By using AWS re:Post, you agree to the Terms of Use

Questions tagged with Amazon Elastic Container Service

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Issue with pushing an EC2 instance's Docker container logs into CloudWatch

I have a working EC2 instance in free tier, with a responding **java-based** grpc server in a docker container inside the instance.\ I'd like to send the logs of the container into the CloudWatch.\ I created the suggested policy, the EC2 role, and the role is attached to the instance.\ The container is started from the bash of the linux instance with this command:\ `docker run -d -p 9092:9092 -t <<my-container-name>> --log-driver=awslogs --log-opt awslogs-region=us-east-1 --log-opt awslogs-group="gRPC-POC" --log-opt awslogs-stream="gRPC-POC-log" --log-opt awslogs-create-group=true --log-opt awslogs-create-stream=true` \ I tried to run the container with different users, with different options of the log-driver, omitting parts and almost everything.\ The policy I created to use the CloudWatch looks like this:\ ``` { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Effect": "Allow", "Resource": "arn:aws:logs:us-east-1:<<my-account-number>>:log-group:*:*" } ] } ``` So far,no sign of the gathered logs in CloudWatch even if I create a log-group and/or log-stream or I don't.\ Maybe I'm missing a step or a vital information somewhere?\ Do You have any suggestions, please? #EDIT The command `aws sts get-caller-identity` gives this result: ![Enter image description here](/media/postImages/original/IM2OUiCy6OTyi-RAGhLS-C1g) The command was used from the bash of the running instance. (This is what You meant, @Roberto? Anyways, thanks.)\ It looks like the instance has the proper right, 'GrpcPocAccessLogs'.
2
answers
0
votes
65
views
asked 2 months ago