github.com/sijibomii/docker@v0.0.0-20231230191044-5cf6ca554647/docs/admin/logging/awslogs.md (about)

     1  <!--[metadata]>
     2  +++
     3  aliases = ["/engine/reference/logging/awslogs/"]
     4  title = "Amazon CloudWatch Logs logging driver"
     5  description = "Describes how to use the Amazon CloudWatch Logs logging driver."
     6  keywords = ["AWS, Amazon, CloudWatch, logging, driver"]
     7  [menu.main]
     8  parent = "smn_logging"
     9  +++
    10  <![end-metadata]-->
    11  
    12  # Amazon CloudWatch Logs logging driver
    13  
    14  The `awslogs` logging driver sends container logs to
    15  [Amazon CloudWatch Logs](https://aws.amazon.com/cloudwatch/details/#log-monitoring).
    16  Log entries can be retrieved through the [AWS Management
    17  Console](https://console.aws.amazon.com/cloudwatch/home#logs:) or the [AWS SDKs
    18  and Command Line Tools](http://docs.aws.amazon.com/cli/latest/reference/logs/index.html).
    19  
    20  ## Usage
    21  
    22  You can configure the default logging driver by passing the `--log-driver`
    23  option to the Docker daemon:
    24  
    25      docker daemon --log-driver=awslogs
    26  
    27  You can set the logging driver for a specific container by using the
    28  `--log-driver` option to `docker run`:
    29  
    30      docker run --log-driver=awslogs ...
    31  
    32  ## Amazon CloudWatch Logs options
    33  
    34  You can use the `--log-opt NAME=VALUE` flag to specify Amazon CloudWatch Logs logging driver options.
    35  
    36  ### awslogs-region
    37  
    38  The `awslogs` logging driver sends your Docker logs to a specific region. Use
    39  the `awslogs-region` log option or the `AWS_REGION` environment variable to set
    40  the region.  By default, if your Docker daemon is running on an EC2 instance
    41  and no region is set, the driver uses the instance's region.
    42  
    43      docker run --log-driver=awslogs --log-opt awslogs-region=us-east-1 ...
    44  
    45  ### awslogs-group
    46  
    47  You must specify a
    48  [log group](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchLogs.html)
    49  for the `awslogs` logging driver.  You can specify the log group with the
    50  `awslogs-group` log option:
    51  
    52      docker run --log-driver=awslogs --log-opt awslogs-region=us-east-1 --log-opt awslogs-group=myLogGroup ...
    53  
    54  ### awslogs-stream
    55  
    56  To configure which
    57  [log stream](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchLogs.html)
    58  should be used, you can specify the `awslogs-stream` log option.  If not
    59  specified, the container ID is used as the log stream.
    60  
    61  > **Note:**
    62  > Log streams within a given log group should only be used by one container
    63  > at a time.  Using the same log stream for multiple containers concurrently
    64  > can cause reduced logging performance.
    65  
    66  ## Credentials
    67  
    68  You must provide AWS credentials to the Docker daemon to use the `awslogs`
    69  logging driver. You can provide these credentials with the `AWS_ACCESS_KEY_ID`,
    70  `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN` environment variables, the
    71  default AWS shared credentials file (`~/.aws/credentials` of the root user), or
    72  (if you are running the Docker daemon on an Amazon EC2 instance) the Amazon EC2
    73  instance profile.
    74  
    75  Credentials must have a policy applied that allows the `logs:CreateLogStream`
    76  and `logs:PutLogEvents` actions, as shown in the following example.
    77  
    78      {
    79        "Version": "2012-10-17",
    80        "Statement": [
    81          {
    82            "Action": [
    83              "logs:CreateLogStream",
    84              "logs:PutLogEvents"
    85            ],
    86            "Effect": "Allow",
    87            "Resource": "*"
    88          }
    89        ]
    90      }