Let see how can docker logs be sent to AWS CloudWatch with docker-compose & as well as docker run command which is running on ec2 or on-premise Linux server.

To start we have to follow 3 steps:

1. Create an IAM role/User
2. Install CloudAgent
3. Modify docker-compose file or docker run command

1.  Create IAM role and assign to ec2

You can create IAM roles and users that include the permissions you need for the CloudWatch agent to write metrics to CloudWatch. You use IAM roles on Amazon EC2 instances, and you use IAM users with on-premises servers to enable the agent to send data to CloudWatch.

IAM Roles on Amazon EC2 Instances:

Create a new IAM role through AWS IAM console and add the CloudWatchAgentAdminPolicy policy to the role. Assign that role to EC2 instance.

IAM Users on On-premises Servers:

Create a new IAM user with CloudWatchAgentServerPolicy policy assigned to his role. Note down the Secret key and Access key for the user, which will be used in CloudWatch agent configuration file.

2. Install CloudAgent

You can download the CloudWatch agent package using either OS package Manager (ex. yum) or an Amazon S3 download link given here.

Your Amazon EC2 instances must have outbound internet access in order to send data to CloudWatch or CloudWatch Logs.

sudo yum update -y
sudo yum install -y awslogs

(Optional) Modify the Common Configuration(for proxy settings):

You can use this file to specify a proxy, credential, and Region information. On a server running Linux, this file is in the directory/opt/aws/amazon-cloudwatch-agent/etc. On a server running Windows Server, this file is in the directoryC:\ProgramData\Amazon\AmazonCloudWatchAgent.

3. Modify docker-compose file or docker run command

version: '3'
services:
node:
image: node:latest
command: bash -c "npm i nodemon -g && npm install && nodemon index.js"
logging:
driver: "awslogs"
options:
awslogs-region: "ap-southeast-1"
awslogs-group: "web-backend-logs"
awslogs-stream: "web-docker-logs"

Run below command to test:

docker-compose up

For Docker run:

docker run --log-driver="awslogs" --log-opt awslogs-region="ap-southeast-1" --log-opt awslogs-group="web-backend-logs" --log-opt awslogs-stream="web-docker-logs" node 

Please login into your AWS Cloudwatch console and check if the logs are coming there or not. Please select the appropriate aws region.