[英]AWS CloudWatch sending logs but not custom metrics to CloudWatch
[英]Sending docker logs to AWS CloudWatch via Terraform
我的目標是通過terraform將docker容器日志發送到CloudWatch。 這是我用於IAM的ECS角色:
{
"Version": "2008-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": ["ecs.amazonaws.com", "ec2.amazonaws.com"]
},
"Effect": "Allow"
}
]
}
這是ECS服務角色政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:Describe*",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"ec2:Describe*",
"ec2:AuthorizeSecurityGroupIngress",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"*"
]
}
]
}
在我的docker容器的任務定義中,我還有其他用於cloudwatch日志記錄的東西:
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "awslog-mylogs",
"awslogs-region": "eu-west-1",
"awslogs-stream-prefix": "awslogs-mylogs-stream"
}
}
(我通過AWS控制台預先創建了awslog-mylogs
日志組)。
問題是如果我在沒有容器的上述日志記錄配置的情況下啟動AWS實例(通過Terraform應用),一切正常並且我的容器已啟動並運行(當然,日志不會發送到Cloudwatch)。 只要我有這個日志配置信息,EC2實例就會旋轉,但容器無法正常啟動。 在進入EC2實例后,我發現docker容器被救了出來。
知道這里出了什么問題嗎? 關於通過terraform配置向Cloudwatch發送日志的問題,我可能會遇到什么?
您能否檢查一下您是否設置了所有權限,並在ECS服務角色策略中包含Cloudwatch
?
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricData",
"ec2:DescribeTags",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutSubscriptionFilter",
"logs:PutLogEvents"
],
"Resource": [
"arn:aws:logs:*:*:*"
]
}
]
}
EOF
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.