CloudWatch Logs is a log aggregation service by Amazon you can use to send your logs to. It's very useful to keep some logs centralized, share access to them, receive alarms when errors happen, or simply store them safely. We'll see how to create a CloudWatch Log group and use it to stream logs from a Docker container logs inside it.
To step through this recipe, you will need the following:
Let's say we want the log group to be named docker_logs
, and that we want to keep those logs for seven days. In the variables.tf
file, that would look like this:
variable "log_group_name" { default = "docker_logs" } variable "log_retention_days" { default = "7" }
Also, in a new cloudwatch.tf
file, we can use the simple aws_cloudwatch_log_group
resource:
resource "aws_cloudwatch_log_group" "docker_logs" { name = "${var.log_group_name}" retention_in_days = "${var.log_retention_days}" }
After a terraform apply
, if you navigate to the AWS CloudWatch page, you'll see the newly created group under the Log Groups entry on the left (https://eu-west-1.console.aws.amazon.com/cloudwatch/).
You can now use this group to create a log stream from an application or a container. Using it as recommended by AWS is well documented, so let's use it with Docker instead. It only requires to give the Docker daemon access to the AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
environment variables (configuring the Docker daemon is out of the scope of this chapter, but that's under /etc/sysconfig/docker
for Red Hat-based systems such as Fedora or CentOS, and /etc/default/docker
for Debian/Ubuntu systems). Restart the daemon and start logging your containers output using a new Docker logging driver, using the log group name specified in Terraform earlier (docker_logs
):
$ docker run -it --rm -p 80:80 --log-driver=awslogs --log-opt awslogs-region=eu-west-1 --log-opt awslogs-group=docker_logs --log-opt awslogs-stream=nginx nginx:stable
Generate some activity on the container:
$ curl -IL http://localhost HTTP/1.1 200 OK
Refresh the AWS CloudWatch page and you'll see a new entry named nginx
with the container logs. You can run all your containers in your infrastructure like this and get centralized logging very easily!
18.188.154.252