是否可以在 ECS 任务定义中指定 CloudWatch 日志保留策略? 找不到任何相关文档。
ServiceTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
ExecutionRoleArn: !GetAtt EcsTaskExecutionRole.Arn
TaskRoleArn: !GetAtt EcsTaskRole.Arn
Cpu: !Ref TaskDefinitionCpu
Memory: !Ref TaskDefinitionMemory
NetworkMode: awsvpc
ContainerDefinitions:
- Name: !Join ['-', ['container', !Ref AWS::StackName]]
Image: !Ref EcrImage
PortMappings:
- ContainerPort: !Ref Port
HostPort: !Ref Port
Protocol: tcp
Essential: true
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Join ['', ['/ecs/', !Ref AWS::StackName]]
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: ecs
awslogs-create-group: true
# Retention policy ??
答案 0 :(得分:1)
There appears to be no support for specifying the retention policy when you "auto create" the log group in the Task Definition。但是,您可以带外创建您的日志组,并让您的任务定义使用它(而不是自动创建它)。当您显式创建日志组时(即在 AWS::Logs::LogGroup 定义中),可以定义保留策略。见here。
答案 1 :(得分:0)
同意其他答案,即 awslogs options 中没有指定日志保留的选项
我们需要创建并传递它:
CloudwatchLogsGroup:
Type: 'AWS::Logs::LogGroup'
Properties:
LogGroupName: !Sub '${AWS::StackName}-ECSLogGroup'
RetentionInDays: 14
容器定义:
ContainerTaskdefinition:
Type: 'AWS::ECS::TaskDefinition'
Properties:
Family: !Ref 'AWS::StackName'
ExecutionRoleArn: !Ref ECSTaskExecutionRole
TaskRoleArn: !Ref ECSTaskExecutionRole
Cpu: '256'
Memory: 1GB
NetworkMode: awsvpc
RequiresCompatibilities:
- EC2
- FARGATE
ContainerDefinitions:
- Name: !Ref 'AWS::StackName'
Cpu: 256
Essential: 'true'
Image: !Ref Image
Memory: '1024'
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref CloudwatchLogsGroup <-- refer to log group
awslogs-region: !Ref 'AWS::Region'
awslogs-stream-prefix: ecs
答案 2 :(得分:0)
与支持记录到 CloudWatch 日志的所有其他服务一样,如果您想在日志组上设置 KMS 加密和日志保留等内容,您必须首先使用所需的设置创建日志组,然后配置服务登录到该日志组。