AWS ECS-optimized container logs move to cloudwatch logs through Terraform

0
votes

I am trying to move AWS ECS Container task logs to cloud watch, I have configured IAM Policy also Terraform task for "Logdriver", I'm not getting any container centralized logs into Cloudwatch>>

Cofiguration.JSON>>>

"logConfiguration": {
    "logDriver": "awslogs",
    "options": {
      "awslogs-group": "app-api",
      "awslogs-region": "eu-west-1",
      "awslogs-stream-prefix": "app-logs"
    }
  }

ecs.tf>>

"elasticloadbalancing:DeregisterTargets",
    "elasticloadbalancing:Describe*",           "elasticloadbalancing:Describe*",
    "elasticloadbalancing:RegisterInstancesWithLoadBalancer",           "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
    "elasticloadbalancing:RegisterTargets"          "elasticloadbalancing:RegisterTargets",
    "logs:CreateLogGroup",
    "logs:CreateLogStream",
    "logs:DescribeLogStreams",
    "logs:PutSubscriptionFilter",
    "logs:PutLogEvents"
1
terraformamazon-ecsamazon-cloudwatchlogsaws-ecr
It looks like you posted the actions of your terraform file, would you mind posting the rest of the configuration for your role? I'm particularly interested in the resource configuration. I don't see any ECR actions, so I'm guessing that there's something missing?Jamie Starke
sure @JamieStarke variable "ecsServiceRolePolicy" { default = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:Describe*", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:, "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutSubscriptionFilter", "logs:PutLogEvents" ], "Resource": "*"Challa

1 Answers

-1
votes

The type of information that is logged by your task's containers depends mostly on their ENTRYPOINT command. By default, the logs that are captured show the command output that you would normally see in an interactive terminal if you ran the container locally, which are the STDOUT and STDERR I/O streams.

What kind of logs did you want to get? From the definition above, you can only get from STDOUT and STDER if you use the default aws logs on ecs

If you want to get log from files you should get your own awslogs configuration.

  • Mount your container log files to container instance (configuration on container definition)
  • If you do not use ECS-Optimized AMI, install aws logs agent https://docs.aws.amazon.com/en_us/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html
  • If you use ECS-Optimized AMI, download use curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O

  • run agent setup with your custom configuration

    python awslogs-agent-setup.py -n -r ${AWS::Region} -c your_awslogs_configuration.conf || error_exit "Failed to run CloudWatch Logs agent setup"