Docker CloudWatch Logs
Setting up AWS CloudWatch logging driver for Docker
The region and group name can be of your choice.
IAM CloudWatch Logs Policy Setup
These steps go over on how to setup an IAM policy for accessing specific CloudWatch logs. You do not need to do this if you're accessing the logs under the same account.
Create EC2 role
Go to IAM service
Click Roles on sidebar
Click Create role button
Steps
Select AWS service as trusted entity
Select EC2 as use case
click on Next: Permissions
Steps
Filter for CloudWatchLogsFullAccess
Select Service: CloudWatch Logs
Click Next
Click Next: Tags
Click Next: Review
Steps
Role Name: HopNodeEC2Role
Click Create role
Attach IAM role to ec2
Go to EC2 service
Click on instance
Click on Actions dropdown
Select Security
Select Modify IAM role
Select HopNodeEC2Role
Click Save
Get log group ARN
Go to CloudWatch service
Under Logs section on left sidebar, click on Log groups
Click on HopNode
Copy ARN on top right
Create IAM user to view logs
Go to IAM service
Click on Users on sidebar
Click on Add user
Steps
User name: alice
Check AWS Management Console access
Click on Next: Permissions
Click on Create group
Click on Create policy (this will open a new tab)
Steps
Service: CloudWatch Logs
Actions
Access level
Expand List
Check DescribeLogStreams
Check Read
Resources
Select Specific
Under log-group
Add ARN
Paste log group ARN retrieved from CloudWatch Log Group
Click on Add additional permissions
Service: CloudWatch Logs
Expand List
Check DescribeLogGroups
Under log-group
Add Any for log group
Click on Next: Review
Name: CloudWatchLogsAccessPolicy
Click on Create policy
You may close this tab
Back on original tab
Select Attach existing policies directly
Click Refresh button
Filter for CloudWatchLogsAccessPolicy and select
Click Next: Tags
Click Next: Review
Right click and open in new tab Send email link
View CloudWatch logs
Go to CloudWatch service
Under Logs section on left sidebar, click on Log groups
Click on HopRunner
Click on latest Log stream
Last updated