AWS Cloudwatch logs with Docker Container - NoCredentialProviders: no valid providers in chain

后端 未结 1 1015
日久生厌
日久生厌 2021-02-19 15:47

My docker-compose file:

version: \'2\'
services:
  scraper:
    build: ./Scraper/
    logging:
      driver: \"awslogs\"
      options:
         awslogs-region:          


        
1条回答
  •  -上瘾入骨i
    2021-02-19 16:17

    I figured out. When rolling your own EC2 instance (without using automated solutions like Beanstalk), you need to assign a role to your EC2 instance so it will be able to communicate with other AWS services.

    The policy is the one that Docker docs provide in https://docs.docker.com/engine/admin/logging/awslogs/

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": [
            "logs:CreateLogStream",
            "logs:PutLogEvents"
          ],
          "Effect": "Allow",
          "Resource": "*"
        }
      ]
    }
    

    then you need to attach this policy to a role

    the role is the first one called "Amazon EC2" that reads "Allows EC2 instances to call AWS services on your behalf."

    Since you are limiting your access only to CloudWatch, you're good to go. Then, in your EC2 listing, attach the role to your instance using "Attach/Replace IAM Role":

    You should be good to go!

    0 讨论(0)
提交回复
热议问题