• https://docs.docker.com/config/containers/logging/awslogs/
• https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatchlogs.html

Global default

/etc/docker/daemon.json:

{
  "log-driver": "awslogs",
  "log-opts": {
    "awslogs-region": "eu-west-2"
  }
}

Docker compose

myservice:
  logging:
    driver: awslogs
    options:
      awslogs-region: eu-west-2

Explicit invocation

docker run \
    --log-driver=awslogs \
    --log-opt awslogs-region=eu-west-2 \
    --log-opt awslogs-group=myLogGroup \
    --log-opt awslogs-stream=myContainerNameOrOmitForContainerId \
    --log-opt awslogs-create-group=true \

AWS IAM policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogStream",
        "logs:CreateLogGroup",
        "logs:PutLogEvents"
      ],
      "Effect": "Allow",
      "Resource": "arn:${Partition}:logs:${Region}:${Account}:log-group:${LogGroupName}/*"
    }
  ]
}