How to send application logs from docker to cloudwatch

Build containers with the Cloudwatch Agent installed; to do this you will need a Dockerfile. Amazon even has docs specifically for this.

You will need to make sure your base container is either Debian or RHEL based (Amazon docs seem to only support these types of distros with the agent); for example, Debian based systems will have the agent installed with:

curl https://s3.amazonaws.com//aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O

So, you will need to execute the above when you build the container.

Details for installation are here.

You mentioned IAM policy concerns; Amazons example policy is below; you will need to make sure that your containers have access.

{    "Version": "2012-10-17",    "Statement": [        {            "Effect": "Allow",            "Action": [                "logs:CreateLogGroup",                "logs:CreateLogStream",                "logs:PutLogEvents",                "logs:DescribeLogStreams"            ],            "Resource": [                "arn:aws:logs:*:*:*"            ]        },        {            "Effect": "Allow",            "Action": [                "s3:GetObject"            ],            "Resource": [                "arn:aws:s3:::myawsbucket/*"            ]        }    ]}

Someone on GitHub has done this already:

FROM ubuntu:latestMAINTAINER Ryuta Otaki <otaki.ryuta@classmethod.jp>, Sergey Zhukov <sergey@jetbrains.com>...RUN apt-get install -q -y python python-pip wgetRUN cd / ; wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py

I highly suggest you follow their lead; use Ubuntu and follow the docs. Don't re-invent the wheel.

This question sounds similar with How to Send Kubernetes Logs to AWS CloudWatch?. Kubernetes does not support the custom log-driver like docker supports. You could use fluentd to send the logs to cloudwatch.