Enabling Log Publishing (Console), the Amazon ES console is the simplest way to enable the publishing of logs to CloudWatch. To enable log publishing to CloudWatch (console)
- Go to https://aws.amazon.com, and then choose Sign In to the Console.
- Under Analytics, choose Elasticsearch Service.
- In the navigation pane, under My domains, choose the domain that you want to update.
- On the Logs tab, choose Enable for the log that you want.
- Create a CloudWatch log group, or choose an existing one.
Note: If you plan to enable multiple logs, we recommend publishing each to its own log group. This separation makes the logs easier to scan.
6. Choose an access policy that contains the appropriate permissions, or create a policy using the JSON that the console provides: