Ingesting AWS Data into Bronto

Overview

Bronto supports several methods for ingesting data from AWS environments. The right choice depends on where your logs originate, whether you need trace data, your infrastructure preferences, and cost constraints.

Service-to-Method Mapping

Different AWS services suit different ingestion methods. The recommended method is the simplest path that gets the data into Bronto; alternatives may be preferable depending on your existing infrastructure or cost constraints. Each service name in the table below links to a per-source landing page with a short summary of what the service emits and the configuration entry points for that data.

Where the OpenTelemetry SDK supports your runtime, prefer OTel-based instrumentation — it sends logs and traces through one pipeline, gives you consistent service.name / service.namespace routing, and avoids CloudWatch ingestion fees. The ADOT Lambda Layer covers Lambda; ADOT or a Self-Managed OTel Collector cover ECS, EKS, and EC2 workloads.

AWS Service	Recommended Method	Alternatives
AWS Lambda (logs + traces)	ADOT Lambda Layer (OTel-supported runtimes)	CloudWatch Log Forwarder (for stdout/stderr capture or unsupported runtimes)
Amazon ECS / Fargate	ADOT (OTel)	ECS FireLens, CloudWatch Log Forwarder
Amazon EKS	ADOT (OTel)	Fluent Bit on EKS, Self-Managed OTel Collector, CloudWatch Log Forwarder (control plane logs)
Amazon RDS / Aurora (PostgreSQL)	CloudWatch Log Forwarder	Kinesis Firehose (high-volume)
Amazon RDS / Aurora (MySQL)	CloudWatch Log Forwarder	Kinesis Firehose (high-volume)
AWS CloudTrail	EventBridge API Destinations	S3 Log Forwarder, Kinesis Firehose (high-volume)
Amazon API Gateway	CloudWatch Log Forwarder	Kinesis Firehose (high-volume access logs)
ALB / NLB access logs	S3 Log Forwarder	—
VPC Flow Logs	S3 Log Forwarder	CloudWatch Log Forwarder, Kinesis Firehose (custom parser required)
AWS WAF	S3 Log Forwarder	Kinesis Firehose (native JSON), CloudWatch Log Forwarder
Amazon DynamoDB	EventBridge API Destinations (via CloudTrail)	CloudWatch Log Forwarder
Amazon ElastiCache	CloudWatch Log Forwarder	Kinesis Firehose (high-volume)
Amazon CloudFront (real-time logs)	Kinesis Firehose	S3 Log Forwarder (standard logs)
Amazon Route 53	CloudWatch Log Forwarder (public zone query logs)	Kinesis Firehose (Resolver query logs, JSON), S3 Log Forwarder (Resolver query logs)
AWS GuardDuty	EventBridge API Destinations	S3 Log Forwarder
Amazon SES	Kinesis Firehose (full event bodies)	—
AWS Step Functions	CloudWatch Log Forwarder	EventBridge API Destinations
Amazon Cognito	CloudWatch Log Forwarder	—

Ingestion Methods

Bronto supports the following AWS ingestion methods:

S3 Log Forwarder — Lambda subscribes to S3 events and forwards new log objects.
CloudWatch Log Forwarder — Lambda subscribes to CloudWatch log groups and streams events.
ECS FireLens — Fluent Bit sidecar in your ECS task definitions; no Lambda required.
Fluent Bit on EKS — Fluent Bit DaemonSet that collects container logs from every EKS node.
ADOT — ECS / EKS — AWS-managed OpenTelemetry Collector distribution for ECS and EKS workloads.
ADOT Lambda Layer — OpenTelemetry instrumentation layer for AWS Lambda functions.
Self-Managed OTel Collector — Your own OpenTelemetry Collector deployment for full control.
EventBridge API Destinations — Native EventBridge rule that POSTs events directly to Bronto.
AWS Kinesis Firehose — Direct delivery from a Kinesis Firehose stream.

AWS VPC Private Link

Bronto can be connected via an AWS VPC Private Link, keeping all traffic within the AWS network and avoiding public internet egress. This is available on request — contact support@bronto.io to set this up.

​Overview

​Service-to-Method Mapping

​Ingestion Methods

​AWS VPC Private Link

Overview

Service-to-Method Mapping

Ingestion Methods

AWS VPC Private Link