
The Docker awslogs driver can be used to append Docker logs to Amazon Web Services (AWS) CloudWatch.
You will need a CloudWatch log group for the Docker logs. The aws logs create-log-group command can be used to create a CloudWatch Logs Group.
aws logs create-log-group --log-group docker-logs
Let's stop Docker. Be aware that this will stop all of the Docker containers on the Docker system.
sudo systemctl stop docker
Create the /etc/systemd/system/docker.service.d directory.
sudo mkdir --parents /etc/systemd/system/docker.service.d
Create the /etc/systemd/system/docker.service.d/override.conf file with the following.
[Service]
Environment="AWS_ACCESS_KEY_ID=<your access key>"
Environment="AWS_SECRET_ACCESS_KEY=<your secret key>"
If Docker is running on a Linux system, update /etc/docker/daemon.json to have the following, replacing us-east-1 with your Amazon Web Services (AWS) Region. If Docker is running on a Windows System, use C:\ProgramData\docker\config\daemon.json. If daemon.json does not exist, simply create the daemon.json file.
{
"log-driver": "awslogs",
"log-opts": {
"awslogs-region": "us-east-1",
"awslogs-group": "docker-logs"
}
}
Reload the system daemons.
sudo systemctl daemon-reload
sudo systemctl start docker
Ensure Docker is up and running.
~]$ sudo systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: disabled)
Active: active (running) since Thu 2024-01-25 02:10:23 UTC; 4s ago
Then let's see if we can get a simple hello-world container to append it's logs to CloudWatch.
sudo docker run --log-driver=awslogs hello-world
The log options are optional, not required. But I would almost always set awslogs-stream because if you don't, the name of the log stream will be the container ID, some random string such as 73c57514e3ed0f9e49f04a3d75a50b040e2344ea7bd540cf0969dc4bba95. It's much better to give the log stream a meaningful name to make it easy to correlate the log stream to the container.
sudo docker run --log-driver=awslogs --log-opt awslogs-stream=helloworld hello-world
And here is an example using the Ansible docker_container module. The log_options are optional, not required.
---
- hosts: all
tasks:
- name: create and start the docker container
become: yes
become_user: root
docker_container:
name: my-container
state: started
image: my-image
log_driver: awslogs
log_options:
awslogs-stream: "{{ inventory_hostname_short }}_my-stream"
awslogs-group: docker-logs
awslogs-region: us-east-1
awslogs-create-group: true
...
Something like this should be displayed on the console.
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
And the same exact events should be in your CloudWatch log group.
Did you find this article helpful?
If so, consider buying me a coffee over at