Using the awslogs log driver
You can configure the containers in your tasks to send log information to CloudWatch
Logs.
This allows you to view the logs from the containers in
your Fargate tasks.This topic helps you get started using the awslogs
log driver in your task definitions.
The type of information that is logged by the containers in your task depends
mostly on their ENTRYPOINT
command. By default, the logs that are
captured show the command output that you would normally see in an interactive
terminal if you ran the container locally, which are the STDOUT
and
STDERR
I/O streams. The awslogs
log driver simply
passes these logs from Docker to CloudWatch Logs. For more information on how
Docker logs are
processed, including alternative ways to capture different file data or streams,
see
View logs for a
container or service
Enabling the awslogs log driver for your containers
If you are using the Fargate launch type for your tasks, all you
need to do to enable the awslogs
log driver is add the required
logConfiguration
parameters to your task definition. For more
information, see Specifying a log configuration in your task
definition.
Creating a log group
The awslogs
log driver can send log streams to an existing log group
in CloudWatch Logs or it can create a new log group on your behalf. The AWS Management
Console provides an
auto-configure option which creates a log group on your behalf using the task
definition family name with ecs
as the prefix. Alternatively, you can
manually specify your log configuration options and specify the
awslogs-create-group
option with a value of true
which
will create the log groups on your behalf.
To use the awslogs-create-group
option to have your log group
created, your IAM policy must include the logs:CreateLogGroup
permission.
Using the auto-configuration feature to create a log group
When registering a task definition in the Amazon ECS console, you have the option
to allow Amazon ECS to auto-configure your CloudWatch logs. This option creates
a log group
on your behalf using the task definition family name with ecs
as
the prefix.
To use log group auto-configuration option in the Amazon ECS console
-
Open the Amazon ECS console at https://console.aws.amazon.com/ecs/
. -
In the left navigation pane, choose Task Definitions, Create new Task Definition.
-
Select your compatibility option and choose Next Step.
-
Choose Add container.
-
In the Storage and Logging section, for Log configuration, choose Auto-configure CloudWatch Logs.
-
Enter your awslogs log driver options. For more information, see Specifying a log configuration in your task definition.
-
Complete the rest of the task definition wizard.
Available awslogs log driver options
The awslogs
log driver supports the following options in Amazon ECS task
definitions. For more information, see CloudWatch Logs logging
driver
awslogs-create-group
-
Required: No
Specify whether you want the log group automatically created. If this option is not specified, it defaults to
false
.Note Your IAM policy must include the
logs:CreateLogGroup
permission before you attempt to useawslogs-create-group
. awslogs-region
-
Required: Yes
Specify the region to which the
awslogs
log driver should send your Docker logs. You can choose to send all of your logs from clusters in different regions to a single region in CloudWatch Logs so that they are all visible in one location, or you can separate them by region for more granularity. Be sure that the specified log group exists in the region that you specify with this option. awslogs-endpoint
-
Required: No
By default, Docker uses either the
awslogs-region
log option or the detected Region to construct the remote CloudWatch Logs API endpoint. Use theawslogs-endpoint
log option to override the default endpoint with the provided endpoint. awslogs-group
-
Required: Yes
You must specify a log group to which the
awslogs
log driver sends its log streams. For more information, see Creating a log group. awslogs-stream-prefix
-
Required: Yes, when using the Fargate launch type.
The
awslogs-stream-prefix
option allows you to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task to which the container belongs. If you specify a prefix with this option, then the log stream takes the following format:prefix-name
/container-name
/ecs-task-id
For Amazon ECS services, you could use the service name as the prefix, which would allow you to trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task to which the container belongs.
awslogs-datetime-format
-
Required: No
This option defines a multiline start pattern in Python
strftime
format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. Thus the matched line is the delimiter between log messages.One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry.
For more information, see awslogs-datetime-format
. This option always takes precedence if both
awslogs-datetime-format
andawslogs-multiline-pattern
are configured.Note Multiline logging performs regular expression parsing and matching of all log messages, which may have a negative impact on logging performance.
awslogs-multiline-pattern
-
Required: No
This option defines a multiline start pattern using a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. Thus the matched line is the delimiter between log messages.
For more information, see awslogs-multiline-pattern
. This option is ignored if
awslogs-datetime-format
is also configured.Note Multiline logging performs regular expression parsing and matching of all log messages. This may have a negative impact on logging performance.
mode
-
Required: No
Valid values:
non-blocking
|blocking
Default value:
blocking
The delivery mode of log messages from the container to
awslogs
. For more information, see Configure logging drivers. max-buffer-size
-
Required: No
Default value:
1m
When
non-blocking
mode is used, themax-buffer-size
log option controls the size of the ring buffer used for intermediate message storage.
Specifying a log configuration in your task definition
Before your containers can send logs to CloudWatch, you must specify the
awslogs
log driver for containers in your task definition. This
section describes the log configuration for a container to use the
awslogs
log driver. For more information, see Creating a task definition.
The task definition JSON shown below has a logConfiguration
object
specified for each container; one for the WordPress container that sends logs
to a
log group called awslogs-wordpress
, and one for a MySQL container that
sends logs to a log group called awslogs-mysql
. Both containers use the
awslogs-example
log stream prefix.
{ "containerDefinitions": [ { "name": "wordpress", "links": [ "mysql" ], "image": "wordpress", "essential": true, "portMappings": [ { "containerPort": 80, "hostPort": 80 } ], "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "
awslogs-wordpress
", "awslogs-region": "us-west-2
", "awslogs-stream-prefix": "awslogs-example
" } }, "memory": 500, "cpu": 10 }, { "environment": [ { "name": "MYSQL_ROOT_PASSWORD", "value": "password" } ], "name": "mysql", "image": "mysql", "cpu": 10, "memory": 500, "essential": true, "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "awslogs-mysql
", "awslogs-region": "us-west-2
", "awslogs-stream-prefix": "awslogs-example
" } } } ], "family": "awslogs-example" }
In the Amazon ECS console, the log configuration for the wordpress
container is specified as shown in the image below.

Viewing awslogs container logs in CloudWatch Logs
After your Fargate tasks that use the
awslogs
log driver have launched, your configured containers should
be sending their log data to CloudWatch Logs. You can view and search these logs
in the
console.
To view your CloudWatch Logs data for a container from the Amazon ECS console
-
Open the Amazon ECS console at https://console.aws.amazon.com/ecs/
. -
On the Clusters page, select the cluster that contains the task to view.
-
On the Cluster:
cluster_name
page, choose Tasks and select the task to view. -
On the Task:
task_id
page, expand the container view by choosing the arrow to the left of the container name. -
In the Log Configuration section, choose View logs in CloudWatch, which opens the associated log stream in the CloudWatch console.
To view your CloudWatch Logs data in the CloudWatch console
-
Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/
. -
In the left navigation pane, choose Logs.
-
Select a log group to view. You should see the log groups that you created in Creating a log group.
-
Choose a log stream to view.