将 Docker 日志发送到 CloudWatch Logs

本方法适用于阿里云ECS，Azure、Google Cloud、Oracle Cloud等虚拟机，LightSail等VPS。

创建IAM用户

1. 访问类型 编程访问
2. 权限暂时留空
3. 保存AWS_ACCESS_KEY_ID和AWS_SECRET_ACCESS_KEY

添加内联策略

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

AWS EC2可以使用IAM角色代替IAM用户。

创建日志组

1. 选择 us-west-1 区域
2. 日志组名称 loggroupname

配置Ubuntu & Docker

sudo mkdir -p /etc/systemd/system/docker.service.d/
sudo vi /etc/systemd/system/docker.service.d/aws-credentials.conf

aws-credentials.conf

[Service]
Environment="AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxx"
Environment="AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

重新加载Docker

sudo systemctl daemon-reload
sudo systemctl restart docker

Docker Compose

docker-compose.yml

version: "3"
services:
  nginx:
    container_name: "nginx"
    image: nginx
    ports:
      - "80:80"
    restart: unless-stopped
    logging:
      driver: awslogs
      options:
        awslogs-region: us-west-1
        awslogs-group: loggroupname