Skip to content

Sample logging architectures for FireLens on Amazon ECS and AWS Fargate.

License

Notifications You must be signed in to change notification settings

g3kr/amazon-ecs-firelens-examples

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Amazon ECS FireLens Examples

Sample logging architectures for FireLens on Amazon ECS and AWS Fargate.

Contributing

We want examples of as many use cases in this repository as possible! Submit a Pull Request if you would like to add something.

Fluent Bit Examples

Fluentd Examples

Setup for the examples

Before you use FireLens, familiarize yourself with Amazon ECS and with the FireLens documentation.

In order to use these examples, you will need the following IAM resources:

  • A Task IAM Role with permissions to send logs to your log destination. Each of the examples in this repository that needs additional permissions has a sample policy.
  • A Task Execution Role. This role is used by the ECS Agent to make calls on your behalf. If you enable logging for your FireLens container with the awslogs Docker Driver, you will need permissions for CloudWatch. You also need to give it S3 permissions if you are pulling an external Fluent Bit or Fluentd configuration file from S3. See the the FireLens documentation for more.

Here is an example inline policy with S3 access for FireLens:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::examplebucket/folder_name/config_file_name"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation"
      ],
      "Resource": [
        "arn:aws:s3:::examplebucket"
      ]
    }
  ]
}

Using the Examples

You must update each Task Definition to reflect your own needs. Replace the IAM roles with your own roles. Update the log configuration with the values that you desire. And replace the app image with your own application image.

Additionally, several of these examples use a custom Fluent Bit/Fluentd configuration file in S3. You must upload it to your own bucket, and change the S3 ARN in the example Task Definition.

If you are using ECS on Fargate, then pulling a config file from S3 is not currently supported. Instead, you must create a custom Docker image with the config file.

Dockerfile to add a custom configs:

FROM amazon/aws-for-fluent-bit:latest
ADD extra.conf /extra.conf

Then update the firelensConfiguration options in the Task Definition to the following:

"options": {
    "config-file-type": "file",
    "config-file-value": "/extra.conf"
}

License Summary

This sample code is made available under the MIT-0 license. See the LICENSE file.

About

Sample logging architectures for FireLens on Amazon ECS and AWS Fargate.

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published