c4compile
Compile outputs fun
Subscribe/Contact me

AWS CloudFormation: 06 - Collect logs from Docker instance

Published a year agoAWS, CloudFormation

This is continued from AWS CloudFormation: 05 - Create a web server Docker instance .

Background

I want to see all the logs in a central place.

What we need?

  1. Setup container task definition to collect logs.
  2. Create a CloudWatch log group to see the logs.

How to do it?

This is what we are going to do:

Open 05-container-webserver-template.yaml from previous post and save as 06-container-cloudwatch-template.yaml .

Container

Collecting logs from a Docker instance is much easier than collecting logs from a EC2 instance because we don't need to find out where's the log file. Just change this resource:

1   WebServerContainerTaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      ContainerDefinitions:
        - Name: WebServer
          Image: nginx
          PortMappings:
            - ContainerPort: 80
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-group: !Ref CloudWatchLogGroup
              awslogs-region: !Sub ${AWS::Region}
              awslogs-stream-prefix: nginx 		Add the log configuration to the task definition.
      RequiresCompatibilities:
        - FARGATE
      NetworkMode: awsvpc
      Cpu: 256
      Memory: 512
      ExecutionRoleArn: !Sub ${WebServerContainerExecutionServerRole.Arn} 		Associate it with a IAM Role that can post to CloudWatch log group.

And add this resource:

1   WebServerContainerExecutionServerRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action:
              - sts:AssumeRole
      Policies:
        - PolicyName: WebServerContainerExecutionServiceRole
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Resource: !Sub ${CloudWatchLogGroup.Arn}
                Action: logs:* 		IAM Role that allow the Docker instance to post to CloudWatch log group.

Logs

We will create the CloudWatch log group. Add this to the resources:

1   CloudWatchLogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      RetentionInDays: 3 		The log group for CloudWatch. The log entries will be automatically deleted in 3 days.

Update the stack then you should be able to see the logs in the CloudWatch.

Next we will do AWS CloudFormation: 07 - Build and deploy pipeline for Docker instance .