It turns out that CloudWatch logs is implemented as a plugin to the AWS CLI. The plugin can be configured to read from a file or you can simply pipe events directly yo it on the command line.
You need to register the plugin in your config file (~/.aws/config). Mine looks like this.
[plugins] cwlogs = cwlogs [default] region = us-east-1 aws_access_key_id = XXXXXXXXXX aws_secret_access_key = YYYYYYYYYY
Now you can simply pipe data to "aws logs push." You need to specify the group stream and date format as parameters. And, of course, the group and stream must already exist in AWS. For example:
sudo tcpdump -tttt port 80 | aws logs push --log-group-name NetworkTrace --log-stream-name i-125731f9 --datetime-format '%Y-%m-%d:%H:%M:%S.%f'