The documentation at https://docs.aws.amazon.com/eks/latest/userguide/cni-network-policy.html needs an update. Currently, the document only mentions that enableCloudWatchLogs should be set to true to enable network policy logs. However, it's also necessary to set enable-policy-event-logs. To improve this, we should update the document to reflect this requirement. Alternatively, if the enableCloudWatchLogs parameter is set, we could automatically assume that enable-policy-event-logs is true.

I'd be happy to contribute to this update if someone can guide me on how to make this simple enhancement.

You can find the specific line for enableCloudWatchLogs in the code at https://github.com/aws/aws-network-policy-agent/blob/8308067975fed1f2d003a0857cdb9b1d3daa96d5/pkg/config/controller_config.go#L46C1-L46C1.

Thanks for the feedback, we'll make the needed changed in the next rev.

I have been troubleshooting the impossibility to receive the logs in cloudwatch following the aws docs till I found out about this option. That would be a great yet simple enhancement 👍

Documented here : https://docs.aws.amazon.com/eks/latest/userguide/cni-network-policy.html