AWS re:Post Knowledge Center Feedback Survey

Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.

Why aren't my Amazon ECS container logs delivered to CloudWatch Logs?

2 minute read

My Amazon Elastic Container Service (Amazon ECS) container logs don't appear in Amazon CloudWatch Logs as expected.

Resolution

Modify the awslogs log driver

Add the logConfiguration parameter on the awslogs log driver in your task definition. For Amazon ECS tasks with multiple containers, configure the logConfiguration parameter for each container.

If you have an Amazon Elastic Compute Cloud (Amazon EC2) launch type, then update your Amazon ECS container instance to version 1.9.0 or later.

If your container instance doesn't use the Amazon ECS-optimized Amazon Machine Image (AMI), then run the following environment variable to start the container agent:

ECS_AVAILABLE_LOGGING_DRIVERS='["json-file","awslogs"]'

Note: Specify the awslogs log driver on the container instance.

For more information, see Installing the Amazon ECS container agent.

Add the necessary IAM role permissions

AWS Fargate launch type

Attach the AmazonECSTaskExecutionRolePolicy policy to your Amazon ECS task execution AWS Identity and Access Management (IAM) role. The policy includes the necessary logs:CreateLogStream and logs:PutLogEvents permissions. Or, create a custom IAM policy and include the necessary permissions.

Amazon EC2 launch type tasks without task execution IAM role

Attach the AmazonEC2ContainerServiceforEC2Role policy to the container instance IAM role. The policy contains the necessary logs:CreateLogStream and logs:PutLogEvents permissions. Or, create a custom IAM policy and include the necessary permissions.

Amazon EC2 launch type tasks with task execution IAM role

For the container agent configuration, update the ECS_ENABLE_AWSLOGS_EXECUTIONROLE_OVERRIDE parameter to true.

Note: The default value for the container agent parameter is true on Amazon ECS-optimized AMIs with version 1.16.0-1 or later and false on Windows.

Check the network configuration

If your task uses the awslogs log driver in an Amazon Virtual Private Cloud (Amazon VPC) without an internet gateway, then create an interface VPC endpoint for CloudWatch Logs. Choose com.amazonaws.Region.logs as the service.

Check container log-level configuration

The awslogs log driver passes the STDOUT and STDERR I/O streams from Docker to CloudWatch Logs.

To configure your logs, update your application to send the logs to STDOUT and STDERR I/O streams. Then during the container build, configure the application's log level through an environment variable or a configuration file.

Related information

Monitoring tools for Amazon ECS

How do I troubleshoot missing container logs for Amazon ECS or Amazon EKS?

Send Amazon ECS logs to CloudWatch

Topics: Containers
Tags: Amazon Elastic Container Service
Language: English

AWS OFFICIALUpdated 7 months ago

No comments

Relevant content

Why all ecs logs are not showing in aws cloudwatch logs--> missing logs
Babli Sahu
asked 2 years ago
The logs aren't updating in cloudwatch log group for an ECS task
gchauhaan
asked 4 years ago
ECS logs of one day is distributed over multi folders
rePost-User-2140084
asked a year ago
Clarification on AWS ECS Logging Configuration
rePost-User-2738569
asked 9 months ago
Where are ECS Task logs being stored and for how long?
Accepted Answer
Sean
asked 3 years ago
How do I use CloudWatch to monitor Amazon ECS container logs?
AWS OFFICIALUpdated 9 months ago
Why can’t I push log data to CloudWatch Logs with the awslogs agent?
AWS OFFICIALUpdated 3 years ago
How do I send my container logs to multiple destinations in Amazon ECS on AWS Fargate?
AWS OFFICIALUpdated 3 months ago
How do I troubleshoot missing container logs for Amazon ECS or Amazon EKS?
AWS OFFICIALUpdated 2 years ago
AWS re:Invent 2024 - Enhancing observability in Amazon ECS to gain actionable insights
EXPERT
Henrique Santana
published a year ago