws_region': u'eu-west-1', 'aws_access_key_id': 'SENSITIVE', 'aws_secret_access_key': 'SENSITIVE', 'func': 'list_groups'} Args: ['/usr/local/bin/awslogs', 'groups']

Traceback (most recent call last): File "/usr/local/lib/python2.7/site-packages/awslogs/bin.py", line 115, in main logs = AWSLogs(**vars(options)) File "/usr/local/lib/python2.7/site-packages/awslogs/core.py", line 83, in init aws_secret_access_key=self.aws_secret_access_key File "/usr/local/lib/python2.7/site-packages/awslogs/core.py", line 27, in init self.connection = botologs.connect_to_region(_args, *_kwargs) File "/usr/local/lib/python2.7/site-packages/boto/logs/init.py", line 40, in connect_to_region return region.connect(**kw_params) File "/usr/local/lib/python2.7/site-packages/boto/regioninfo.py", line 187, in connect return self.connection_cls(region=self, **kw_params) File "/usr/local/lib/python2.7/site-packages/boto/logs/layer1.py", line 107, in init super(CloudWatchLogsConnection, self).init(**kwargs) File "/usr/local/lib/python2.7/site-packages/boto/connection.py", line 1100, in init provider=provider) File "/usr/local/lib/python2.7/site-packages/boto/connection.py", line 569, in init host, config, self.provider, self._required_auth_capability()) File "/usr/local/lib/python2.7/site-packages/boto/auth.py", line 987, in get_auth_handler 'Check your credentials' % (len(names), str(names))) NoAuthHandlerFound: No handler was ready to authenticate. 1 handlers were checked. ['HmacAuthV4Handler'] Check your credentials

• Add a new Thread to refresh the list of streams, as new streams might appear during watching.
• When no streams matched the pattern, the output display a message 'No streams found, waiting:' It is then up to the user to wait until a stream get returned, or to press Ctrl+C, to stop the watching process. fixes #60

The var next_token is not going to be defined if the Empty exception occurs.

Wait for the gevent.sleep and continue with the next iteration of the loop.

AWS documentation clearly states that lastEventTimestamp returned by DescriveLogStreams is eventually consistent. Lags up to 1h are to be expected. Until now, awslogs ignored this fact as stream discovery was based on user provided time filters leading to false negative. Many users reported this issue.

This patch embraces eventual consistency by relaxing the time filter used to discover streams. False positives might occur but querying a stream with no event seems better than inadvertently ignoring a stream with relevant data.

Writing about AWS Logs CLI tools http://stackoverflow.com/a/33636237/346478 I have realized, that awslogs does not support filter patterns.

Adding filter patterns in the way AWSCLI option --filter-pattern is doing would be handy.

The method CloudWatchLogs.Client.filter_log_events offers the filterPattern parameter for that.

To be able to use awslogs with locally running instances of cloudwatch such as localstack, we need a way to overwrite the endpoint url.

This PR adds an --aws-endpoint-url cli flag to change the endpoint that is called by awslogs.

We've been using awslogs for a long time in our team, but recently a change in the way we use AWS accounts made it much less usable.

We took into use a separate federation account where our IAM users live, and access our other AWS accounts (where we have among other things CloudWatch logs) by assuming a role on the target account from the federation account. The federation account users always have multi-factor authentication (MFA). The AWS profile config for accessing a target account looks something like this:

~/.aws/credentials:
[federation-account]
aws_access_key_id = xxxx
aws_secret_access_key = yyyyy

~/.aws/config:
[profile assume-role-via-federation-account]
source_profile = federation-account
mfa_serial = arn:aws:iam::federation-account-id:mfa/iam-user-name
role_arn = arn:aws:iam::target-account-id/AssumedRole

It appears that boto3 actually supports this kind of AWS profile out of the box: when awslogs is called with --profile assume-role-via-federation-account in this example, boto3 automatically asks the user to enter a MFA code. But, even though this basically works, a major usability issue is that the MFA code is prompted every time an awslogs command is executed. The user also needs to wait for the MFA device to produce a new code if the current one was already used, making it impossible to execute several awslogs commands in rapid succession.

A good solution would be to configure the boto3 client to use credential cache in the same way as e.g. AWS CLI does. We have a proof of concept for this approach here in a fork (the two latest commits):

https://github.com/Opetushallitus/awslogs

This modification seems to solve the problem we have, and doesn't seem to produce any regression when using a profile that doesn't need credential caching. I suppose we'll be using the forked version for the time being, but just wanted to suggest that maybe something like this could be useful in the main project too.

Piping to utilities that close out their pipe by design (such as head) causes a traceback message when the pipe is closed. This tweak catches that particular error condition and exits, and lets other IO failures continue to escalate.

Before:

(venv) $ ./command_line.py get log_group_sanitized ALL | head
log_group_sanitized log_stream_sanitized1 Test log message from 127509dae97b (Wed Apr 12 23:24:55 UTC 2017)
log_group_sanitized log_stream_sanitized2 Test log message from 4edd0756f357 (Wed Apr 12 23:24:56 UTC 2017)
log_group_sanitized log_stream_sanitized1 Test log message from 127509dae97b (Wed Apr 12 23:24:58 UTC 2017)
log_group_sanitized log_stream_sanitized2 Test log message from 4edd0756f357 (Wed Apr 12 23:25:00 UTC 2017)
log_group_sanitized log_stream_sanitized1 Test log message from 127509dae97b (Wed Apr 12 23:25:01 UTC 2017)
log_group_sanitized log_stream_sanitized1 Test log message from 127509dae97b (Wed Apr 12 23:25:04 UTC 2017)
log_group_sanitized log_stream_sanitized1 Test log message from 127509dae97b (Wed Apr 12 23:25:05 UTC 2017)
log_group_sanitized log_stream_sanitized2 Test log message from 4edd0756f357 (Wed Apr 12 23:25:05 UTC 2017)
log_group_sanitized log_stream_sanitized2 Test log message from 4edd0756f357 (Wed Apr 12 23:25:08 UTC 2017)
log_group_sanitized log_stream_sanitized1 Test log message from 127509dae97b (Wed Apr 12 23:25:10 UTC 2017)

================================================================================
You've found a bug! Please, raise an issue attaching the following traceback
https://github.com/jorgebastida/awslogs/issues/new
--------------------------------------------------------------------------------
Version: 0.9.0
Python: 2.7.5 (default, Sep 15 2016, 22:37:39)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]
boto3 version: 1.4.4
Platform: Linux-3.10.0-327.10.1.el7.x86_64-x86_64-with-centos-7.2.1511-Core
Config: {'output_timestamp_enabled': False, 'output_group_enabled': True, 'end': None, 'aws_secret_access_key': 'SENSITIVE', 'log_stream_name': 'ALL', 'watch': False, 'aws_region': None, 'aws_session_token': 'SENSITIVE', 'start': '5m', 'aws_profile': 'SENSITIVE', 'filter_pattern': None, 'log_group_name': 'log_group_sanitized', 'output_ingestion_time_enabled': False, 'query': None, 'func': 'list_logs', 'aws_access_key_id': 'SENSITIVE', 'color_enabled': True, 'output_stream_enabled': True}
Args: ['./command_line.py', 'get', 'log_group_sanitized', 'ALL']

Traceback (most recent call last):
  File "/homedir_sanitized/src/awslogs/awslogs/bin.py", line 172, in main
    getattr(logs, options.func)()
  File "/homedir_sanitized/src/awslogs/awslogs/core.py", line 187, in list_logs
    consumer()
  File "/homedir_sanitized/src/awslogs/awslogs/core.py", line 185, in consumer
    sys.stdout.flush()
IOError: [Errno 32] Broken pipe
================================================================================

After:

(venv) $ ./command_line.py get log_group_sanitized ALL | head
log_group_sanitized log_stream_sanitized1 Test log message from 127509dae97b (Wed Apr 12 23:25:33 UTC 2017)
log_group_sanitized log_stream_sanitized2 Test log message from 4edd0756f357 (Wed Apr 12 23:25:33 UTC 2017)
log_group_sanitized log_stream_sanitized1 Test log message from 127509dae97b (Wed Apr 12 23:25:35 UTC 2017)
log_group_sanitized log_stream_sanitized2 Test log message from 4edd0756f357 (Wed Apr 12 23:25:35 UTC 2017)
log_group_sanitized log_stream_sanitized1 Test log message from 127509dae97b (Wed Apr 12 23:25:36 UTC 2017)
log_group_sanitized log_stream_sanitized1 Test log message from 127509dae97b (Wed Apr 12 23:25:40 UTC 2017)
log_group_sanitized log_stream_sanitized2 Test log message from 4edd0756f357 (Wed Apr 12 23:25:40 UTC 2017)
log_group_sanitized log_stream_sanitized1 Test log message from 127509dae97b (Wed Apr 12 23:25:41 UTC 2017)
log_group_sanitized log_stream_sanitized1 Test log message from 127509dae97b (Wed Apr 12 23:25:45 UTC 2017)
log_group_sanitized log_stream_sanitized2 Test log message from 4edd0756f357 (Wed Apr 12 23:25:45 UTC 2017)
(venv) $

modified:   .gitignore
deleted:    AUTHORS
deleted:    CHANGELOG
deleted:    MANIFEST.in
new file:   requirements-py26.txt
new file:   requirements.txt
new file:   setup.cfg
modified:   setup.py
renamed:    tests.py -> tests/test_it.py
new file:   tox.ini

Just wondering if there is any hope that this project will be updated or any PRs be merged any time in the near future. It looks like it's been abandoned but I can't really tell.

I want to filter the thread name. Thread names contain characters that contain hyphens. How do I use hyphenated characters in filter pattern properties? I want to filter only ORDER-ITEM-1 in the red area as shown in the image.

This is the code I tried. awslogs get /ecs/cafe24-webhook ALL --s='3h' --profile cafe24 --filter-pattern "ORDER ITEM 1"

This is the code I want. But the filter doesn't work. awslogs get /ecs/cafe24-webhook ALL --s='3h' --profile cafe24 --filter-pattern "ORDER-ITEM-1"

Hi! Thanks for this package! I was looking around and couldn't find a way to change the format of the logs but I thought you probably have a way to do that? For example, how can I remove the logstream name or the timestamp from the logs?

Example:

2022-11-03T16:01:04.010000+00:00 2022/11/03/[$LATEST]58asd312e7212131223124ae149 [INFO]    2022-11-03T16:01:04.010Z        70sadasbd-xxasaa9-5b70-a2ea-6860xasdasdas637ee5    Hey this is an actual log

I just want the part Hey this is an actual log

Thanks!

I'm trying to use awslogs to grab the name of the newest log group. It would be good to be able to sort by name, or add some "--after" in the get groups statement

Version: 0.14.0 Python: 3.10.8 (main, Oct 12 2022, 09:32:59) [Clang 14.0.0 (clang-1400.0.29.102)] boto3 version: 1.22.5 Platform: macOS-12.6-arm64-arm-64bit Args: ['/opt/homebrew/bin/awslogs', 'get', '/aws/lambda/backend-graphql-dev-graphql', '--start=2h ago'] Config: {'aws_access_key_id': 'SENSITIVE', 'aws_secret_access_key': 'SENSITIVE', 'aws_session_token': 'SENSITIVE', 'aws_profile': 'SENSITIVE', 'aws_region': None, 'aws_endpoint_url': None, 'log_group_name': '/aws/lambda/backend-graphql-dev-graphql', 'log_stream_name': 'ALL', 'filter_pattern': None, 'watch': False, 'watch_interval': 1, 'output_group_enabled': True, 'output_stream_enabled': True, 'output_timestamp_enabled': False, 'output_ingestion_time_enabled': False, 'start': '2h ago', 'end': None, 'color': 'auto', 'query': None, 'func': 'list_logs'}

Traceback (most recent call last): File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.10/site-packages/awslogs/bin.py", line 175, in main logs = AWSLogs(**vars(options)) File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.10/site-packages/awslogs/core.py", line 89, in init self.client = boto3_client( File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.10/site-packages/awslogs/core.py", line 44, in boto3_client return session.client( File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.10/site-packages/boto3/session.py", line 299, in client return self._session.create_client( File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.10/site-packages/botocore/session.py", line 884, in create_client client = client_creator.create_client( File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.10/site-packages/botocore/client.py", line 102, in create_client client_args = self._get_client_args( File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.10/site-packages/botocore/client.py", line 384, in _get_client_args return args_creator.get_client_args( File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.10/site-packages/botocore/args.py", line 71, in get_client_args final_args = self.compute_client_args( File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.10/site-packages/botocore/args.py", line 148, in compute_client_args endpoint_config = self._compute_endpoint_config( File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.10/site-packages/botocore/args.py", line 234, in _compute_endpoint_config return self._resolve_endpoint(**resolve_endpoint_kwargs) File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.10/site-packages/botocore/args.py", line 320, in _resolve_endpoint return endpoint_bridge.resolve( File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.10/site-packages/botocore/client.py", line 465, in resolve resolved = self.endpoint_resolver.construct_endpoint( File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.10/site-packages/botocore/regions.py", line 196, in construct_endpoint result = self._endpoint_for_partition( File "/opt/homebrew/Cellar/awslogs/0.14.0_3/libexec/lib/python3.10/site-packages/botocore/regions.py", line 230, in _endpoint_for_partition raise NoRegionError() botocore.exceptions.NoRegionError: You must specify a region.