The Docker awslogs driver can be used to append Docker logs to Amazon Web Services (AWS) CloudWatch.

You will need a CloudWatch log group for the Docker logs. The aws logs create-log-group command can be used to create a CloudWatch Logs Group.

aws logs create-log-group --log-group docker-logs

Let's stop Docker. Be aware tjhat this will stop all of the Docker containers on the Docker system.

sudo systemctl stop docker

Create the /etc/systemd/system/docker.service.d directory.

sudo mkdir --parents /etc/systemd/system/docker.service.d

Create the /etc/systemd/system/docker.service.d/override.conf file with the following.

[Service]
Environment="AWS_ACCESS_KEY_ID=<your access key>"
Environment="AWS_SECRET_ACCESS_KEY=<your secret key>"

If Docker is running on a Linux system, update /etc/docker/daemon.json to have the following, replacing us-east-1 with your Amazon Web Services (AWS) Region. If Docker is running on a Windows System, use C:\ProgramData\docker\config\daemon.json. If daemon.json does not exist, simply create the daemon.json file.

{
  "log-driver": "awslogs",
  "log-opts": {
    "awslogs-region": "us-east-1",
    "awslogs-group": "docker-logs"
  }
}

Reload the system daemons.

sudo systemctl daemon-reload

Start Docker.

sudo systemctl start docker

Ensure Docker is up and running.

~]$ sudo systemctl status docker
● docker.service - Docker Application Container Engine
     Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: disabled)
     Active: active (running) since Thu 2024-01-25 02:10:23 UTC; 4s ago

Then let's see if we can get a simple hello-world container to append it's logs to CloudWatch.

sudo docker run --log-driver=awslogs hello-world
--log-opt

The log options are optional, not required. But I would almost always set awslogs-stream because if you don't, the name of the log stream will be the container ID, some random string such as 73c57514e3ed0f9e49f04a3d75a50b040e2344ea7bd540cf0969dc4bba95. It's much better to give the log stream a meaningful name to make it easy to correlate the log stream to the container.

sudo docker run --log-driver=awslogs --log-opt awslogs-stream helloworld hello-world

And here is an example using the Ansible docker_container module. The log_options are optional, not required.

---
- hosts: all
  tasks:
  - name: create and start the docker container
    become: yes
    become_user: root
    docker_container:
      name: my-container
      state: started
      image: my-image
      log_driver: awslogs
      log_options:
        awslogs-stream: "{{ inventory_hostname_short }}_my-stream"
        awslogs-group: docker-logs
        awslogs-region: us-east-1
        awslogs-create-group: true
...

Something like this should be displayed on the console.

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

And the same exact events should be in your CloudWatch log group.