What’s AWS FireLens?

AWS FireLens is a log routing feature for Amazon ECS. It lets you use popular open-source logging projects Fluent Bit or Fluentd with Amazon ECS to route your logs to various AWS and partner monitoring solutions like Axiom without installing third-party agents on your tasks.

FireLens integrates with your Amazon ECS tasks and services seamlessly, so you can send logs from your containers to Axiom seamlessly.

Use AWS FireLens with Fluent Bit and Axiom

Here’s a basic configuration for using FireLens with Fluent Bit to forward logs to Axiom:

Fluent Bit configuration for Axiom

You’ll typically define this in a file called fluent-bit.conf:

[SERVICE]
    Log_Level info

[INPUT]
    Name forward
    Listen 0.0.0.0
    Port 24224

[OUTPUT]
    Name http
    Match *
    Host api.axiom.co
    Port 443
    URI /v1/datasets/$DATASET_NAME/ingest
    Format json_lines
    tls On
    format json
    json_date_key _time
    json_date_format iso8601
    # Authorization Bearer should be an API token
    Header Authorization Bearer xait-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx

ECS task definition with FireLens

You’ll want to include this within your ECS task definition, and reference the FireLens configuration type and options:

{
  "family": "myTaskDefinition",
  "containerDefinitions": [
    {
      "name": "log_router",
      "image": "amazon/aws-for-fluent-bit:latest",
      "essential": true,
      "firelensConfiguration": {
        "type": "fluentbit",
        "options": {
          "config-file-type": "file",
          "config-file-value": "/fluent-bit/etc/fluent-bit.conf"
        }
      }
    },
    {
      "name": "myApp",
      "image": "my-app-image",
      "logConfiguration": {
        "logDriver": "awsfirelens"
      }
    }
  ]
}

Use AWS FireLens with Fluentd and Axiom

Create the fluentd.conf file and add your configuration:

<source>
  @type forward
  port 24224
  bind 0.0.0.0
</source>

<match *>
  @type http
  # Authorization Bearer should be an ingest token
  headers {"Authorization": "Bearer <your-token>"}
  data_type json
  endpoint https://api.axiom.co/v1/datasets/$DATASET_NAME/ingest
  sourcetype ecs
</match>

ECS Task Definition for Fluentd

The task definition would be similar to the Fluent Bit example, but using Fluentd and its configuration:

{
  "family": "fluentdTaskDefinition",
  "containerDefinitions": [
    {
      "name": "log_router",
      "image": "YOUR_ECR_REPO_URI:latest", 
      "essential": true,
      "memory": 512,
      "cpu": 256,
      "firelensConfiguration": {
        "type": "fluentd",
        "options": {
          "config-file-type": "file",
          "config-file-value": "/path/to/your/fluentd.conf"
        }
      }
    },
    {
      "name": "myApp",
      "image": "my-app-image",
      "essential": true,
      "memory": 512,
      "cpu": 256,
      "logConfiguration": {
        "logDriver": "awsfirelens",
        "options": {
          "Name": "forward",
          "Host": "log_router",
          "Port": "24224"
        }
      }
    }
  ]
}

By efficiently routing logs with FireLens and analyzing them with Axiom, businesses and development teams can save on operational overheads and reduce time spent on troubleshooting.