github.com/tompao/docker@v1.9.1/docs/reference/logging/awslogs.md

github.com/tompao/docker@v1.9.1/docs/reference/logging/awslogs.md (about)

     1  <!--[metadata]>
     2  +++
     3  title = "Amazon CloudWatch Logs logging driver"
     4  description = "Describes how to use the Amazon CloudWatch Logs logging driver."
     5  keywords = ["AWS, Amazon, CloudWatch, logging, driver"]
     6  [menu.main]
     7  parent = "smn_logging"
     8  +++
     9  <![end-metadata]-->
    10  
    11  # Amazon CloudWatch Logs logging driver
    12  
    13  The `awslogs` logging driver sends container logs to
    14  [Amazon CloudWatch Logs](https://aws.amazon.com/cloudwatch/details/#log-monitoring).
    15  Log entries can be retrieved through the [AWS Management
    16  Console](https://console.aws.amazon.com/cloudwatch/home#logs:) or the [AWS SDKs
    17  and Command Line Tools](http://docs.aws.amazon.com/cli/latest/reference/logs/index.html).
    18  
    19  ## Usage
    20  
    21  You can configure the default logging driver by passing the `--log-driver`
    22  option to the Docker daemon:
    23  
    24      docker daemon --log-driver=awslogs
    25  
    26  You can set the logging driver for a specific container by using the
    27  `--log-driver` option to `docker run`:
    28  
    29      docker run --log-driver=awslogs ...
    30  
    31  ## Amazon CloudWatch Logs options
    32  
    33  You can use the `--log-opt NAME=VALUE` flag to specify Amazon CloudWatch Logs logging driver options.
    34  
    35  ### awslogs-region
    36  
    37  You must specify a region for the `awslogs` logging driver. You can specify the
    38  region with either the `awslogs-region` log option or `AWS_REGION` environment
    39  variable:
    40  
    41      docker run --log-driver=awslogs --log-opt awslogs-region=us-east-1 ...
    42  
    43  ### awslogs-group
    44  
    45  You must specify a
    46  [log group](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchLogs.html)
    47  for the `awslogs` logging driver.  You can specify the log group with the
    48  `awslogs-group` log option:
    49  
    50      docker run --log-driver=awslogs --log-opt awslogs-region=us-east-1 --log-opt awslogs-group=myLogGroup ...
    51  
    52  ### awslogs-stream
    53  
    54  To configure which
    55  [log stream](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchLogs.html)
    56  should be used, you can specify the `awslogs-stream` log option.  If not
    57  specified, the container ID is used as the log stream.
    58  
    59  > **Note:**
    60  > Log streams within a given log group should only be used by one container
    61  > at a time.  Using the same log stream for multiple containers concurrently
    62  > can cause reduced logging performance.
    63  
    64  ## Credentials
    65  
    66  You must provide AWS credentials to the Docker daemon to use the `awslogs`
    67  logging driver. You can provide these credentials with the `AWS_ACCESS_KEY_ID`,
    68  `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN` environment variables, the
    69  default AWS shared credentials file (`~/.aws/credentials` of the root user), or
    70  (if you are running the Docker daemon on an Amazon EC2 instance) the Amazon EC2
    71  instance profile.
    72  
    73  Credentials must have a policy applied that allows the `logs:CreateLogStream`
    74  and `logs:PutLogEvents` actions, as shown in the following example.
    75  
    76      {
    77        "Version": "2012-10-17",
    78        "Statement": [
    79          {
    80            "Action": [
    81              "logs:CreateLogStream",
    82              "logs:PutLogEvents"
    83            ],
    84            "Effect": "Allow",
    85            "Resource": "*"
    86          }
    87        ]
    88      }
    89  
    90