You will need to add a sidecar container (with a CWAgent or something like Vector) to the Vault pods, and write the audit log into the file located in a directory shared between Vault and this container. This sidecar will be responsible for watching the file, parsing it, and forwarding the logs to CloudWatch Logs.