CloudWatch 上的 EC2 Docker 容器日志
[英]EC2 Docker container logs on CloudWatch
问题描述
I have a running container on EC2 instance and I would like to populate my logs to CloudWatch in the same region.
我在 EC2 实例上有一个正在运行的容器,我想将我的日志填充到同一区域的 CloudWatch。
I was trying to use this tutorial: https://docs.docker.com/config/containers/logging/awslogs/我正在尝试使用本教程: https://docs.docker.com/config/containers/logging/awslogs/
However I have an issue related with the timeout of connection, also even though policy allows my ec2 instance to connect to the cloudwatch, when i am trying to describe anything I don't receive any response.但是,我有一个与连接超时相关的问题,即使策略允许我的 ec2 实例连接到 cloudwatch,当我试图描述任何我没有收到任何响应的内容时。
Do You know how to get my logs from docker container running on EC2 to cloudwatch?你知道如何将我的日志从运行在 EC2 上的 docker 容器获取到 cloudwatch 吗? I have tried multiple tutorials, however wasn't able to do it.我尝试了多个教程,但无法做到。
2 个解决方案
解决方案1
2 2020-07-02 22:30:47
To create the ECS-CloudWatchLogs IAM policy创建 ECS-CloudWatchLogs IAM 策略
1.Open the IAM console at https://console.aws.amazon.com/iam/ . 1.在https://console.aws.amazon.com/iam/打开 IAM 控制台。
2.In the navigation pane, choose Policies. 2.在导航窗格中,选择策略。
3.Choose Create policy, JSON. 3.选择创建策略,JSON。
4.Enter the following policy: 4.输入以下策略:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Resource": [ "arn:aws:logs: : :*" ] } ] } 5.Choose Review policy. {“版本”:“2012-10-17”,“声明”:[{“效果”:“允许”,“操作”:[“日志:CreateLogGroup”,“日志:CreateLogStream”,“日志:PutLogEvents”, "logs:DescribeLogStreams" ], "Resource": [ "arn:aws:logs: : :*" ] } ] } 5.选择审核政策。
6.On the Review policy page, enter ECS-CloudWatchLogs for the Name and choose Create policy. 6.在 Review policy 页面上,输入 ECS-CloudWatchLogs 作为 Name 并选择 Create policy。
To attach the ECS-CloudWatchLogs policy to ecsInstanceRole将 ECS-CloudWatchLogs 策略附加到 ecsInstanceRole
1.Open the IAM console at https://console.aws.amazon.com/iam/ . 1.在https://console.aws.amazon.com/iam/打开 IAM 控制台。
2.In the navigation pane, choose Roles. 2.在导航窗格中,选择角色。
3.Choose ecsInstanceRole. 3.选择ecsInstanceRole。 If the role does not exist, follow the procedures in Amazon ECS Container Instance IAM Role to create the role.如果该角色不存在,请按照 Amazon ECS 容器实例 IAM 角色中的步骤创建该角色。
4.Choose Permissions, Attach policies. 4.选择权限,附加策略。
5.To narrow the available policies to attach, for Filter, type ECS-CloudWatchLogs. 5.要缩小要附加的可用策略,对于过滤器,键入 ECS-CloudWatchLogs。
6.Select the ECS-CloudWatchLogs policy and choose Attach policy 6.Select ECS-CloudWatchLogs 策略并选择附加策略
解决方案2
1 已采纳 2020-07-03 01:44:54
If the instance has correct permission all you need to pass the following option to your docker run command.如果实例具有正确的权限,您只需将以下选项传递给您的 docker 运行命令。
docker run -it --log-driver=awslogs --log-opt awslogs-region=us-west-2 --log-opt awslogs-group=myLogGroup --log-opt awslogs-create-group=true node:alpine
You can check into aws-console , you will see log group name myLogGroup您可以查看aws-console ,您将看到日志组名称myLogGroup
As you also mentioned that you are getting timeout, to verify this check the below command.正如您还提到您正在超时,要验证这一点,请检查以下命令。
curl http://checkip.amazonaws.com
If it's not responding it means the instance does not have internet access and its in private subnet.如果它没有响应,则意味着该实例没有 Internet 访问权限并且它位于私有子网中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.