Let see how can docker logs be sent to AWS CloudWatch with docker-compose & as well as docker run command which is running on ec2 or on-premise Linux server.
To start we have to follow 3 steps:
You can create IAM roles and users that include the permissions you need for the CloudWatch agent to write metrics to CloudWatch. You use IAM roles on Amazon EC2 instances, and you use IAM users with on-premises servers to enable the agent to send data to CloudWatch.
Create a new IAM role through AWS IAM console and add the CloudWatchAgentAdminPolicy policy to the role. Assign that role to EC2 instance.
Create a new IAM user with CloudWatchAgentServerPolicy policy assigned to his role. Note down the Secret key and Access key for the user, which will be used in CloudWatch agent configuration file.
You can download the CloudWatch agent package using either OS package Manager (ex. yum) or an Amazon S3 download link given here.
Your Amazon EC2 instances must have outbound internet access in order to send data to CloudWatch or CloudWatch Logs.
sudo yum update -y
sudo yum install -y awslogs
You can use this file to specify a proxy, credential, and Region information. On a server running Linux, this file is in the directory/opt/aws/amazon-cloudwatch-agent/etc
. On a server running Windows Server, this file is in the directoryC:\ProgramData\Amazon\AmazonCloudWatchAgent
.
version: '3'
services:
node:
image: node:latest
command: bash -c "npm i nodemon -g && npm install && nodemon index.js"
logging:
driver: "awslogs"
options:
awslogs-region: "ap-southeast-1"
awslogs-group: "web-backend-logs"
awslogs-stream: "web-docker-logs"
Run below command to test:
docker-compose up
For Docker run:
docker run --log-driver="awslogs" --log-opt awslogs-region="ap-southeast
-1" --log-opt awslogs-group="web-backend-logs
" --log-opt awslogs-stream="web-docker-logs
" node
Please login into your AWS Cloudwatch console and check if the logs are coming there or not. Please select the appropriate aws region.