Initial set of fluent bit examples

Author: PettitWesley

README.md

@@ -1,7 +1,84 @@
-## Amazon Ecs Firelens Examples
+## Amazon ECS FireLens Examples
 
 Sample logging architectures for FireLens on Amazon ECS and AWS Fargate.
 
+### Contributing
+
+We want examples of as many use cases in this repository as possible! Submit a Pull Request if you would like to add something.
+
+### Fluent Bit Examples
+
+* [Send to CloudWatch Logs](examples/fluent-bit/cloudwatchlogs)
+* [Send to Kinesis Data Firehose](examples/fluent-bit/kinesis-firehose)
+* [Enable Debug Logging](examples/fluent-bit/enable-debug-logging)
+* [Forward to a Fluentd or Fluent Bit Log Aggregator](examples/fluent-bit/forward-to-aggregator)
+* [Parse Serialized JSON](examples/fluent-bit/parse-json)
+* [Parse common log formats](examples/fluent-bit/parse-common-log-formats)
+* [Send to multiple destinations](examples/fluent-bit/send-to-multiple-destinations)
+* [Add custom metadata to logs](examples/fluent-bit/add-keys)
+
+### Fluentd Examples
+
+TODO
+
+### Setup for the examples
+
+Before you use FireLens, familiarize yourself with [Amazon ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_GetStarted_EC2.html) and with the [FireLens documentation](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html).
+
+In order to use these examples, you will need the following IAM resources:
+* A [Task IAM Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) with permissions to send logs to your log destination. Each of the examples in this repository that needs additional permissions has a sample policy.
+* A [Task Execution Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html). This role is used by the ECS Agent to make calls on your behalf. If you enable logging for your FireLens container with the [`awslogs` Docker Driver](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html), you will need permissions for CloudWatch. You also need to give it S3 permissions if you are pulling an external Fluent Bit or Fluentd configuration file from S3. See the the [FireLens documentation](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) for more.
+
+Here is an example inline policy with S3 access for FireLens:
+
+```
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::examplebucket/folder_name/config_file_name"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation"
+      ],
+      "Resource": [
+        "arn:aws:s3:::examplebucket"
+      ]
+    }
+  ]
+}
+```
+
+### Using the Examples
+
+You must update each Task Definition to reflect your own needs. Replace the IAM roles with your own roles. Update the log configuration with the values that you desire. And replace the app image with your own application image.
+
+Additionally, several of these examples use a custom Fluent Bit/Fluentd configuration file in S3. You must upload it to your own bucket, and change the S3 ARN in the example Task Definition.
+
+If you are using ECS on Fargate, then pulling a config file from S3 is not currently supported. Instead, you must create a custom Docker image with the config file.
+
+Dockerfile to add a custom configs:
+```
+FROM amazon/aws-for-fluent-bit:latest
+ADD extra.conf /extra.conf
+```
+
+Then update the `firelensConfiguration` `options` in the Task Definition to the following:
+```
+"options": {
+    "config-file-type": "file",
+    "config-file-value": "/extra.conf"
+}
+```
+
 ## License Summary
 
 This sample code is made available under the MIT-0 license. See the LICENSE file.

examples/fluent-bit/add-keys/README.md

@@ -0,0 +1,22 @@
+### FireLens Example: Adding Keys to the Log Events
+
+With the custom configuration file in this example, you can add a key to each log message. This is similar to how FireLens adds ECS Metadata to your logs.
+
+In this example, we add a field called `app-version`- this will allow us to correlate log messages with the version of our app that generated them. The App Version is set via an environment variable, which can be referenced in the Fluent Bit configuration file.
+
+Assuming ECS Log Metadata is enabled, the final log events in Firehose will look something like the following:
+```
+{
+    "source": "stdout",
+    "app-version": "v1.1.14",
+    "log": "172.17.0.1 - - [03/Oct/2019:00:06:20 +0000] \"GET / HTTP/1.1\" 200 612 \"-\" \"curl/7.54.0\" \"-\"",
+    "container_id": "e54cccfac2b87417f71877907f67879068420042828067ae0867e60a63529d35",
+    "container_name": "/ecs-demo-6-container2-a4eafbb3d4c7f1e16e00"
+    "ecs_cluster": "mycluster",
+    "ecs_task_arn": "arn:aws:ecs:us-east-2:01234567891011:task/mycluster/3de392df-6bfa-470b-97ed-aa6f482cd7a6",
+    "ecs_task_definition": "demo:7",
+    "ec2_instance_id": "i-06bc83dbc2ac2fdf8"
+}
+```
+
+Keys can be added and removed via the record_modifier filter- for more information see the [Fluent Bit documentation](https://fluentbit.io/documentation/0.12/filter/record_modifier.html).

examples/fluent-bit/add-keys/extra.conf

@@ -0,0 +1,4 @@
+[FILTER]
+    Name record_modifier
+    Match *
+    Record app-version ${APP_VERSION}

examples/fluent-bit/add-keys/permissions.json

@@ -0,0 +1,10 @@
+{
+	"Version": "2012-10-17",
+	"Statement": [{
+		"Effect": "Allow",
+		"Action": [
+			"firehose:PutRecordBatch",
+		],
+		"Resource": "*"
+	}]
+}

examples/fluent-bit/add-keys/task-definition.json

@@ -0,0 +1,49 @@
+{
+	"family": "firelens-example-firehose",
+	"taskRoleArn": "arn:aws:iam::XXXXXXXXXXXX:role/ecs_task_iam_role",
+	"executionRoleArn": "arn:aws:iam::XXXXXXXXXXXX:role/ecs_task_execution_role",
+	"containerDefinitions": [
+		{
+			"essential": true,
+			"image": "amazon/aws-for-fluent-bit:latest",
+			"name": "log_router",
+			"firelensConfiguration": {
+				"type": "fluentbit",
+				"options": {
+					"config-file-type": "s3",
+					"config-file-value": "arn:aws:s3:::yourbucket/yourdirectory/extra.conf"
+				}
+			},
+			"logConfiguration": {
+				"logDriver": "awslogs",
+				"options": {
+					"awslogs-group": "firelens-container",
+					"awslogs-region": "us-west-2",
+					"awslogs-create-group": "true",
+					"awslogs-stream-prefix": "firelens"
+				}
+			},
+			"environment": [
+				{
+					"name": "APP_VERSION",
+					"value": "v1.1.14"
+				}
+			],
+			"memoryReservation": 50
+		 },
+		 {
+			 "essential": true,
+			 "image": "httpd",
+			 "name": "app",
+			 "logConfiguration": {
+				 "logDriver":"awsfirelens",
+				 "options": {
+					"Name": "firehose",
+					"region": "us-west-2",
+					"delivery_stream": "my-stream"
+				}
+			},
+			"memoryReservation": 100
+		}
+	]
+}

examples/fluent-bit/cloudwatchlogs/README.md

@@ -0,0 +1,3 @@
+### FireLens Example: Logging to CloudWatch Logs with Fluent Bit
+
+For documentation on Fluent Bit & CloudWatch, see: [amazon-cloudwatch-logs-for-fluent-bit](https://github.com/aws/amazon-cloudwatch-logs-for-fluent-bit)

examples/fluent-bit/cloudwatchlogs/permissions.json

@@ -0,0 +1,13 @@
+{
+	"Version": "2012-10-17",
+	"Statement": [{
+		"Effect": "Allow",
+		"Action": [
+			"logs:CreateLogStream",
+			"logs:CreateLogGroup",
+			"logs:DescribeLogStreams",
+			"logs:PutLogEvents"
+		],
+		"Resource": "*"
+	}]
+}

examples/fluent-bit/cloudwatchlogs/task-definition.json

@@ -0,0 +1,41 @@
+{
+	"family": "firelens-example-cloudwatch",
+	"taskRoleArn": "arn:aws:iam::XXXXXXXXXXXX:role/ecs_task_iam_role",
+	"executionRoleArn": "arn:aws:iam::XXXXXXXXXXXX:role/ecs_task_execution_role",
+	"containerDefinitions": [
+		{
+			"essential": true,
+			"image": "906394416424.dkr.ecr.us-east-1.amazonaws.com/aws-for-fluent-bit:latest",
+			"name": "log_router",
+			"firelensConfiguration": {
+				"type": "fluentbit"
+			},
+			"logConfiguration": {
+				"logDriver": "awslogs",
+				"options": {
+					"awslogs-group": "firelens-container",
+					"awslogs-region": "us-west-2",
+					"awslogs-create-group": "true",
+					"awslogs-stream-prefix": "firelens"
+				}
+			},
+			"memoryReservation": 50
+		 },
+		 {
+			 "essential": true,
+			 "image": "nginx",
+			 "name": "app",
+			 "logConfiguration": {
+				 "logDriver":"awsfirelens",
+				 "options": {
+					"Name": "cloudwatch",
+					"region": "us-west-2",
+					"log_group_name": "firelens-fluent-bit",
+					"auto_create_group": "true",
+					"log_stream_prefix": "from-fluent-bit"
+				}
+			},
+			"memoryReservation": 100
+		}
+	]
+}

examples/fluent-bit/enable-debug-logging/README.md

@@ -0,0 +1,5 @@
+### FireLens Example: Enabling Debug Logging for Fluent Bit
+
+Log level can be set in the [Service](https://docs.fluentbit.io/manual/service) section of the Fluent Bit configuration file. This section is not used by FireLens; you can set it yourself using an external configuration file.
+
+To enable debug logging in the AWS Fluent Bit plugins; set the environment variable `FLB_LOG_LEVEL`. It can be set to `debug`, `info`, and `error`.

examples/fluent-bit/enable-debug-logging/extra.conf

@@ -0,0 +1,2 @@
+[SERVICE]
+    Log_Level debug

examples/fluent-bit/enable-debug-logging/permissions.json

@@ -0,0 +1,13 @@
+{
+	"Version": "2012-10-17",
+	"Statement": [{
+		"Effect": "Allow",
+		"Action": [
+			"logs:CreateLogStream",
+			"logs:CreateLogGroup",
+			"logs:DescribeLogStreams",
+			"logs:PutLogEvents"
+		],
+		"Resource": "*"
+	}]
+}

examples/fluent-bit/enable-debug-logging/task-definition.json

@@ -0,0 +1,48 @@
+{
+	"family": "firelens-example-debug",
+	"taskRoleArn": "arn:aws:iam::XXXXXXXXXXXX:role/ecs_task_iam_role",
+	"executionRoleArn": "arn:aws:iam::XXXXXXXXXXXX:role/ecs_task_execution_role",
+	"containerDefinitions": [
+		{
+			"essential": true,
+			"image": "906394416424.dkr.ecr.us-east-1.amazonaws.com/aws-for-fluent-bit:latest",
+			"name": "log_router",
+			"environment": [
+				{ "name": "FLB_LOG_LEVEL", "value": "debug" }
+			],
+			"firelensConfiguration": {
+				"type": "fluentbit",
+				"options": {
+					"config-file-type": "s3",
+					"config-file-value": "arn:aws:s3:::yourbucket/yourdirectory/extra.conf"
+				}
+			},
+			"logConfiguration": {
+				"logDriver": "awslogs",
+				"options": {
+					"awslogs-group": "firelens-container",
+					"awslogs-region": "us-west-2",
+					"awslogs-create-group": "true",
+					"awslogs-stream-prefix": "firelens"
+				}
+			},
+			"memoryReservation": 50
+		 },
+		 {
+			 "essential": true,
+			 "image": "nginx",
+			 "name": "app",
+			 "logConfiguration": {
+				 "logDriver":"awsfirelens",
+				 "options": {
+					"Name": "cloudwatch",
+					"region": "us-west-2",
+					"log_group_name": "firelens-fluent-bit",
+					"auto_create_group": "true",
+					"log_stream_prefix": "from-fluent-bit"
+				}
+			},
+			"memoryReservation": 100
+		}
+	]
+}

examples/fluent-bit/forward-to-aggregator/README.md

@@ -0,0 +1,3 @@
+### FireLens Example: Forward to an external Fluentd or Fluent Bit Log Aggregator
+
+You can use FireLens to forward logs to an external Fluentd or Fluent Bit host. For more information on log aggregation see [Building a scalable log aggregator with AWS Fargate, Fluentd, and Amazon Kinesis Data Firehose](https://aws.amazon.com/blogs/compute/building-a-scalable-log-solution-aggregator-with-aws-fargate-fluentd-and-amazon-kinesis-data-firehose/).

examples/fluent-bit/forward-to-aggregator/task-definition.json

@@ -0,0 +1,38 @@
+{
+	"family": "firelens-example-forward",
+	"executionRoleArn": "arn:aws:iam::XXXXXXXXXXXX:role/ecs_task_execution_role",
+	"containerDefinitions": [
+		{
+			"essential": true,
+			"image": "amazon/aws-for-fluent-bit:latest",
+			"name": "log_router",
+			"firelensConfiguration": {
+				"type": "fluentbit"
+			},
+			"logConfiguration": {
+				"logDriver": "awslogs",
+				"options": {
+					"awslogs-group": "firelens-container",
+					"awslogs-region": "us-west-2",
+					"awslogs-create-group": "true",
+					"awslogs-stream-prefix": "firelens"
+				}
+			},
+			"memoryReservation": 50
+		 },
+		 {
+			 "essential": true,
+			 "image": "httpd",
+			 "name": "app",
+			 "logConfiguration": {
+				 "logDriver":"awsfirelens",
+				 "options": {
+					"Name": "forward",
+					"Host": "fluentdhost",
+					"Port": "24224"
+				}
+			},
+			"memoryReservation": 100
+		}
+	]
+}

examples/fluent-bit/kinesis-firehose/README.md

@@ -0,0 +1,3 @@
+### FireLens Example: Logging to Kinesis Data Firehose with Fluent Bit
+
+For documentation on Fluent Bit & Firehose, see: [amazon-kinesis-firehose-for-fluent-bit](https://github.com/aws/amazon-kinesis-firehose-for-fluent-bit)

examples/fluent-bit/kinesis-firehose/permissions.json

@@ -0,0 +1,10 @@
+{
+	"Version": "2012-10-17",
+	"Statement": [{
+		"Effect": "Allow",
+		"Action": [
+			"firehose:PutRecordBatch",
+		],
+		"Resource": "*"
+	}]
+}