cloudwatch_logs

Configure AWS CloudWatch Logs for your ECS tasks with this example. Learn how to set up log drivers and options for effective log management.

AWS CloudWatch Logs Configuration for ECS

Understanding ECS CloudWatch Logs Configuration

This section provides an example of an Amazon Elastic Container Service (ECS) task definition that is configured to send container logs to AWS CloudWatch Logs. Effective log management is crucial for monitoring, debugging, and auditing your containerized applications. By integrating with CloudWatch Logs, you can centralize your logs, making them easily searchable and analyzable.

ECS Task Definition with CloudWatch Logs

The following JSON snippet illustrates a typical ECS task definition. Pay close attention to the logConfiguration section within the containerDefinitions. This is where you specify how your container's logs should be handled.

{
    "family": "nginx-with-cloudwatch",
    "executionRoleArn": "arn:aws:iam::xxxxxxxxxxxx:role/ecs-exec-role",
    "taskRoleArn": "arn:aws:iam::xxxxxxxxxxxx:role/ecs-task-role",
    "requiresCompatibilities":[
        "EC2"
    ],
    "containerDefinitions": [
        {
            "name": "nginx-json",
            "image": "ruanbekker/nginx-demo:json",
            "memory": 128,
            "essential": true,
            "portMappings": [
                {
                    "hostPort": 0,
                    "containerPort": 80,
                    "protocol": "tcp"
                }
            ],
            "logConfiguration": {
                "logDriver": "awslogs",
                "options": {
                    "awslogs-group": "/ecs/tools/nginx-json",
                    "awslogs-region": "eu-west-1",
                    "awslogs-stream-prefix": "logs",
                    "awslogs-create-group": "true"
                }
            }
        }
    ]
}

Key CloudWatch Logs Options Explained

Within the logConfiguration, several options are vital for proper integration:

  • logDriver: Set to awslogs to enable integration with AWS CloudWatch Logs.
  • options: This object contains specific parameters for the awslogs driver:
    • awslogs-group: The name of the CloudWatch Logs log group where logs will be sent. It's recommended to use a structured naming convention.
    • awslogs-region: The AWS region where your CloudWatch Logs log group resides.
    • awslogs-stream-prefix: A prefix for log streams within the log group. This helps organize logs from different containers or tasks.
    • awslogs-create-group: If set to true, CloudWatch Logs will automatically create the specified log group if it doesn't exist.

Best Practices for ECS Logging

To maximize the benefits of CloudWatch Logs with ECS, consider the following:

  • Consistent Naming Conventions: Use clear and consistent names for your log groups and streams to facilitate easier log retrieval and management.
  • Log Retention Policies: Configure retention policies on your CloudWatch Logs log groups to manage storage costs and comply with data retention requirements.
  • Monitoring and Alerting: Set up CloudWatch Alarms based on log patterns or metrics to proactively identify and respond to issues.
  • IAM Permissions: Ensure that your ECS task execution role has the necessary permissions to send logs to CloudWatch Logs.

By implementing these practices, you can build a robust logging strategy for your containerized applications on AWS.

Further Resources