Amazon EC2 Container Service
Developer Guide (API Version 2014-11-13)

Amazon ECS Log File Locations

Amazon ECS stores logs in the /var/log/ecs folder of your container instances. There are logs available from the Amazon ECS container agent and the ecs-init service that controls the state of the agent (start/stop) on the container instance. You can view these log files by connecting to a container instance using SSH. For more information, see Connect to Your Container Instance.


If you are unsure how to collect all of the various logs on your container instances, you can use the Amazon ECS logs collector. For more information, see Amazon ECS Logs Collector.

Amazon ECS Container Agent Log

The Amazon ECS container agent stores logs at /var/log/ecs/ecs-agent.log.timestamp on Linux instances, and C:\ProgramData\Amazon\ECS\log\ecs-agent.log.timestamp on Windows instances.


You can increase the verbosity of the container agent logs by setting ECS_LOGLEVEL=debug and restarting the container agent. For more information, see Amazon ECS Container Agent Configuration.

cat /var/log/ecs/ecs-agent.log.2016-08-15-15


2016-08-15T15:54:41Z [INFO] Starting Agent: Amazon ECS Agent - v1.12.0 (895f3c1)
2016-08-15T15:54:41Z [INFO] Loading configuration
2016-08-15T15:54:41Z [WARN] Invalid value for task cleanup duration, will be overridden to 3h0m0s, parsed value 0, minimum threshold 1m0s
2016-08-15T15:54:41Z [INFO] Checkpointing is enabled. Attempting to load state
2016-08-15T15:54:41Z [INFO] Loading state! module="statemanager"
2016-08-15T15:54:41Z [INFO] Detected Docker versions [1.17 1.18 1.19 1.20 1.21 1.22]
2016-08-15T15:54:41Z [INFO] Registering Instance with ECS
2016-08-15T15:54:41Z [INFO] Registered! module="api client"

Amazon ECS ecs-init Log

The ecs-init process stores logs at /var/log/ecs/ecs-init.log.timestamp.

cat /var/log/ecs/ecs-init.log.2015-04-22-20


2015-04-22T20:51:45Z [INFO] pre-start
2015-04-22T20:51:45Z [INFO] Loading Amazon EC2 Container Service Agent into Docker
2015-04-22T20:51:46Z [INFO] start
2015-04-22T20:51:46Z [INFO] No existing agent container to remove.
2015-04-22T20:51:46Z [INFO] Starting Amazon EC2 Container Service Agent

IAM Roles for Tasks Credential Audit Log

When the IAM roles for tasks credential provider is used to provide credentials to tasks, these requests are logged in /var/log/ecs/audit.log.YYYY-MM-DD-HH.

The log entry format is as follows:

  • Timestamp

  • HTTP response code

  • IP address and port number of request origin

  • Relative URI of the credential provider

  • The user agent that made the request

  • The task ARN that the requesting container belongs to

  • The GetCredentials API name and version number

  • The Amazon ECS cluster name that the container instance is registered to

  • The container instance ARN

An example log entry is shown below:

cat /var/log/ecs/audit.log.2016-07-13-16


2016-07-13T16:11:53Z 200 "/v1/credentials" "python-requests/2.7.0 CPython/2.7.6 Linux/4.4.14-24.50.amzn1.x86_64" TASK_ARN GetCredentials 1 CLUSTER_NAME CONTAINER_INSTANCE_ARN