Explore documentation
  1. Welcome to Telemetry πŸ‘‹
  2. Quick start guide
  3. Wide events vs. time series
  4. Ingesting data
    1. Better Stack collector
    2. Vector
    3. OpenTelemetry
    4. Ingesting via HTTP API
    5. Ingesting metrics
    6. Ingesting logs
      1. Docker & Kubernetes
      2. Operating systems
      3. Log forwarders
      4. Programming languages
      5. Cloud platforms
        1. AWS
          1. Getting started
          2. Amazon CloudWatch
          3. Amazon ECS
          4. Amazon EKS
          5. AWS Elastic Load Balancing
          6. AWS Fargate
          7. AWS Lambda
          8. AWS Direct Connect
        2. Azure
        3. Cloudflare
        4. Google
        5. Digital Ocean
        6. Heroku
        7. Vercel
        8. Render
        9. Fly.io
      6. Web servers & Load balancers
      7. Databases & queues
      8. Storage
    7. Migrating to Better Stack
  5. Using the product
    1. AI SRE β†—
    2. MCP server β†—
    3. Transforming ingested data
    4. Querying data
    5. Tracing
    6. Alerts
  6. Telemetry API
    1. Getting an API token
    2. Sources API
    3. Source groups API
    4. Metrics API
    5. Connections API
    6. Query API β†—
  7. Alternative to
    1. Lightstep

Better Stack AWS Fargate logging

Start logging in 12 minutes

Collect logs from your AWS Fargate cluster to Better Stack.

Create AWS Kinesis Data Firehose delivery stream

In AWS Console β†’ Kinesis β†’ Data Firehose β†’ Create delivery stream, create a new delivery stream with these settings:

Delivery stream configuration
Source:               Direct PUT
Destination:          HTTP Endpoint
Delivery stream name: better-stack-firehose
HTTP endpoint URL:    https://$INGESTING_HOST/aws-firehose
Access key:           $SOURCE_TOKEN


You can also enable GZIP compression, setup Amazon S3 backup bucket, or additional custom parameters in your Firehose delivery stream settings.

After creation, you can run Test with demo data in the delivery stream detail page. You should see the demo logs in Better Stack β†’ Logs & traces.

It may take few minutes for demo logs to propagate to Better Stack.

Create ConfigMap defining logs setup

Save the following YAML config to a file named aws-observability.yaml.

Replace cluster-region with the region code of your cluster (eg. us-east-1).

aws-observability.yaml
kind: Namespace
apiVersion: v1
metadata:
  name: aws-observability
  labels:
    aws-observability: enabled

---

kind: ConfigMap
apiVersion: v1
metadata:
  name: aws-logging
  namespace: aws-observability
data:
  filters.conf: |
    [FILTER]
      Name parser
      Match *
      Key_name log
      Parser crio
    [FILTER]
      Name kubernetes
      Match kube.*
      Merge_Log On
      Keep_Log Off
      Buffer_Size 0
      Kube_Meta_Cache_TTL 300s
  output.conf: |
    [OUTPUT]
      Name  kinesis_firehose
      Match *

      region cluster-region

      delivery_stream better-stack-firehose
  parsers.conf: |
    [PARSER]
      Name crio
      Format Regex
      Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>P|F) (?<log>.*)$
      Time_Key    time
      Time_Format %Y-%m-%dT%H:%M:%S.%L%z

Then apply the manifest to your cluster:

Applying manifest
kubectl apply -f aws-observability.yaml

Configure IAM policy in your cluster

First, download the AWS Kinesis Data Firehose IAM policy which allows logging into the delivery stream:

Download IAM policy file
curl https://raw.githubusercontent.com/aws-samples/amazon-eks-fluent-logging-examples/mainline/examples/fargate/kinesis-firehose/permissions.json \
  -o kinesis-firehose-logging-iam-policy.json

Create an IAM policy from the policy file:

Create an IAM policy
aws iam create-policy --policy-name kinesis-firehose-logging-iam-policy \
  --policy-document file://kinesis-firehose-logging-iam-policy.json

Attach the policy to your Pod execution role.

Replace FargatePodExecutionRole with your Pod execution role name. You can find it in your Fargate profile details in EKS Cluster β†’ Compute tab β†’ Fargate profiles.

Attach IAM policy to Pod execution role
AWS_ACCOUNT_ID="$(aws sts get-caller-identity --query "Account" --output text)"
aws iam attach-role-policy \
  --policy-arn arn:aws:iam::${AWS_ACCOUNT_ID}:policy/kinesis-firehose-logging-iam-policy \

  --role-name FargatePodExecutionRole

Restart pods in your cluster

To enable logging in a pod, it needs to be restarted.

You can restart your deployments via kubectl rollout restart deployment/<deployment-name> or kubectl rollout restart deployments.

To check if a pod has logging enabled, run kubectl describe:

Example output of kubectl describe
$ kubectl describe pods/sample-app-97bfb67f7-8hq6l
Name:                 sample-app-97bfb67f7-8hq6l
Namespace:            default
  ...
Annotations:          CapacityProvisioned: 0.25vCPU 0.5GB

                      Logging: LoggingEnabled

                      kubectl.kubernetes.io/restartedAt: 2023-09-05T17:02:29+02:00
  ...
Events:
  Type    Reason          Age    From               Message
  ----    ------          ----   ----               -------

  Normal  LoggingEnabled  3m41s  fargate-scheduler  Successfully enabled logging for pod

  Normal  Scheduled       2m53s  fargate-scheduler  Successfully assigned default/sample-app-97bfb67f7-8hq6l to fargate-ip-10-0-128-131.eu-north-1.compute.internal

You should see your logs in Better Stack β†’ Live tail.

It may take few minutes for your logs to propagate to Better Stack.

Need help?

Please let us know at hello@betterstack.com.
We're happy to help! πŸ™

Additional information

Interested in learning more about logging in Amazon Fargate clusters?
Head over to official AWS Fargate logging.

Previous article

AWS Elastic Load Balancing

Next article

Better Stack AWS Lambda logging