Search code examples
amazon-web-servicesspring-bootloggingamazon-ecs

Why am I not seeing logs when using a Corretto based Spring Boot Docker image?

I am trying to create a Spring Boot app as an ECS service. I tried to use the Corretto image but I am still not seeing logs in the task. How do I configure the task or dockerfile to be able to properly see the logs?

My Dockerfile

# Use the Oracle Java 20 JDK as the base image
FROM amazoncorretto:20

# Set the working directory
WORKDIR /app

# Copy the JAR file into the container
COPY build/libs/backend-0.0.1-SNAPSHOT.jar /app/backend-0.0.1-SNAPSHOT.jar

# Set the command to run when the container starts
CMD ["java", "-jar", "backend-0.0.1-SNAPSHOT.jar"]

Entire Task Def

{
    "taskDefinitionArn": "..../cbusha-backend-task:3",
    "containerDefinitions": [
        {
            "name": "cbusha-be",
            "image": "....dkr.ecr.us-east-2.amazonaws.com/ecomm-backend",
            "cpu": 0,
            "portMappings": [],
            "essential": true,
            "environment": [],
            "mountPoints": [],
            "volumesFrom": []
        }
    ],
    "family": "cbusha-backend-task",
    "executionRoleArn": "arn:aws:iam::...:role/ecsTaskExecutionRole",
    "networkMode": "awsvpc",
    "revision": 3,
    "volumes": [],
    "status": "ACTIVE",
    "requiresAttributes": [
        {
            "name": "com.amazonaws.ecs.capability.ecr-auth"
        },
        {
            "name": "ecs.capability.execution-role-ecr-pull"
        },
        {
            "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
        },
        {
            "name": "ecs.capability.task-eni"
        }
    ],
    "placementConstraints": [],
    "compatibilities": [
        "EC2",
        "FARGATE"
    ],
    "requiresCompatibilities": [
        "FARGATE"
    ],
    "cpu": "1024",
    "memory": "3072",
    "registeredAt": "2023-07-09T15:08:35.980Z",
    "registeredBy": "arn:aws:iam::...:root",
    "tags": []
}

This is the permission on ecsTaskExecutionRole

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "logs:*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}
Solution

  • So the solution was 2 part, first I needed to add this to install the log driver on my docker image...

    RUN yum update -y && yum install -y python3
# Install awslogs
RUN pip3 install awscli awslogs

    Next I had to go into my task definition and add the following...

    {
  "family": "cbusha-backend-task",
  ...
  "containerDefinitions": [
    {
      ...
      "logConfiguration": {
        "logDriver": "awslogs",
        "options": {
          "awslogs-group": "your-log-group-name",
          "awslogs-region": "your-aws-region",
          "awslogs-stream-prefix": "your-stream-prefix"
        }
      }
    }
  ]
}

    And now I am seeing the logs in cloudwatch!

    If you are coming to this answer without fully reading the question make sure your Task Definition's "Task Execution Role" has the CloudWatch Logs IAM permission as well.