AWS Cloudwatch logs with Docker Container - NoCredentialProviders: no valid providers in chain

Question

My docker-compose file:

version: \'2\'
services:
  scraper:
    build: ./Scraper/
    logging:
      driver: \"awslogs\"
      options:
         awslogs-region:          


        

Answer 1

I figured out. When rolling your own EC2 instance (without using automated solutions like Beanstalk), you need to assign a role to your EC2 instance so it will be able to communicate with other AWS services.

The policy is the one that Docker docs provide in https://docs.docker.com/engine/admin/logging/awslogs/

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

then you need to attach this policy to a role

the role is the first one called "Amazon EC2" that reads "Allows EC2 instances to call AWS services on your behalf."

Since you are limiting your access only to CloudWatch, you're good to go. Then, in your EC2 listing, attach the role to your instance using "Attach/Replace IAM Role":

You should be good to go!