Hi, I’m interested in using Loki as a way to aggregate logs from multiple AWS accounts.
Ideally, I’d like to have the write path running within each individual account, and writing to a S3 bucket within that account. Then, have a single read path that can read from multiple buckets. Having the data for each account stay within that account makes cost attribution easier, and prevents one account from taking down the ingestion for all accounts.
I’ve been looking at the documentation, and I’ve not figured out a couple things:
- Is it possible to have multiple buckets in use at once, e.g. one per tennant?
- Can the AWS authentication use assume-role credentials, to cross the account boundaries?
- The Queriers will not be able to contact the Ingesters, is that required?
Am I thinking about this the wrong way? Do I instead need to have a Read Path in each AWS account, with a single Grafana configured to read from each Loki stack? Or should I centralize the Write path?