How do I use CloudWatch to monitor Amazon ECS container logs?

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Configure your log driver

You can use the Amazon ECS console or JSON editor to configure your log driver.

Use the Amazon ECS console

Complete the following steps:

1. Open the Amazon ECS console.
2. In the navigation pane, choose Task definitions, and then choose Create new task definition.
   Note: To update an existing task definition, select the task definition, and then choose Create new revision.
3. On the Create new task definition page, in the Task definition configuration section, enter your task definition family name.
4. In the Infrastructure requirements section, choose your launch type.
5. In the Container section, for Logging, choose Use log collection.
6. For the following keys, keep the default values. If the field is empty then enter a value:
   awslogs-group
   awslogs-region
   awslogs-stream-prefix
   Note: If the log group doesn't exist, then set the awslogs-create-group parameter to True.
7. Make sure that the task execution AWS Identity and Access Management (IAM) role permissions include the CreateLogGroup action.
8. Choose Create.

Use the JSON editor

To define the logConfiguration parameter in the ECS task definition, enter the ECS task definition template into the console's JSON editor.

Example configuration:

"logConfiguration":
   "logDriver": "awslogs",
  "options": {
    "awslogs-group": "/ecs/my-log-group",
    "awslogs-region": "region-code",
    "awslogs-stream-prefix": "ecs"
  }
}

Note: Replace my-log-group with your log group name.

For more information, see Amazon ECS task definition: Route logs to CloudWatch and Send Amazon ECS logs to CloudWatch.

For more information about log options, see Amazon CloudWatch Logs options on the Docker website.

Monitor and troubleshoot container logs

Analyze the container logs

To use CloudWatch Logs Insights to query your logs, complete the following steps:

1. Open the CloudWatch console.

2. In the navigation pane, choose Logs.

3. Choose Logs Insights.

4. Select your log group.

5. Enter your query.

6. Choose Run query.

7. Search for error keywords to troubleshoot application issues. If your application logs include response times, then analyze the slow requests.

   Example queries:

   fields @timestamp, @message  
   | filter @message like /error/  
   | sort @timestamp desc  
     
     
   fields @timestamp, @message, response_time  
   | filter response_time > 2000  
   | sort response_time desc

For more information, see Analyzing log data with CloudWatch Logs Insights.

Create alerts

Complete the following steps:

1. Create metric filters from log events.
2. Create a CloudWatch alarm.

Troubleshoot errors

To troubleshoot OutOfMemory or ConnectionTimeout errors, see How do I troubleshoot high CPU utilization on an Amazon ECS task on Fargate?

To troubleshoot a high volume of 5xx HTTP status codes, see HTTP 500: Internal server error.

Integrate with AWS services

Use subscriptions to get access to a real-time feed of log events from CloudWatch Logs. CloudWatch delivers log events to services such as an Amazon Kinesis stream or AWS Lambda to process, analyze, or load to other systems.

Control costs of CloudWatch Logs

Modify retention policies

It's a best practice to use shorter retention periods for development environments, and retain logs longer for production environments.

You can choose a retention period that ranges from 1 day to 10 years, or indefinitely retain logs. To avoid unnecessary costs, review your retention settings to make sure that you don't keep logs longer than required.

To set retention policies, complete the following steps:

1. Open the CloudWatch console.
2. In the navigation pane, choose Logs.
3. Choose Log groups.
4. Select your log group.
5. Choose Actions, and then choose Edit retention setting.
6. Select a retention period. For example, choose 1 week, 1 month, or a custom value.
7. Choose Save.

Or, run the following put-retention-policy AWS CLI command:

aws logs put-retention-policy --log-group-name "/ecs/production-web-app" --retention-in-days retention-period>

Note: Replace log-group-name with your log group name and retention-period with your retention period.

Analyze log metrics

To reduce and optimize your costs, use AWS Cost Explorer to analyze costs that are associated with each log group.

Export and archive logs

For long-term storage at a lower cost, move logs to Amazon Simple Storage Service (Amazon S3) or an archive solution. To export logs to Amazon S3, use the CloudWatch console or run the create-export-task command:

aws logs create-export-task --log-group-name "/ecs/production-web-app" \--from start-timestamp --to end-timestamp --destination "s3-log-archive"

Note: Replace log-group-name with your log group name, start-timestamp with your start time, and end-timestamp with your end time.

Implement Amazon S3 Lifecycle policies

Use S3 Lifecycle configurations to automatically transition older logs to Amazon S3 Glacier for archival or deletion after a specified time.

Avoid excessive logging

Configure your application to send only relevant logs. For more information, see Logging best practices.

Related Information

Logging and Monitoring in Amazon Elastic Container Service