Hop Docs
User Docs
Developer Docs
Developer Docs
  • Welcome
  • JavaScript SDK
    • Welcome
    • Getting started
    • API Reference
  • API
    • API Endpoints
  • Hop Node
    • Running a Hop Bonder
      • Bonder Requirements
      • Choosing a Platform
        • EC2 Setup
      • Securing your Server
        • Add SSH 2FA
      • Installing the Bonder
        • Installing the Bonder with Docker (recommended)
      • Configuring the Bonder
        • Keystore
          • Keystore AWS Parameter Store (recommended)
          • Keystore Local Passphrase
        • Configuration
      • Testing the Bonder
      • Running the Bonder
        • Staking
        • Starting the Bonder
      • Next Steps
    • Bonder Options
      • CLI Commands
      • Keystore Options
      • AWS KMS Signer
      • Monitoring
        • Docker CloudWatch Logs
        • Prometheus
      • Running Docker Container Options
      • Contract State
    • Resources and Best Practices
      • Securing Cloud Instance
      • Additional Security & Node Best Practices
      • Additional questions
  • Subgraphs
    • Welcome
    • Entities
    • Queries
    • Subgraph Info
  • Smart Contracts
    • Welcome
    • Integration
    • Contract Addresses
  • Fees
    • Fee Calculation
  • RPC
    • RPC Endpoints
  • Other
    • Assets
    • On the web
    • FAQ
Powered by GitBook
On this page
  • IAM CloudWatch Logs Policy Setup
  • Create EC2 role
  • Attach IAM role to ec2
  • Get log group ARN
  • Create IAM user to view logs
  • View CloudWatch logs
Edit on GitHub
  1. Hop Node
  2. Bonder Options
  3. Monitoring

Docker CloudWatch Logs

Setting up AWS CloudWatch logging driver for Docker

bonder:
    image: hopprotocol/hop-node:mainnet
    env_file:
      - docker.env
    restart: unless-stopped
    volumes:
        - /home/ubuntu/.hop:/root/.hop
    logging:
      driver: awslogs
      options:
        awslogs-region: us-east-1
        awslogs-group: HopNode
        awslogs-create-group: 'true'
docker run \
  --detach \
  --name hop-node \
  --restart=unless-stopped \
  --log-driver=awslogs \
  --log-opt awslogs-region=us-east-1 \
  --log-opt awslogs-group="HopNode" \
  --log-opt awslogs-create-group=true \
  --env-file docker.env \
  -v ~/.hop:/root/.hop \
  hopprotocol/hop-node:mainnet

The region and group name can be of your choice.

IAM CloudWatch Logs Policy Setup

These steps go over on how to setup an IAM policy for accessing specific CloudWatch logs. You do not need to do this if you're accessing the logs under the same account.

Create EC2 role

  1. Go to IAM service

  2. Click Roles on sidebar

  3. Click Create role button

  4. Steps

    1. Select AWS service as trusted entity

    2. Select EC2 as use case

    3. click on Next: Permissions

  5. Steps

    1. Filter for CloudWatchLogsFullAccess

    2. Select Service: CloudWatch Logs

  6. Click Next

  7. Click Next: Tags

  8. Click Next: Review

  9. Steps

    1. Role Name: HopNodeEC2Role

    2. Click Create role

Attach IAM role to ec2

  1. Go to EC2 service

  2. Click on instance

  3. Click on Actions dropdown

    1. Select Security

      1. Select Modify IAM role

    2. Select HopNodeEC2Role

    3. Click Save

Get log group ARN

  1. Go to CloudWatch service

  2. Under Logs section on left sidebar, click on Log groups

  3. Click on HopNode

  4. Copy ARN on top right

Create IAM user to view logs

  1. Go to IAM service

  2. Click on Users on sidebar

  3. Click on Add user

  4. Steps

    1. User name: alice

    2. Check AWS Management Console access

  5. Click on Next: Permissions

  6. Click on Create group

  7. Click on Create policy (this will open a new tab)

    1. Steps

      1. Service: CloudWatch Logs

      2. Actions

        1. Access level

          1. Expand List

            1. Check DescribeLogStreams

          2. Check Read

      3. Resources

        1. Select Specific

        2. Under log-group

          1. Add ARN

            1. Paste log group ARN retrieved from CloudWatch Log Group

      4. Click on Add additional permissions

        1. Service: CloudWatch Logs

          1. Expand List

            1. Check DescribeLogGroups

            2. Under log-group

              1. Add Any for log group

      5. Click on Next: Review

        1. Name: CloudWatchLogsAccessPolicy

        2. Click on Create policy

    2. You may close this tab

  8. Back on original tab

    1. Select Attach existing policies directly

      1. Click Refresh button

      2. Filter for CloudWatchLogsAccessPolicy and select

    2. Click Next: Tags

    3. Click Next: Review

    4. Right click and open in new tab Send email link

View CloudWatch logs

  1. Go to CloudWatch service

  2. Under Logs section on left sidebar, click on Log groups

  3. Click on HopRunner

  4. Click on latest Log stream

Last updated 1 year ago