Our next-gen architecture is built to help you make sense of your ever-growing data. Watch a 4-min demo video!

Back to All Docs

AWS ECS Fargate AWS ECS Fargate

Last Updated: Mar. 17, 2024

Seamlessly stream logs, metrics, and traces generated by AWS ECS Fargate containers to Coralogix for optimal monitoring, analysis, and visualization.

Logs

Send Coralogix your ECS Fargate logs using AWS FireLens via Fluent Bit, a lightweight data shipper for your AWS ECS Fargate workloads.

Overview

This integration requires that you deploy the fluentbit log_router into an existing AWS ECS Fargate task definition. The example below uses an AWS customized Fluent Bit image called aws-for-fluent-bit [init version]. A CloudFormation template may also be used.

The aws-for-fluent-bit image, maintained by AWS here, enables loading the Fluent Bit configuration via S3 or local files, making it more convenient and dynamic than using a static configuration in your container image.

The base_filters.conf file includes a set of filters to ensure proper ingestion by the Coralogix backend. This should be included as the first configuration file for your instance deployment. Ensure you upload this to an S3 bucket in your AWS account.

You can load multiple configuration files from S3 to build your final configuration by setting custom environment variables within the task definition.

Container declaration within a task definition

The following is an example container declaration.

    "containerDefinitions": [
        {
            <Existing Container Definitions>
        },
        {
            "name": "log_router",
            "image": "public.ecr.aws/aws-observability/aws-for-fluent-bit:init-2.31.12",
            "cpu": 0,
            "portMappings": [],
            "essential": false,
            "environment": [
                {
                    "name": "aws_fluent_bit_init_s3_1",
                    "value": "arn:aws:s3:::<Your S3 Bucket>/base_filters.conf"
                },
                {
                    "name": "aws_fluent_bit_init_s3_2",
                    "value": "arn:aws:s3:::<Your S3 Bucket>/more_filters.conf"
                },
                {
                    "name": "aws_fluent_bit_init_s3_3",
                    "value": "arn:aws:s3:::<Your S3 Bucket>/custom_parser.conf"
                }
            ],
            "mountPoints": [],
            "volumesFrom": [],
            "user": "0",
            "firelensConfiguration": {
                "type": "fluentbit",
                "options": {}
            }
        }
    ]

Notes:

  • Our aws_fluent_bit_init_s3_1 environment variable points to the base_filters.conf file hosted in your S3 bucket.
  • Add additional configuration files by increasing the _# suffix to reference additional files.
  • Create your own custom image and include files locally if preferred. To do this, use environment variable aws_fluent_bit_init_file_1 instead. You can use S3 and local files in the same deployment.
  • Full details can be found in the AWS documentation here.

Allow container access to your S3 bucket

To allow container access to the S3 object, provide the s3:GetObject and s3:GetBucketLocation action permissions to the task, as in the following example.

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Action": [
				"s3:GetBucketLocation"
			],
			"Resource": "<Your specific bucket ARN>"
		},
		{
			"Effect": "Allow",
			"Action": [
				"s3:GetObject"
			],
			"Resource": "<Your specific bucket ARN>/*"
		}
	]
}

Notes:

  • The permission must be added to the Task Role.

Container adjustment

After adding the above container to your existing Task Definition, adjust the logConfiguration for the containers you wish to forward to Coralogix.

Add the following “logConfiguration” section to each of your application containers at the root.

"logConfiguration": {
                "logDriver": "awsfirelens",
                "options": {
                    "Format": "json_lines",
                    "Header": "authorization Bearer <<API_key>>",
                    "Host": "ingress.<Coralogix Domain>",
                    "Name": "http",
                    "Port": "443",
                    "Retry_Limit": "10",
                    "TLS": "On",
                    "URI": "/logs/v1/singles",
                    "compress": "gzip"
                }
            }

Notes:

  • Input the “logConfiguration” section at the same level as “name”, “image”, etc.

Metrics & Traces

Send your ECS Fargate metrics and traces using OpenTelemetry (Otel) Collector, offering a vendor-agnostic implementation of how to receive, process and export telemetry data.

Overview

This integration requires that you add the Otel Collector as a sidecar agent to your ECS Task Definitions. The example below uses an AWS customized OpenTelemetry image called AWS Distro for OpenTelemetry (ADOT). A CloudFormation template may also be used.

The ADOT image, maintained by AWS here, enables the loading of the OpenTelemetry configuration via Systems Manager Parameter Store, making configuration adjustment more convenient and dynamic when compared with a static configuration in your container image.

The config.yaml file includes a standard configuration, ensuring proper ingestion by the Coralogix backend. Create this Parameter Store in the same region as your ECS cluster, as in the CloudFormation template provided. Once the Parameter Store has been created, add the container to your existing Task Definition.

Container declaration within a task definition

    "containerDefinitions": [
        {
            <Existing Container Definitions>
        },
        {
            "name": "otel-collector",
            "image": "public.ecr.aws/aws-observability/aws-otel-collector",
            "cpu": 0,
            "portMappings": [
                {
                    "name": "otel-collector-4317-tcp",
                    "containerPort": 4317,
                    "hostPort": 4317,
                    "protocol": "tcp",
                    "appProtocol": "grpc"
                },
                {
                    "name": "otel-collector-4318-tcp",
                    "containerPort": 4318,
                    "hostPort": 4318,
                    "protocol": "tcp",
                    "appProtocol": "grpc"
                }
            ],
            "essential": false,
            "environment": [
                {
                    "name": "PRIVATE_KEY",
                    "value": "<Coralogix PrivateKey>"
                },
                {
                    "name": "CORALOGIX_DOMAIN",
                    "value": "<Coralogix Domain>"
                }
            ],
            "mountPoints": [],
            "volumesFrom": [],
            "secrets": [
                {
                    "name": "AOT_CONFIG_CONTENT",
                    "valueFrom": "config.yaml"
                }
            ],
            "logConfiguration": {
                "logDriver": "awsfirelens",
                "options": {
                    "Format": "json_lines",
                    "Header": "authorization Bearer <API_key>",
                    "Host": "ingress.<Coralogix Domain>",
                    "Name": "http",
                    "Port": "443",
                    "Retry_Limit": "10",
                    "TLS": "On",
                    "URI": "/logs/v1/singles",
                    "compress": "gzip"
                }
            }
        }
    ]

Notes:

  • Input your Send-Your-Data API key as API_key.
  • Input the domain associated with your Coralogix account.
  • The “logConfiguration” section included in the example will forward Otel logs to the Coralogix platform, as documented in our Fluent Bit log processing configuration instructions here.
  • If you don’t want to have logs submitted to the Coralogix platform, replace the logConfiguration with the logDriver configuration of preference.
  • To submit to Cloudwatch, use the following configuration:
"logConfiguration": {
                "logDriver": "awslogs",
                "options": {
                    "awslogs-create-group": "true",
                    "awslogs-group": "<Log Group Name>",
                    "awslogs-region": "<Your Region>",
                    "awslogs-stream-prefix": "<Stream Prefix>"
                }
            }

Access the Systems Manager Parameter Store

To allow container access to the Systems Manager Parameter Store, provide the ssm:GetParameters action permissions to the Task Execution Role, as in the following example.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ssm:GetParameters"
      ],
      "Resource": [
        "arn:aws:ssm:region:aws_account_id:parameter/parameter_name"
      ]
    }
  ]
}

Notes:

  • The permission must be added to the Task Execution Role.
  • After adding the above container to your existing Task Definition, your applications will submit their traces and metrics exports to http://localhost:4318/v1/traces and /v1/metrics. They will also collect container metrics from all containers in the Task Definition.

Additional Resources

GitHubECS Fargate Logs
ECS Fargate Traces

Support

Need help?

Contact us via our in-app chat or by emailing [email protected].

On this page