- 新しい順
- 投票が多い順
- コメントが多い順
Hi,
The IAM policy is correct but something is amiss in the command you shared. Some observations / queries:
-
Is your container actually running after you issue the command? The above syntax does not throw any error but does not even start the container for me. You can confirm with 'docker ps' or 'docker ps -a'
-
By <<my-container-name>> in your command above do you mean to imply the name of the image to launch the container with. In that case provide the name of the image at the end of the command. Docker run command usage is:
docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
- awslogs-create-stream is not a valid log-opt parameter and returns "docker: Error response from daemon: unknown log opt 'awslogs-create-stream' for awslogs log driver." Checked this against the latest docker documentation and docker v20.10.17.
Try this command:
docker run -d -p 9092:9092 -t --log-driver=awslogs --log-opt awslogs-region=us-east-1 --log-opt awslogs-group="gRPC-POC" --log-opt awslogs-stream="gRPC-POC-log" --log-opt awslogs-create-group=true <<my-image-name>>
--Syd
Tanks a lot, @Syd :) Of course, it was the order of the options and the image name. You saved my day.
Have you checked out this Premium Support article - https://aws.amazon.com/premiumsupport/knowledge-center/cloudwatch-docker-container-logs-proxy/
Thanks, but why should I use a proxy to push the logs to CloudWatch, if the daemon does this itself? Except for adding "an additional layer of security between your Docker instances and internet-bound traffic" - but currently I have another goal: to establish the communication transporting the container logs to CloudWatch.
関連するコンテンツ
- AWS公式更新しました 7ヶ月前
- AWS公式更新しました 1年前
You can confirm whether the container is getting the role your intend to use, using this cli
aws sts get-caller-identity
from within the containerI meant doing that from within the container (e.g.
docker exec -it <container_id> bash
)