Explore documentation
  1. Welcome to Telemetry👋
  2. Quick start guide
  3. Log libraries
    1. Programming languages
    2. Cloud platforms
      1. Heroku
      2. Vercel
      3. Render
      4. Digital Ocean
      5. AWS
        1. Amazon CloudWatch
        2. Amazon ECS
        3. Amazon EKS
        4. AWS Elastic Load Balancing
        5. AWS Fargate
        6. AWS Lambda
      6. Cloudflare
    3. Web servers & Load balancers
    4. Operating systems
    5. Databases & Message queues
    6. Containers & Clusters
    7. HTTP REST API
  4. Metrics
    1. Vector (Recommended)
    2. Prometheus (push)
    3. Prometheus (scrape)
    4. Datadog Agent
    5. OpenTelemetry
  5. Log Forwarding
    1. Vector (Recommended)
    2. Fluent Bit
    3. Logstash
    4. Fluentd
    5. Filebeat
    6. Syslog
  6. Dashboards
    1. Getting started
    2. Converting logs to metrics
    3. SQL queries
    4. Simplified PromQL
    5. Alerts
    6. How do we bill for metrics?
    7. Transforming with JavaScript
  7. Using Logs
    1. Querying data in Better Stack
    2. String + JSON format
    3. Formatting logs
    4. Live tail query language
    5. Explore logs with SQL
    6. AWS S3-compatible archive
  8. Telemetry API
    1. Get started with Telemetry API
    2. Sources API
    3. Metrics API
    4. Query API

Better Stack AWS Fargate logging

Start logging in 12 minutes

Collect logs from your AWS Fargate cluster to Better Stack.

Create AWS Kinesis Data Firehose delivery stream

In AWS Console → Amazon Kinesis → Data Firehose → Create delivery stream, create a new delivery stream with these settings:

  • Source: Direct PUT
  • Destination: HTTP Endpoint
  • Delivery stream name: better-stack-firehose
  • HTTP endpoint URL: https://in.logs.betterstack.com/aws-firehose
  • Access key: your Better Stack source token

Get your Better Stack source token for new or existing sources at Better Stack → Sources.

You can also enable GZIP compression, setup Amazon S3 backup bucket, or additional custom parameters in your Firehose delivery stream settings.

After creation, you can run Test with demo data in the delivery stream detail page. You should see the demo logs in Better Stack → Live tail.

It may take few minutes for demo logs to propagate to Better Stack.

Create ConfigMap defining logs setup

Save the following YAML config to a file named aws-observability.yaml.

Replace cluster-region with the region code of your cluster (eg. us-east-1).

aws-observability.yaml
kind: Namespace
apiVersion: v1
metadata:
  name: aws-observability
  labels:
    aws-observability: enabled

---

kind: ConfigMap
apiVersion: v1
metadata:
  name: aws-logging
  namespace: aws-observability
data:
  filters.conf: |
    [FILTER]
      Name parser
      Match *
      Key_name log
      Parser crio
    [FILTER]
      Name kubernetes
      Match kube.*
      Merge_Log On
      Keep_Log Off
      Buffer_Size 0
      Kube_Meta_Cache_TTL 300s
  output.conf: |
    [OUTPUT]
      Name  kinesis_firehose
      Match *

      region cluster-region

      delivery_stream better-stack-firehose
  parsers.conf: |
    [PARSER]
      Name crio
      Format Regex
      Regex ^(?<time>[^ ]+) (?<stream>stdout|stderr) (?<logtag>P|F) (?<log>.*)$
      Time_Key    time
      Time_Format %Y-%m-%dT%H:%M:%S.%L%z

Then apply the manifest to your cluster:

Applying manifest
kubectl apply -f aws-observability.yaml

Configure IAM policy in your cluster

First, download the AWS Kinesis Data Firehose IAM policy which allows logging into the delivery stream:

Download IAM policy file
curl https://raw.githubusercontent.com/aws-samples/amazon-eks-fluent-logging-examples/mainline/examples/fargate/kinesis-firehose/permissions.json \
  -o kinesis-firehose-logging-iam-policy.json

Create an IAM policy from the policy file:

Create an IAM policy
aws iam create-policy --policy-name kinesis-firehose-logging-iam-policy \
  --policy-document file://kinesis-firehose-logging-iam-policy.json

Attach the policy to your Pod execution role.

Replace FargatePodExecutionRole with your Pod execution role name. You can find it in your Fargate profile details in EKS Cluster → Compute tab → Fargate profiles.

Attach IAM policy to Pod execution role
AWS_ACCOUNT_ID="$(aws sts get-caller-identity --query "Account" --output text)"
aws iam attach-role-policy \
  --policy-arn arn:aws:iam::${AWS_ACCOUNT_ID}:policy/kinesis-firehose-logging-iam-policy \

  --role-name FargatePodExecutionRole

Restart pods in your cluster

To enable logging in a pod, it needs to be restarted.

You can restart your deployments via kubectl rollout restart deployment/<deployment-name> or kubectl rollout restart deployments.

To check if a pod has logging enabled, run kubectl describe:

Example output of kubectl describe
$ kubectl describe pods/sample-app-97bfb67f7-8hq6l
Name:                 sample-app-97bfb67f7-8hq6l
Namespace:            default
  ...
Annotations:          CapacityProvisioned: 0.25vCPU 0.5GB

                      Logging: LoggingEnabled

                      kubectl.kubernetes.io/restartedAt: 2023-09-05T17:02:29+02:00
  ...
Events:
  Type    Reason          Age    From               Message
  ----    ------          ----   ----               -------

  Normal  LoggingEnabled  3m41s  fargate-scheduler  Successfully enabled logging for pod

  Normal  Scheduled       2m53s  fargate-scheduler  Successfully assigned default/sample-app-97bfb67f7-8hq6l to fargate-ip-10-0-128-131.eu-north-1.compute.internal

You should see your logs in Better Stack → Live tail.

It may take few minutes for your logs to propagate to Better Stack.

Need help?

Please let us know at hello@betterstack.com.
We're happy to help! 🙏

Additional information

Interested in learning more about logging in Amazon Fargate clusters?
Head over to official AWS Fargate logging.

Previous article

AWS Elastic Load Balancing

Next article

Better Stack AWS Lambda logging