Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ECS, Fargate] Support awslogs-endpoint task configuration option #73

Open
copumpkin opened this issue Dec 18, 2018 · 4 comments
Open
Labels
ECS Amazon Elastic Container Service Proposed Community submitted issue

Comments

@copumpkin
Copy link

copumpkin commented Dec 18, 2018

Which service(s) is this request for?

Fargate, ECS

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?

After @clareliguori helpfully pointed out that my issue #48 was mistaken and the issue was with the awslogs driver, I looked into the CloudWatch Logs VPCE support. Currently the only way to make it work is to update the VPC's DNS to point at the PrivateLink endpoint, which while fine for some situations, can be a bit coarse-grained for others (especially if there are nontrivial policies on the endpoint). As of a recent Docker (this commit adds it), the awslogs driver now supports the awslogs-endpoint configuration option, which would allow me to point my task directly at the logs VPCE that's appropriate for it. If I try to pass that into my task definition today, it tells me immediately that the option is invalid.

Are you currently working around this issue?

Just using DNS for the VPCE.

Edit: a broader way to phrase this might have been "Support Docker 18.09", as long as the front-end validation for the task definition schema notices that the new option is present 😄

@copumpkin copumpkin added the Proposed Community submitted issue label Dec 18, 2018
@mailjunze
Copy link

By default "Private DNS" is not enabled for Cloudwatch endpoint, In order to use Cloudwatch with fargate You would need to "Enable Private DNS Name" for com.amazonaws.eu-west-1.logs. Go to the Cloudwatch Endpoint in VPC console > Actions > Modify Private DNS name. Also, make sure you're using the latest Fargate platform Version.

@coultn coultn added the ECS Amazon Elastic Container Service label May 9, 2019
@pjelar
Copy link

pjelar commented May 29, 2019

Any update on this? I have a vpc endpoint with private DNS enable but I'm still unable to get logs.

@clareliguori
Copy link
Member

The latest ECS AMIs now include Docker 18.09.9-ce:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-ami-versions.html

@clareliguori
Copy link
Member

clareliguori commented Jan 29, 2020

Re-opening, my mistake: the task definition log driver options are validated in ECS, and do not yet allow awslogs-endpoint

@clareliguori clareliguori reopened this Jan 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ECS Amazon Elastic Container Service Proposed Community submitted issue
Projects
None yet
Development

No branches or pull requests

5 participants