You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
After @clareliguori helpfully pointed out that my issue #48 was mistaken and the issue was with the awslogs driver, I looked into the CloudWatch Logs VPCE support. Currently the only way to make it work is to update the VPC's DNS to point at the PrivateLink endpoint, which while fine for some situations, can be a bit coarse-grained for others (especially if there are nontrivial policies on the endpoint). As of a recent Docker (this commit adds it), the awslogs driver now supports the awslogs-endpoint configuration option, which would allow me to point my task directly at the logs VPCE that's appropriate for it. If I try to pass that into my task definition today, it tells me immediately that the option is invalid.
Are you currently working around this issue?
Just using DNS for the VPCE.
Edit: a broader way to phrase this might have been "Support Docker 18.09", as long as the front-end validation for the task definition schema notices that the new option is present 😄
The text was updated successfully, but these errors were encountered:
By default "Private DNS" is not enabled for Cloudwatch endpoint, In order to use Cloudwatch with fargate You would need to "Enable Private DNS Name" for com.amazonaws.eu-west-1.logs. Go to the Cloudwatch Endpoint in VPC console > Actions > Modify Private DNS name. Also, make sure you're using the latest Fargate platform Version.
Which service(s) is this request for?
Fargate, ECS
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
After @clareliguori helpfully pointed out that my issue #48 was mistaken and the issue was with the
awslogs
driver, I looked into the CloudWatch Logs VPCE support. Currently the only way to make it work is to update the VPC's DNS to point at the PrivateLink endpoint, which while fine for some situations, can be a bit coarse-grained for others (especially if there are nontrivial policies on the endpoint). As of a recent Docker (this commit adds it), theawslogs
driver now supports theawslogs-endpoint
configuration option, which would allow me to point my task directly at the logs VPCE that's appropriate for it. If I try to pass that into my task definition today, it tells me immediately that the option is invalid.Are you currently working around this issue?
Just using DNS for the VPCE.
Edit: a broader way to phrase this might have been "Support Docker 18.09", as long as the front-end validation for the task definition schema notices that the new option is present 😄
The text was updated successfully, but these errors were encountered: