By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can we turn off Cloudwatch logs when running ecs:execute-command API?

0

We log into our containers from time to time using execute-command and notice that all our activities get logged directly to CloudWatch.

Is there any way to stop your activity logs from going to CloudWatch when using the execute-command api? This could easily result in leaking secrets from environment variables as you innocently go about checking things ...

Topics
Management & GovernanceContainersAWS Well-Architected Framework
Tags
AWS Systems ManagerAmazon Elastic Container ServiceSecurity
Language
English
Arman
asked 7 months ago428 views
2 Answers
2

Hi, you can turn off the logging of the execute-command session by setting the logging option of your cluster to NONE.

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html#ecs-exec-logging

profile picture
HS
answered 7 months ago
profile picture
EXPERT
Gary Mclean
reviewed 7 months ago
profile pictureAWS
EXPERT
Jose Guay
reviewed 7 months ago
0

Hello.

Modify your log driver https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_LogConfiguration.html to adjust the logging configuration. He supports various logging drivers, such as json-file, awslogs etc. You can configure the logging driver to meet your specific needs.

Best regards, Andrii

profile picture
EXPERT
Andrii S
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content