Skip to main content

View CloudWatch logs

Access to CloudWatch

You must be on-boarded to GovWifi’s AWS account in order to access CloudWatch logs.

Please speak to the GovWifi reliability engineers or the delivery manager about this process.

Logging in to CloudWatch

Log in to GovWifi AWS via the gds-cli or the AWS console.

You must be on the VPN to log in.

CLI login

Ensure gds-cli is configured on your laptop and your AWS credentials are set up. Note: it may be aliased to ‘gds’

Then run:

$ gds aws govwifi -l

Using the AWS service search bar, navigate to the CloudWatch service section.

Console login

  1. Log in to the AWS console
  2. Navigate to CloudWatch
  3. Choose “Log groups” from the “Logs” sidebar. You can also use “Insights” which is a log aggregation tool in CloudWatch.

You can read more about the CloudWatch Insights query DSL here.

CloudWatch logs

CloudWatch contains unstructured system and application logs for GovWifi’s APIs and infrastructure components.

Since the service is region-based, make sure you’re reviewing logs for the correct region by selecting the relevant region from the AWS service bar.

Application log types

The application log group naming is inconsistent. It roughly uses the following convention:

Service/API Environment Log group
FreeRADIUS Staging frontend
Production frontend
Admin Staging staging-admin-log-group
Production wifi-admin-log-group
Authentication Staging staging-authentication-api-docker-log-group
Production wifi-authentication-api-docker-logs
User Sign-up Staging staging-user-signup-api-docker-log-group
Production wifi-user-signup-api-docker-log-group
Logging Staging staging-logging-api-docker-log-group
Production wifi-logging-api-docker-log-group
Grafana Staging staging-grafana-log-group
Production wifi-grafana-log-group
Prometheus Staging staging-prometheus-log-group
Production wifi-prometheus-log-group


  • “Production” is referred to as “wifi” throughout the infrastructure. So wifi-admin-log-group refers to the Production Admin API log group.
  • We have deprecated the -frontend-docker-log-group groups since moving the Frontend ECS clusters from EC2 instances to ECS Fargate.

System log types

System logs for EC2 instances follow a separate pattern:

<environment>-<instance name>/var/log/<log-type.log>
EC2 instance Environment Log group
Bastion Staging staging-bastion/var/log/*
Production wifi-bastion/var/log/*
Frontend ECS cluster Staging staging/var/log/*
Production wifi/var/log/*

Note: The Frontend ECS clusters run on Fargate and follow this naming pattern: /aws/ecs/containerinsights/frontend-fargate/*

This page was last reviewed on 15 June 2023. It needs to be reviewed again on 15 December 2023 by the page owner #govwifi .
This page was set to be reviewed before 15 December 2023 by the page owner #govwifi. This might mean the content is out of date.