Prerequisites
- AWS CLI configured
- Access to:
- AWS ECR
- AWS ECS (Fargate)
- AWS CloudWatch
- AWS VPC
- AWS ECR
Logging Setup Options
You can forward logs from ECS Fargate to Atatus with or without CloudWatch. Follow the appropriate setup based on your needs:
Option 1: Logs to Atatus + CloudWatch
Option 2: Logs to Atatus Only
Option 1: Forward Logs to Atatus and CloudWatch
This setup sends logs to both Atatus and CloudWatch Logs using a custom Fluent Bit image with dual outputs.
Step 1: Create ECS Task Definition
Replace the following placeholders with your actual values: <YOUR_REGION>, <YOUR_CLOUDWATCH_LOG_GROUP_NAME>, <YOUR_CONTAINER_NAME>, <YOUR_APP_IMAGE>, <YOUR_ATATUS_LICENCE_KEY>, <YOUR_SERVICE_NAME>, <YOUR_TASK_EXECUTION_ROLE>
{
"family": "atatus-fluentbit-with-cloudwatchlogs",
"containerDefinitions": [
{
"name": "log_router",
"image": "atatus/aws-ecs-fargate-fluent-bit:1.0.0",
"cpu": 0,
"memoryReservation": 50,
"portMappings": [],
"essential": true,
"environment": [
{ "name": "AWS_REGION", "value": "<YOUR_REGION>" },
{ "name": "LOG_GROUP_NAME", "value": "<YOUR_CLOUDWATCH_LOG_GROUP_NAME>" },
{ "name": "LOG_STREAM_PREFIX", "value": "ecs" }
],
"mountPoints": [],
"volumesFrom": [],
"user": "0",
"systemControls": [],
"firelensConfiguration": {
"type": "fluentbit",
"options": {
"enable-ecs-log-metadata": "true",
"config-file-type": "file",
"config-file-value": "/cloudwatch_logs.conf"
}
}
},
{
"name": "<YOUR_CONTAINER_NAME>",
"image": "<YOUR_APP_IMAGE>",
"cpu": 0,
"memoryReservation": 100,
"portMappings": [],
"essential": true,
"environment": [],
"mountPoints": [],
"volumesFrom": [],
"logConfiguration": {
"logDriver": "awsfirelens",
"options": {
"tls.verify": "off",
"Header": "x-atatus-ecs-awsfirelens <YOUR_ATATUS_LICENCE_KEY>:<YOUR_SERVICE_NAME>",
"Port": "443",
"Host": "log-rx.atatus.com",
"tls": "on",
"URI": "/track/logs/ingest",
"Name": "http",
"Format": "json_lines"
}
},
"systemControls": []
}
],
"taskRoleArn": "<YOUR_TASK_EXECUTION_ROLE>",
"executionRoleArn": "<YOUR_TASK_EXECUTION_ROLE>",
"networkMode": "awsvpc",
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "256",
"memory": "512"
}
Sample Data for Placeholders:
Use the below values as examples when replacing placeholders in your task definition:
<YOUR_REGION>– us-east-1<YOUR_CLOUDWATCH_LOG_GROUP_NAME>– ecs/app-logs<YOUR_CONTAINER_NAME>– my-app<YOUR_APP_IMAGE>– 123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:latest<YOUR_ATATUS_LICENCE_KEY>– lic_apm_**********************<YOUR_SERVICE_NAME>– test-service<YOUR_TASK_EXECUTION_ROLE>– arn:aws:iam::123456789012:role/ecsTaskExecutionRole
Step 2: Deploy Task in ECS
- Open ECS > Task Definitions in AWS Console
- Register the new task definition using the JSON above.
- Launch a task in a suitable Fargate cluster and subnet.
Verification
- CloudWatch Logs: Navigate to your configured log group and confirm log ingestion.
- Atatus: Go to your Atatus Logs Dashboard and confirm logs are visible.
Option 2: Forward Logs to Atatus Only
This lightweight version skips CloudWatch and sends logs directly to Atatus using the standard AWS Fluent Bit image.
Step 1: Create ECS Task Definition
Replace the following placeholders with your actual values: <YOUR_CONTAINER_NAME>, <YOUR_APP_IMAGE>, <YOUR_ATATUS_LICENCE_KEY>, <YOUR_SERVICE_NAME>, <YOUR_TASK_EXECUTION_ROLE>
{
"family": "atatus-fluentbit",
"containerDefinitions": [
{
"name": "log_router",
"image": "amazon/aws-for-fluent-bit:latest",
"memoryReservation": 50,
"essential": true,
"firelensConfiguration": {
"type": "fluentbit",
"options": {
"enable-ecs-log-metadata": "true"
}
}
},
{
"name": "<YOUR_CONTAINER_NAME>",
"image": "<YOUR_APP_IMAGE>",
"memoryReservation": 100,
"essential": true,
"logConfiguration": {
"logDriver": "awsfirelens",
"options": {
"Name": "http",
"Host": "log-rx.atatus.com",
"Port": "443",
"tls": "on",
"tls.verify": "off",
"URI": "/track/logs/ingest",
"Format": "json_lines",
"Header": "x-atatus-ecs-awsfirelens <YOUR_ATATUS_LICENCE_KEY>:<YOUR_SERVICE_NAME>"
}
}
}
],
"executionRoleArn": "<YOUR_TASK_EXECUTION_ROLE>",
"taskRoleArn": "<YOUR_TASK_EXECUTION_ROLE>",
"networkMode": "awsvpc",
"requiresCompatibilities": ["FARGATE"],
"cpu": "256",
"memory": "512"
}
Sample Data for Placeholders:
Use the below values as examples when replacing placeholders in your task definition:
<YOUR_CONTAINER_NAME>– my-app<YOUR_APP_IMAGE>– 123456789012.dkr.ecr.us-east-1.amazonaws.com/my-app:latest<YOUR_ATATUS_LICENCE_KEY>– lic_apm_**********************<YOUR_SERVICE_NAME>– test-service<YOUR_TASK_EXECUTION_ROLE>– arn:aws:iam::123456789012:role/ecsTaskExecutionRole
Step 2: Deploy the Task
Follow the same deployment steps as in Option 1.
Verification
Atatus: Go to your Atatus Logs Dashboard and confirm logs are visible.
+1-415-800-4104