AWS FireLens (AWS for Fluent Bit) から転送されたログをAWS Data Firehoseの動的パーティショニングを使ってS3バケットに出力してみた
コストがかかっても設定をシンプルにしたい時に
2026.01.13
コンテナ名や標準出力/標準エラーごとにプレフィックスを設定したい
こんにちは、のんピ(@non____97)です。
皆さんはECS上で動作しているコンテナから出力するログオブジェクトにコンテナ名や標準出力/標準エラーごとにプレフィックスを設定したいなと思ったことはありますか? 私はあります。
ECS上で動作しているコンテナのログ出力にAWS FireLens (特にAWS for Fluent Bit) を使っていることが多いのではないでしょうか。AWS FireLensそのものについては以下記事をご覧ください。
その際に、Data Firehose経由でS3バケットにログを出力することが多いでしょう。
Data FirehoseとS3バケットの関係性はn:1です。一つのS3バケットで複数のData Firehoseからの出力を受け付けることはできても、一つのData Firehoseから複数のS3バケットに配信することはできません。つまり、S3バケットをコンテナ名や標準出力/標準エラーごとに分けたい場合はData Firehoseを配信先のS3バケット数だけ用意する必要があります。なかなかに面倒です。
そもそもバケット自体を分けるのではなくプレフィックスが分かれていればログ分析上問題ないケースもあります。
こんな時に便利なのがData Firehoseには動的パーティショニングという、入力されたデータのキーに応じてパーティショニングする機能です。
今回はこちらの機能を用いてコンテナ名や標準出力/標準エラーごとにプレフィックスを設定します。
いきなりまとめ
- Data Firehoseで動的パーティショニングを使用することで、コンテナ名や標準出力/標準エラーのログごとにプレフィックスを設定することが可能
- 動的パーティショニングを使用する際は入力データが暗号化されていない必要がある
- Fluent Bitから転送されるデータはData Firehose側で解凍できない
- 動的パーティショニング利用時は追加料金が発生する
やってみた
検証環境
検証環境は以下のとおりです。
Nginxで動作するwebコンテナとExpressで動作するappコンテナ、Fluent BitのlogRouterコンテナの3つのコンテナを1タスクで動作させています。
コンテナから出力するログは以下のとおりです。
- CloudWatch Logsには 5xx エラーもしくは標準エラーに出力されたもののみ転送する
- それ以外のログは転送しない
- Data Firehoseには全てのログを転送する
- Data Firehoseに転送されたログをS3バケットに転送する
- 転送する際にログレコード単位で動的パーティショニングにより以下プレフィックスを付与する
- クラスター名
- コンテナ名
- 標準出力 / 標準エラー
- 転送する際にログレコード単位で動的パーティショニングにより以下プレフィックスを付与する
- ALBのヘルスチェックログは転送しない
Fluent Bitの設定ファイルはS3バケットに配置したものをタスク起動時に読み込ませています。
リソースは全てAWS CDKで作成しています。
AWS CDKのコードは以下GitHubリポジトリに保存しています。
ちなみに検証には関係ないですが、ECSネイティブなBlue/Greenデプロイを使用しています。
ECSネイティブなBlue/Greenデプロイについては以下記事が参考になります。
Fluent Bitの設定
Fluent Bitの設定は以下のとおりです。
# ref : 詳解 FireLens – Amazon ECS タスクで高度なログルーティングを実現する機能を深く知る | Amazon Web Services ブログ https://aws.amazon.com/jp/blogs/news/under-the-hood-firelens-for-amazon-ecs-tasks/
# ref : aws-for-fluent-bit/use_cases/init-process-for-fluent-bit/README.md at mainline · aws/aws-for-fluent-bit https://github.com/aws/aws-for-fluent-bit/blob/mainline/use_cases/init-process-for-fluent-bit/README.md
[SERVICE]
Flush 1
Grace 30
Parsers_File /fluent-bit/parsers/parsers.conf
# appコンテナのログにマルチラインパーサーを適用
# Loggerとしてpinoを使用して構造化ログとして出力させているため、今回は効果を発揮しない
# ref : Multiline parsing | Fluent Bit: Official Manual https://docs.fluentbit.io/manual/data-pipeline/parsers/multiline-parsing
# ref : 複数行またはスタックトレースの Amazon ECS ログメッセージの連結 - Amazon Elastic Container Service https://docs.aws.amazon.com/ja_jp/AmazonECS/latest/developerguide/firelens-concatanate-multiline.html
[FILTER]
Name multiline
Match app-firelens*
multiline.key_content log
multiline.parser nodejs_stacktrace
# appコンテナのログをJSONとしてパース
# タイムスタンプはISO 8601形式でそのまま保持(json_without_timeパーサーを使用)
# そのままデフォルトのパーサーを使用すると、以下のようにパースに失敗する
# [2026/01/13 01:47:55.17286147] [error] [parser] cannot parse '2026-01-13T01:47:53.124Z'
# [2026/01/13 01:47:55.17313453] [ warn] [parser:json] invalid time format %d/%b/%Y:%H:%M:%S %z for '2026-01-13T01:47:53.124Z'
# ref : JSON format | Fluent Bit: Official Manual https://docs.fluentbit.io/manual/data-pipeline/parsers/json
[FILTER]
Name parser
Match app-firelens-*
Key_Name log
Parser json_without_time
Reserve_Data On
# webコンテナのログをパース
# Nginxを使用しているためNginxのパーサーを使用して、構造化ログに
[FILTER]
Name parser
Match web-firelens-*
Key_Name log
Parser nginx
Reserve_Data On
# webコンテナのログからELBヘルスチェック時のログ除外
# User agentで判定
[FILTER]
Name grep
Match web-firelens-*
Exclude agent ELB-HealthChecker/2\.0
# エラーログにタグを付与
# ステータスコードが5xxまたはstderrのログに付与
# マルチラインパーサーの無限ループ防止のため、すでに5xxまたはstderrのタグが付いているタグを除外
[FILTER]
Name rewrite_tag
Match_Regex ^(?!5xx\.)(?!stderr\.).*-firelens-.*
Rule $code ^5\d{2}$ 5xx.$TAG false
Rule $source ^stderr$ stderr.$TAG false
Emitter_Name re_emitted
# 全てのログをFirehoseへ出力
# Data Firehose側での動的パーティショニングを行うため圧縮はしない
# Data Firehose側で解凍処理も可能だが、追加料金がかかる and データソースがCloudWatch Logsのみ
# ref : Amazon Kinesis Data Firehose | Fluent Bit: Official Manual https://docs.fluentbit.io/manual/data-pipeline/outputs/firehose
# ref : CloudWatch Logs を解凍する - Amazon Data Firehose https://docs.aws.amazon.com/ja_jp/firehose/latest/dev/writing-with-cloudwatch-logs-decompression.html
[OUTPUT]
Name kinesis_firehose
Match *-firelens-*
delivery_stream ${FIREHOSE_DELIVERY_STREAM_NAME}
region ${AWS_REGION}
time_key datetime
time_key_format %Y-%m-%dT%H:%M:%S.%3NZ
# 先頭が 5xx もしくは stderr のタグが付与されているログのみCloudWatch Logsへ出力
# ref : Amazon CloudWatch | Fluent Bit: Official Manual https://docs.fluentbit.io/manual/data-pipeline/outputs/cloudwatch
[OUTPUT]
Name cloudwatch_logs
Match_Regex ^(5xx\.|stderr\.).*
region ${AWS_REGION}
log_group_name ${LOG_GROUP_NAME}
log_stream_prefix error/
コメントにも記載している内容と重複している箇所は多分にありますが、2点ほど補足します。
まずはマルチラインパースについてです。
マルチラインパースを設定しない場合は複数行に渡って出力されるログにおいて別々のログレコードとして扱われてしまいます。
例として、スタックトレースを標準エラーに出力する場合は以下のようになってしまいます。
これを一つのログレコードとしてまとめる場合はマルチラインパースを設定する必要があります。
マルチラインパースの定義をすることで、先ほどと同様のスタックトレースを出力しても以下のように一レコードにまとめてくれるようになります。
{
"source": "stderr",
"log": "Error occurred: Error: Application crash test - intentional exception\n at /app/dist/index.js:31:11\n at Layer.handle [as handle_request] (/app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/layer.js:95:5)\n at next (/app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/route.js:149:13)\n at Route.dispatch (/app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/route.js:119:3)\n at Layer.handle [as handle_request] (/app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/layer.js:95:5)\n at /app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/index.js:284:15\n at router.process_params (/app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/index.js:346:12)\n at next (/app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/index.js:280:10)\n at jsonParser (/app/node_modules/.pnpm/body-parser@1.20.4/node_modules/body-parser/lib/types/json.js:113:7)\n at Layer.handle [as handle_request] (/app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/layer.js:95:5)",
"container_id": "528f646ff4fe4121a956655e0ace9fbf-0527074092",
"container_name": "app",
"ecs_cluster": "EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-epLX4z5zAaJW",
"ecs_task_arn": "arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-epLX4z5zAaJW/528f646ff4fe4121a956655e0ace9fbf",
"ecs_task_definition": "EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:41"
}
また、マルチラインパースとタグの書き換えは注意する必要があります。
いずれの処理についても、一致するレコードがある場合は処理した上でレコードをパイプラインの最初から流し直します。
Since concatenated records are re-emitted to the head of the Fluent Bit log pipeline, you can not configure multiple multiline filter definitions that match the same tags. This will cause an infinite loop in the Fluent Bit pipeline; to use multiple parsers on the same logs, configure a single filter definitions with a comma separated list of parsers for multiline.parser.
If a match exists, a new record with the defined tag will be emitted, entering from the beginning of the pipeline.
この時何もケアしなければ以下のように無限にタグ付けが行われます。
[2026/01/12 07:37:23.242765947] [ info] [output:cloudwatch_logs:cloudwatch_logs.2] worker #0 started
[2026/01/12 07:37:23.244713295] [ info] [filter:multiline:multiline.1] created new multiline stream for forward.1_web-firelens-f7dfbc99c1b94c65a482b821be43d931
[2026/01/12 07:37:23.332780754] [ info] [filter:multiline:multiline.1] created new multiline stream for emitter.4_stderr.web-firelens-f7dfbc99c1b94c65a482b821be43d931
[2026/01/12 07:37:23.357757006] [ info] [filter:multiline:multiline.1] created new multiline stream for emitter.4_stderr.stderr.web-firelens-f7dfbc99c1b94c65a482b821be43d931
[2026/01/12 07:37:23.432707103] [ info] [filter:multiline:multiline.1] created new multiline stream for emitter.4_stderr.stderr.stderr.web-firelens-f7dfbc99c1b94c65a482b821be43d931
[2026/01/12 07:37:23.533335129] [ info] [filter:multiline:multiline.1] created new multiline stream for emitter.4_stderr.stderr.stderr.stderr.web-firelens-f7dfbc99c1b94c65a482b821be43d931
[2026/01/12 07:37:23.634320181] [ info] [filter:multiline:multiline.1] created new multiline stream for emitter.4_stderr.stderr.stderr.stderr.stderr.web-firelens-f7dfbc99c1b94c65a482b821be43d931
[2026/01/12 07:37:23.657779036] [ info] [filter:multiline:multiline.1] created new multiline stream for emitter.4_stderr.stderr.stderr.stderr.stderr.stderr.web-firelens-f7dfbc99c1b94c65a482b821be43d931
[2026/01/12 07:37:23.732856352] [ info] [filter:multiline:multiline.1] created new multiline stream for emitter.4_stderr.stderr.stderr.stderr.stderr.stderr.stderr.web-firelens-f7dfbc99c1b94c65a482b821be43d931
[2026/01/12 07:37:23.833637772] [ info] [filter:multiline:multiline.1] created new multiline stream for emitter.4_stderr.stderr.stderr.stderr.stderr.stderr.stderr.stderr.web-firelens-f7dfbc99c1b94c65a482b821be43d931
.
.
(以下略)
.
.
そのため、既にタグ付けを行ったものについてはタグ付けを行わないようにしてあげる必要があります。
続いて、Data Firehoseに出力する際の圧縮設定です。
Data Firehoseで動的パーティショニングを使用する際にログが圧縮されていると、以下エラーを出力します。
{
"deliveryStreamARN": "arn:aws:firehose:us-east-1:<AWSアカウントID>:deliverystream/EcsNativeBlueGreenStack-FirelensConstructDeliverySt-5Fd6Ax8joVeT",
"destination": "arn:aws:s3:::ecsnativebluegreenstack-firelensconstructfirelensl-eugekn8iuojm",
"deliveryStreamVersionId": 1,
"message": "Only UTF-8 encoded data is supported for dynamic partitioning records.",
"errorCode": "DynamicPartitioning.MetadataExtractionFailed"
}
Data Firehose側で解凍することも可能なのですが、これは入力データがCloudWatch Logsからの場合のみ使用できます。
この解凍機能は CloudWatch Logs 専用です。
Fluent Bitコンテナから圧縮されたデータをData Firehoseで解凍しようとすると、以下のようにエラーログが出力されます。
[2026/01/11 07:43:07.129220889] [error] [output:kinesis_firehose:kinesis_firehose.1] PutRecordBatch API responded with error='InvalidSourceException', message='Put to Firehose failed for AccountId: <AWSアカウントID>, FirehoseName: EcsNativeBlueGreenStack-FirelensConstruct2DeliveryS-8twIJFWLTkcR because the request is not originating from CloudWatch.'
[2026/01/11 07:43:07.129315758] [error] [output:kinesis_firehose:kinesis_firehose.1] Failed to send log records to EcsNativeBlueGreenStack-FirelensConstruct2DeliveryS-8twIJFWLTkcR
[2026/01/11 07:43:07.129370445] [error] [output:kinesis_firehose:kinesis_firehose.1] Failed to send log records
[2026/01/11 07:43:07.129411537] [error] [output:kinesis_firehose:kinesis_firehose.1] Failed to send records
ということでData Firehoseで動的パーティショニングを使用する場合はFluent Bit側で圧縮をしないようにする必要があります。圧縮しない分インターネットへのアウトバウンドデータ転送量は増大するため、コストは十分に勘案する必要があります。
Data Firehoseの設定
続いてData Firehoseの設定です。
と言っても、特別なことは動的パーティショニングの設定をしている程度です。
Fluent Bitコンテナから転送されてくるログレコードに含まれるキーを用いて動的にパーティショニングを行います。
なお、動的パーティショニングは以下のとおり追加の課金が発生します。
| 項目 | 料金 |
|---|---|
| 動的パーティショニングを通じて処理される GB あたり | USD 0.032 |
| 配信された 1,000 S3 オブジェクトあたり | USD 0.008 |
| JQ 処理、1 時間あたり (オプション) | USD 0.112 |
抜粋 : Amazon Data Firehose の料金 - ストリーミングデータパイプライン - Amazon Web Services
利用する場合はコストメリットを勘案しましょう。
ちなみにJQ 処理時間はミリ秒単位で計測されます。CloudWatchメトリクスでの確認も可能です。
ログの確認
デプロイ後ログを確認してみましょう。ちなみにデプロイ完了までは8分ほどかかります。
Fluent Bitのコンテナで出力されたログは以下のとおりです。
time="2026-01-13T02:11:03Z" level=info msg="[FluentBit Init Process] Using /init/ directory"
time="2026-01-13T02:11:04Z" level=info msg="[FluentBit Init Process] Command is change to -> exec /fluent-bit/bin/fluent-bit -e /fluent-bit/firehose.so -e /fluent-bit/cloudwatch.so -e /fluent-bit/kinesis.so -c /init/fluent-bit-init.conf -R /init/fluent-bit-init-s3-files/parsers_custom.conf"
Fluent Bit v4.2.0
* Copyright (C) 2015-2025 The Fluent Bit Authors
* Fluent Bit is a CNCF graduated project under the Fluent organization
* https://fluentbit.io
______ _ _ ______ _ _ ___ _____
| ___| | | | | ___ (_) | / | / __ \
| |_ | |_ _ ___ _ __ | |_ | |_/ /_| |_ __ __/ /| | `' / /'
| _| | | | | |/ _ \ '_ \| __| | ___ \ | __| \ \ / / /_| | / /
| | | | |_| | __/ | | | |_ | |_/ / | |_ \ V /\___ |_./ /___
\_| |_|\__,_|\___|_| |_|\__| \____/|_|\__| \_/ |_(_)_____/
Fluent Bit v4.2 – Direct Routes Ahead
Celebrating 10 Years of Open, Fluent Innovation!
[2026/01/13 02:11:05.348542021] [ info] [fluent bit] version=4.2.0, commit=6bc014390c, pid=1
[2026/01/13 02:11:05.349680343] [ info] [storage] ver=1.5.4, type=memory, sync=normal, checksum=off, max_chunks_up=128
[2026/01/13 02:11:05.349703350] [ info] [simd ] NEON
[2026/01/13 02:11:05.349708134] [ info] [cmetrics] version=1.0.5
[2026/01/13 02:11:05.349712080] [ info] [ctraces ] version=0.6.6
[2026/01/13 02:11:05.349771002] [ info] [input:tcp:tcp.0] initializing
[2026/01/13 02:11:05.349775080] [ info] [input:tcp:tcp.0] storage_strategy='memory' (memory only)
[2026/01/13 02:11:05.352037290] [ info] [input:forward:forward.1] initializing
[2026/01/13 02:11:05.352049869] [ info] [input:forward:forward.1] storage_strategy='memory' (memory only)
[2026/01/13 02:11:05.434523788] [ info] [input:forward:forward.1] listening on unix:///var/run/fluent.sock
[2026/01/13 02:11:05.434579911] [ info] [input:forward:forward.2] initializing
[2026/01/13 02:11:05.434584884] [ info] [input:forward:forward.2] storage_strategy='memory' (memory only)
[2026/01/13 02:11:05.434668380] [ info] [input:forward:forward.2] listening on 127.0.0.1:24224
[2026/01/13 02:11:05.436467383] [ info] [filter:multiline:multiline.1] created emitter: emitter_for_multiline.1
[2026/01/13 02:11:05.436547564] [ info] [input:emitter:emitter_for_multiline.1] initializing
[2026/01/13 02:11:05.436552602] [ info] [input:emitter:emitter_for_multiline.1] storage_strategy='memory' (memory only)
[2026/01/13 02:11:05.439972285] [ info] [input:emitter:re_emitted] initializing
[2026/01/13 02:11:05.439986767] [ info] [input:emitter:re_emitted] storage_strategy='memory' (memory only)
[2026/01/13 02:11:05.442199049] [ info] [output:null:null.0] worker #0 started
[2026/01/13 02:11:05.736466293] [ info] [output:kinesis_firehose:kinesis_firehose.1] worker #0 started
[2026/01/13 02:11:05.838503424] [ info] [sp] stream processor started
[2026/01/13 02:11:05.838715643] [ info] [engine] Shutdown Grace Period=30, Shutdown Input Grace Period=15
[2026/01/13 02:11:05.838921355] [ info] [output:cloudwatch_logs:cloudwatch_logs.2] worker #0 started
[2026/01/13 02:11:08.36003901] [ info] [filter:multiline:multiline.1] created new multiline stream for forward.1_app-firelens-77b881471b7a4fd1964a5728045f91d4
[2026/01/13 02:11:15.34126726] [ info] [output:cloudwatch_logs:cloudwatch_logs.2] Creating log stream error/stderr.web-firelens-77b881471b7a4fd1964a5728045f91d4 in log group EcsNativeBlueGreenStack-FirelensConstructFirelensLogGroupD186C82F-SOCfyAcw6rYI
[2026/01/13 02:11:15.79337117] [ info] [output:cloudwatch_logs:cloudwatch_logs.2] Created log stream error/stderr.web-firelens-77b881471b7a4fd1964a5728045f91d4
特にエラーは出力されていないですね。
Fluent BitコンテナにECS Execで接続して、こちらからもファイルが読みまれていることを確認します。
sh-5.2# ls -l /init/
total 12556
drwx------ 2 root root 4096 Jan 13 02:55 fluent-bit-init-s3-files
-rw-r--r-- 1 root root 92 Jan 13 02:55 fluent-bit-init.conf
-rwxr-xr-x 1 root root 469 Dec 11 00:03 fluent_bit_init_entrypoint.sh
-rwxr-xr-x 1 root root 12840923 Dec 11 00:21 fluent_bit_init_process
-rw-r--r-- 1 root root 812 Jan 13 02:55 invoke_fluent_bit.sh
sh-5.2# ls -l /init/fluent-bit-init-s3-files/
total 12
-rw-r--r-- 1 root root 4452 Jan 13 02:55 extra.conf
-rw-r--r-- 1 root root 1113 Jan 13 02:55 parsers_custom.conf
sh-5.2# cat /init/invoke_fluent_bit.sh
export FLB_AWS_USER_AGENT=ecs-init
export AWS_REGION=us-east-1
export AWS_AVAILABILITY_ZONE=us-east-1a
export ECS_CLUSTER=EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW
export ECS_TASK_ARN=arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/42ebd04c6d0742db89902add05453e0e
export ECS_TASK_ID=42ebd04c6d0742db89902add05453e0e
export ECS_FAMILY=EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2
export ECS_LAUNCH_TYPE=FARGATE
export ECS_REVISION=44
export ECS_TASK_DEFINITION=EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44
exec /fluent-bit/bin/fluent-bit -e /fluent-bit/firehose.so -e /fluent-bit/cloudwatch.so -e /fluent-bit/kinesis.so -c /init/fluent-bit-init.conf -R /init/fluent-bit-init-s3-files/parsers_custom.confsh-5.2#
sh-5.2# cat /init/fluent-bit-init.conf
@INCLUDE /fluent-bit/etc/fluent-bit.conf
@INCLUDE /init/fluent-bit-init-s3-files/extra.conf
実際にALBにアクセスしてみて、ログを出力させます。
> curl http://EcsNat-AlbCo-Hr2NUSBWWUwg-200082953.us-east-1.elb.amazonaws.com
Blue 1
> curl http://EcsNat-AlbCo-Hr2NUSBWWUwg-200082953.us-east-1.elb.amazonaws.com/404
404
> curl http://EcsNat-AlbCo-Hr2NUSBWWUwg-200082953.us-east-1.elb.amazonaws.com/502
50x
> curl http://EcsNat-AlbCo-Hr2NUSBWWUwg-200082953.us-east-1.elb.amazonaws.com/app/
{"message":"Hello from Express App!","version":"1.0.0","timestamp":"2026-01-13T02:13:17.262Z"}%
> curl http://EcsNat-AlbCo-Hr2NUSBWWUwg-200082953.us-east-1.elb.amazonaws.com/app/health/
{"status":"OK","timestamp":"2026-01-13T02:13:23.442Z"}%
> curl http://EcsNat-AlbCo-Hr2NUSBWWUwg-200082953.us-east-1.elb.amazonaws.com/app/error/
{"error":"Internal Server Error"}%
> curl http://EcsNat-AlbCo-Hr2NUSBWWUwg-200082953.us-east-1.elb.amazonaws.com/app/crash/
{"error":"Internal Server Error"}%
ロググループを確認してみます。
ログストリームが作成されていることが分かりますね。
webコンテナの5xxエラーのログストリームは以下が記録されていました。
error/5xx.web-firelens-9fd8807b844b41fd94c010f98a845590
{
"remote": "10.10.10.15",
"host": "-",
"user": "-",
"method": "GET",
"path": "/502",
"code": "502",
"size": "4",
"referer": "-",
"agent": "curl/8.7.1",
"container_name": "web",
"source": "stdout",
"container_id": "9fd8807b844b41fd94c010f98a845590-0265927825",
"ecs_cluster": "EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW",
"ecs_task_arn": "arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/9fd8807b844b41fd94c010f98a845590",
"ecs_task_definition": "EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44"
}
{
"remote": "10.10.10.15",
"host": "-",
"user": "-",
"method": "GET",
"path": "/app/error/",
"code": "500",
"size": "33",
"referer": "-",
"agent": "curl/8.7.1",
"container_id": "9fd8807b844b41fd94c010f98a845590-0265927825",
"container_name": "web",
"source": "stdout",
"ecs_cluster": "EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW",
"ecs_task_arn": "arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/9fd8807b844b41fd94c010f98a845590",
"ecs_task_definition": "EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44"
}
error/5xx.web-firelens-77b881471b7a4fd1964a5728045f91d4
{
"remote": "10.10.10.15",
"host": "-",
"user": "-",
"method": "GET",
"path": "/app/crash/",
"code": "500",
"size": "33",
"referer": "-",
"agent": "curl/8.7.1",
"container_id": "77b881471b7a4fd1964a5728045f91d4-0265927825",
"container_name": "web",
"source": "stdout",
"ecs_cluster": "EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW",
"ecs_task_arn": "arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/77b881471b7a4fd1964a5728045f91d4",
"ecs_task_definition": "EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44"
}
続いて、appコンテナのログストリームです。
error/stderr.app-firelens-9fd8807b844b41fd94c010f98a845590
{
"level": "error",
"time": "2026-01-13T02:13:29.921Z",
"pid": 52,
"hostname": "ip-10-10-10-108.ec2.internal",
"req": {
"id": 16,
"method": "GET",
"url": "/error/",
"query": {},
"params": {},
"headers": {
"host": "ecsnat-albco-hr2nusbwwuwg-200082953.us-east-1.elb.amazonaws.com",
"x-real-ip": "10.10.10.15",
"x-forwarded-for": "<送信元IPアドレス>, 10.10.10.15",
"x-forwarded-proto": "http",
"connection": "close",
"x-forwarded-port": "80",
"x-amzn-trace-id": "Root=1-6965aa49-1c4c17b62659f1ca0185de1e",
"accept": "*/*",
"user-agent": "curl/8.7.1"
},
"remoteAddress": "127.0.0.1",
"remotePort": 33326
},
"msg": "Intentional error endpoint triggered",
"container_name": "app",
"source": "stderr",
"container_id": "9fd8807b844b41fd94c010f98a845590-0527074092",
"ecs_cluster": "EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW",
"ecs_task_arn": "arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/9fd8807b844b41fd94c010f98a845590",
"ecs_task_definition": "EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44"
}
{
"level": "error",
"time": "2026-01-13T02:13:29.922Z",
"pid": 52,
"hostname": "ip-10-10-10-108.ec2.internal",
"req": {
"id": 16,
"method": "GET",
"url": "/error/",
"query": {},
"params": {},
"headers": {
"host": "ecsnat-albco-hr2nusbwwuwg-200082953.us-east-1.elb.amazonaws.com",
"x-real-ip": "10.10.10.15",
"x-forwarded-for": "<送信元IPアドレス>, 10.10.10.15",
"x-forwarded-proto": "http",
"connection": "close",
"x-forwarded-port": "80",
"x-amzn-trace-id": "Root=1-6965aa49-1c4c17b62659f1ca0185de1e",
"accept": "*/*",
"user-agent": "curl/8.7.1"
},
"remoteAddress": "127.0.0.1",
"remotePort": 33326
},
"res": {
"statusCode": 500,
"headers": {
"x-powered-by": "Express",
"content-type": "application/json; charset=utf-8",
"content-length": "33",
"etag": "W/\"21-Fau8GdrOCOyGNNH/IiTxy2DuMu0\""
}
},
"err": {
"type": "Error",
"message": "failed with status code 500",
"stack": "Error: failed with status code 500\n at onResFinished (/app/node_modules/.pnpm/pino-http@11.0.0/node_modules/pino-http/logger.js:115:39)\n at ServerResponse.onResponseComplete (/app/node_modules/.pnpm/pino-http@11.0.0/node_modules/pino-http/logger.js:178:14)\n at ServerResponse.emit (node:events:520:35)\n at onFinish (node:_http_outgoing:1026:10)\n at callback (node:internal/streams/writable:764:21)\n at afterWrite (node:internal/streams/writable:708:5)\n at afterWriteTick (node:internal/streams/writable:694:10)\n at process.processTicksAndRejections (node:internal/process/task_queues:88:21)"
},
"responseTime": 1,
"msg": "request errored",
"container_id": "9fd8807b844b41fd94c010f98a845590-0527074092",
"container_name": "app",
"source": "stderr",
"ecs_cluster": "EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW",
"ecs_task_arn": "arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/9fd8807b844b41fd94c010f98a845590",
"ecs_task_definition": "EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44"
}
error/stderr.app-firelens-77b881471b7a4fd1964a5728045f91d4
{
"level": "error",
"time": "2026-01-13T02:13:37.367Z",
"pid": 51,
"hostname": "ip-10-10-10-87.ec2.internal",
"req": {
"id": 17,
"method": "GET",
"url": "/crash/",
"query": {},
"params": {},
"headers": {
"host": "ecsnat-albco-hr2nusbwwuwg-200082953.us-east-1.elb.amazonaws.com",
"x-real-ip": "10.10.10.15",
"x-forwarded-for": "<送信元IPアドレス>, 10.10.10.15",
"x-forwarded-proto": "http",
"connection": "close",
"x-forwarded-port": "80",
"x-amzn-trace-id": "Root=1-6965aa51-79e20bda03bf75e663cd4774",
"accept": "*/*",
"user-agent": "curl/8.7.1"
},
"remoteAddress": "127.0.0.1",
"remotePort": 33360
},
"msg": "Crash endpoint triggered - throwing exception",
"source": "stderr",
"container_id": "77b881471b7a4fd1964a5728045f91d4-0527074092",
"container_name": "app",
"ecs_cluster": "EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW",
"ecs_task_arn": "arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/77b881471b7a4fd1964a5728045f91d4",
"ecs_task_definition": "EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44"
}
{
"level": "error",
"time": "2026-01-13T02:13:37.368Z",
"pid": 51,
"hostname": "ip-10-10-10-87.ec2.internal",
"req": {
"id": 17,
"method": "GET",
"url": "/crash/",
"query": {},
"params": {},
"headers": {
"host": "ecsnat-albco-hr2nusbwwuwg-200082953.us-east-1.elb.amazonaws.com",
"x-real-ip": "10.10.10.15",
"x-forwarded-for": "<送信元IPアドレス>, 10.10.10.15",
"x-forwarded-proto": "http",
"connection": "close",
"x-forwarded-port": "80",
"x-amzn-trace-id": "Root=1-6965aa51-79e20bda03bf75e663cd4774",
"accept": "*/*",
"user-agent": "curl/8.7.1"
},
"remoteAddress": "127.0.0.1",
"remotePort": 33360
},
"err": {
"type": "Error",
"message": "Application crash test - intentional exception",
"stack": "Error: Application crash test - intentional exception\n at /app/dist/index.js:52:11\n at Layer.handle [as handle_request] (/app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/layer.js:95:5)\n at next (/app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/route.js:149:13)\n at Route.dispatch (/app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/route.js:119:3)\n at Layer.handle [as handle_request] (/app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/layer.js:95:5)\n at /app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/index.js:284:15\n at router.process_params (/app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/index.js:346:12)\n at next (/app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/index.js:280:10)\n at jsonParser (/app/node_modules/.pnpm/body-parser@1.20.4/node_modules/body-parser/lib/types/json.js:113:7)\n at Layer.handle [as handle_request] (/app/node_modules/.pnpm/express@4.22.1/node_modules/express/lib/router/layer.js:95:5)"
},
"msg": "Error occurred",
"container_id": "77b881471b7a4fd1964a5728045f91d4-0527074092",
"container_name": "app",
"source": "stderr",
"ecs_cluster": "EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW",
"ecs_task_arn": "arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/77b881471b7a4fd1964a5728045f91d4",
"ecs_task_definition": "EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44"
}
{
"level": "error",
"time": "2026-01-13T02:13:37.369Z",
"pid": 51,
"hostname": "ip-10-10-10-87.ec2.internal",
"req": {
"id": 17,
"method": "GET",
"url": "/crash/",
"query": {},
"params": {},
"headers": {
"host": "ecsnat-albco-hr2nusbwwuwg-200082953.us-east-1.elb.amazonaws.com",
"x-real-ip": "10.10.10.15",
"x-forwarded-for": "<送信元IPアドレス>, 10.10.10.15",
"x-forwarded-proto": "http",
"connection": "close",
"x-forwarded-port": "80",
"x-amzn-trace-id": "Root=1-6965aa51-79e20bda03bf75e663cd4774",
"accept": "*/*",
"user-agent": "curl/8.7.1"
},
"remoteAddress": "127.0.0.1",
"remotePort": 33360
},
"res": {
"statusCode": 500,
"headers": {
"x-powered-by": "Express",
"content-type": "application/json; charset=utf-8",
"content-length": "33",
"etag": "W/\"21-Fau8GdrOCOyGNNH/IiTxy2DuMu0\""
}
},
"err": {
"type": "Error",
"message": "failed with status code 500",
"stack": "Error: failed with status code 500\n at onResFinished (/app/node_modules/.pnpm/pino-http@11.0.0/node_modules/pino-http/logger.js:115:39)\n at ServerResponse.onResponseComplete (/app/node_modules/.pnpm/pino-http@11.0.0/node_modules/pino-http/logger.js:178:14)\n at ServerResponse.emit (node:events:520:35)\n at onFinish (node:_http_outgoing:1026:10)\n at callback (node:internal/streams/writable:764:21)\n at afterWrite (node:internal/streams/writable:708:5)\n at afterWriteTick (node:internal/streams/writable:694:10)\n at process.processTicksAndRejections (node:internal/process/task_queues:88:21)"
},
"responseTime": 2,
"msg": "request errored",
"container_id": "77b881471b7a4fd1964a5728045f91d4-0527074092",
"container_name": "app",
"source": "stderr",
"ecs_cluster": "EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW",
"ecs_task_arn": "arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/77b881471b7a4fd1964a5728045f91d4",
"ecs_task_definition": "EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44"
}
HTTPステータスコードが200や404および、標準出力に出力されるようなログは記録されていないことが分かります。
S3バケットに出力されたログも確認します。
$ s3-tree ecsnativebluegreenstack-firelensconstructfirelensl-gzxbdpjgby6a
ecsnativebluegreenstack-firelensconstructfirelensl-gzxbdpjgby6a
└── ecs
└── EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW
├── app
│ ├── stderr
│ │ └── 2026
│ │ └── 01
│ │ └── 13
│ │ └── 02
│ │ └── EcsNativeBlueGreenStack-FirelensConstructDeliverySt-dTlJGXeFAPqL-1-2026-01-13-02-11-17-c55ff2b2-1cfa-32a7-92da-64ab0335dc7f.gz
│ └── stdout
│ └── 2026
│ └── 01
│ └── 13
│ ├── 01
│ │ ├── EcsNativeBlueGreenStack-FirelensConstructDeliverySt-dTlJGXeFAPqL-1-2026-01-13-01-41-16-1c53fbfc-604a-389e-a7cc-dc049009380f.gz
│ │ └── EcsNativeBlueGreenStack-FirelensConstructDeliverySt-dTlJGXeFAPqL-1-2026-01-13-01-47-52-3c14a0b7-70c8-3b8e-ab7c-5b12b646697f.gz
│ └── 02
│ └── EcsNativeBlueGreenStack-FirelensConstructDeliverySt-dTlJGXeFAPqL-1-2026-01-13-02-11-09-f5cfe4ed-c010-3d4e-85ac-178aabccf3fd.gz
└── web
├── stderr
│ └── 2026
│ └── 01
│ └── 13
│ ├── 01
│ │ ├── EcsNativeBlueGreenStack-FirelensConstructDeliverySt-dTlJGXeFAPqL-1-2026-01-13-01-41-23-d2b54d1e-4a47-3842-a1e0-b4fea572f72d.gz
│ │ ├── EcsNativeBlueGreenStack-FirelensConstructDeliverySt-dTlJGXeFAPqL-1-2026-01-13-01-47-59-35d32f31-bbba-3d1c-8c2a-f6fd50f49234.gz
│ │ └── EcsNativeBlueGreenStack-FirelensConstructDeliverySt-dTlJGXeFAPqL-1-2026-01-13-01-55-54-1047eed6-f2e5-3223-ad9a-0d4ee07e94d9.gz
│ └── 02
│ └── EcsNativeBlueGreenStack-FirelensConstructDeliverySt-dTlJGXeFAPqL-1-2026-01-13-02-11-05-242e6452-6def-3fb2-918b-58f938409302.gz
└── stdout
└── 2026
└── 01
└── 13
├── 01
│ ├── EcsNativeBlueGreenStack-FirelensConstructDeliverySt-dTlJGXeFAPqL-1-2026-01-13-01-41-23-fa58382b-e0c6-39b3-bf60-f3ab909d637b.gz
│ ├── EcsNativeBlueGreenStack-FirelensConstructDeliverySt-dTlJGXeFAPqL-1-2026-01-13-01-47-58-dbfa4ec1-6f38-34ce-bb11-0b85d225f9f3.gz
│ └── EcsNativeBlueGreenStack-FirelensConstructDeliverySt-dTlJGXeFAPqL-1-2026-01-13-01-54-12-ec9a1011-a154-3ffb-9dc0-9a8949aa5774.gz
└── 02
└── EcsNativeBlueGreenStack-FirelensConstructDeliverySt-dTlJGXeFAPqL-1-2026-01-13-02-11-14-82947da5-cb2f-3588-ba5a-1811812140e6.gz
27 directories, 12 files
意図したパーティションでログオブジェクトが配置されていることが分かります。
いくつかログオブジェクトの中身を確認します。
s3://ecsnativebluegreenstack-firelensconstructfirelensl-gzxbdpjgby6a/ecs/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/app/stdout/2026/01/13/02/EcsNativeBlueGreenStack-FirelensConstructDeliverySt-dTlJGXeFAPqL-1-2026-01-13-02-11-09-f5cfe4ed-c010-3d4e-85ac-178aabccf3fd.gz
{"log":"> express-app@1.0.0 start","container_id":"9fd8807b844b41fd94c010f98a845590-0527074092","container_name":"app","source":"stdout","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/9fd8807b844b41fd94c010f98a845590","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:11:06.124Z"}
{"container_id":"9fd8807b844b41fd94c010f98a845590-0527074092","container_name":"app","source":"stdout","log":"> node dist/index.js","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/9fd8807b844b41fd94c010f98a845590","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:11:06.124Z"}
{"log":"> express-app@1.0.0 start","container_id":"77b881471b7a4fd1964a5728045f91d4-0527074092","container_name":"app","source":"stdout","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/77b881471b7a4fd1964a5728045f91d4","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:11:07.951Z"}
{"log":"> node dist/index.js","container_id":"77b881471b7a4fd1964a5728045f91d4-0527074092","container_name":"app","source":"stdout","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/77b881471b7a4fd1964a5728045f91d4","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:11:07.951Z"}
.
.
(中略)
.
.
{"level":"info","time":"2026-01-13T02:13:17.263Z","pid":52,"hostname":"ip-10-10-10-108.ec2.internal","req":{"id":14,"method":"GET","url":"/","query":{},"params":{},"headers":{"host":"ecsnat-albco-hr2nusbwwuwg-200082953.us-east-1.elb.amazonaws.com","x-real-ip":"10.10.10.15","x-forwarded-for":"<送信元IPアドレス>, 10.10.10.15","x-forwarded-proto":"http","connection":"close","x-forwarded-port":"80","x-amzn-trace-id":"Root=1-6965aa3d-3d260f5e76850a987ffa47d9","accept":"*/*","user-agent":"curl/8.7.1"},"remoteAddress":"127.0.0.1","remotePort":38058},"res":{"statusCode":200,"headers":{"x-powered-by":"Express","content-type":"application/json; charset=utf-8","content-length":"94","etag":"W/\"5e-O/8HdaxtKyCXqKYVKKpPkWacGqA\""}},"responseTime":1,"msg":"request completed","container_id":"9fd8807b844b41fd94c010f98a845590-0527074092","container_name":"app","source":"stdout","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/9fd8807b844b41fd94c010f98a845590","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:13:17.264Z"}
{"level":"info","time":"2026-01-13T02:13:23.443Z","pid":51,"hostname":"ip-10-10-10-87.ec2.internal","req":{"id":14,"method":"GET","url":"/health/","query":{},"params":{},"headers":{"host":"ecsnat-albco-hr2nusbwwuwg-200082953.us-east-1.elb.amazonaws.com","x-real-ip":"10.10.10.15","x-forwarded-for":"<送信元IPアドレス>, 10.10.10.15","x-forwarded-proto":"http","connection":"close","x-forwarded-port":"80","x-amzn-trace-id":"Root=1-6965aa43-348d27b371a109f85abafea1","accept":"*/*","user-agent":"curl/8.7.1"},"remoteAddress":"127.0.0.1","remotePort":54660},"res":{"statusCode":200,"headers":{"x-powered-by":"Express","content-type":"application/json; charset=utf-8","content-length":"54","etag":"W/\"36-n9Ru6qezZksGM5kL2Ao9Zqd+oek\""}},"responseTime":1,"msg":"request completed","container_id":"77b881471b7a4fd1964a5728045f91d4-0527074092","container_name":"app","source":"stdout","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/77b881471b7a4fd1964a5728045f91d4","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:13:23.444Z"}
.
.
(中略)
.
.
{"level":"error","time":"2026-01-13T02:13:37.367Z","pid":51,"hostname":"ip-10-10-10-87.ec2.internal","req":{"id":17,"method":"GET","url":"/crash/","query":{},"params":{},"headers":{"host":"ecsnat-albco-hr2nusbwwuwg-200082953.us-east-1.elb.amazonaws.com","x-real-ip":"10.10.10.15","x-forwarded-for":"<送信元IPアドレス>, 10.10.10.15","x-forwarded-proto":"http","connection":"close","x-forwarded-port":"80","x-amzn-trace-id":"Root=1-6965aa51-79e20bda03bf75e663cd4774","accept":"*/*","user-agent":"curl/8.7.1"},"remoteAddress":"127.0.0.1","remotePort":33360},"msg":"Crash endpoint triggered - throwing exception","container_name":"app","source":"stdout","container_id":"77b881471b7a4fd1964a5728045f91d4-0527074092","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/77b881471b7a4fd1964a5728045f91d4","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:13:37.367Z"}
s3://ecsnativebluegreenstack-firelensconstructfirelensl-gzxbdpjgby6a/ecs/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/web/stdout/2026/01/13/02/EcsNativeBlueGreenStack-FirelensConstructDeliverySt-dTlJGXeFAPqL-1-2026-01-13-02-11-14-82947da5-cb2f-3588-ba5a-1811812140e6.gz
{"container_name":"web","source":"stdout","log":"/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration","container_id":"9fd8807b844b41fd94c010f98a845590-0265927825","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/9fd8807b844b41fd94c010f98a845590","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:11:13.227Z"}
{"source":"stdout","log":"/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh","container_id":"9fd8807b844b41fd94c010f98a845590-0265927825","container_name":"web","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/9fd8807b844b41fd94c010f98a845590","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:11:13.231Z"}
{"container_name":"web","source":"stdout","log":"/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh","container_id":"9fd8807b844b41fd94c010f98a845590-0265927825","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/9fd8807b844b41fd94c010f98a845590","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:11:13.242Z"}
.
.
(中略)
.
.
{"container_name":"web","source":"stdout","log":"/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/","container_id":"77b881471b7a4fd1964a5728045f91d4-0265927825","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/77b881471b7a4fd1964a5728045f91d4","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:11:14.272Z"}
{"container_name":"web","source":"stdout","log":"10-listen-on-ipv6-by-default.sh: info: IPv6 listen already enabled","container_id":"77b881471b7a4fd1964a5728045f91d4-0265927825","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/77b881471b7a4fd1964a5728045f91d4","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:11:14.284Z"}
{"log":"/docker-entrypoint.sh: Configuration complete; ready for start up","container_id":"77b881471b7a4fd1964a5728045f91d4-0265927825","container_name":"web","source":"stdout","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/77b881471b7a4fd1964a5728045f91d4","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:11:14.337Z"}
{"remote":"10.10.10.15","host":"-","user":"-","method":"GET","path":"/","code":"200","size":"7","referer":"-","agent":"curl/8.7.1","container_name":"web","source":"stdout","container_id":"77b881471b7a4fd1964a5728045f91d4-0265927825","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/77b881471b7a4fd1964a5728045f91d4","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:12:40.000Z"}
{"remote":"10.10.10.15","host":"-","user":"-","method":"GET","path":"/","code":"200","size":"7","referer":"-","agent":"Wget","container_id":"77b881471b7a4fd1964a5728045f91d4-0265927825","container_name":"web","source":"stdout","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/77b881471b7a4fd1964a5728045f91d4","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:12:48.000Z"}
{"remote":"10.10.10.62","host":"-","user":"-","method":"GET","path":"/404","code":"404","size":"4","referer":"-","agent":"curl/8.7.1","container_id":"9fd8807b844b41fd94c010f98a845590-0265927825","container_name":"web","source":"stdout","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/9fd8807b844b41fd94c010f98a845590","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:12:59.000Z"}
{"remote":"10.10.10.15","host":"-","user":"-","method":"GET","path":"/502","code":"502","size":"4","referer":"-","agent":"curl/8.7.1","container_name":"web","source":"stdout","container_id":"9fd8807b844b41fd94c010f98a845590-0265927825","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/9fd8807b844b41fd94c010f98a845590","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:13:04.000Z"}
.
.
(中略)
.
.
{"remote":"10.10.10.15","host":"-","user":"-","method":"GET","path":"/favicon.ico","code":"404","size":"4","referer":"-","agent":"'Mozilla/5.0 (compatible; GenomeCrawlerd/1.0; +https://www.nokia.com/genomecrawler)'","container_name":"web","source":"stdout","container_id":"77b881471b7a4fd1964a5728045f91d4-0265927825","ecs_cluster":"EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW","ecs_task_arn":"arn:aws:ecs:us-east-1:<AWSアカウントID>:task/EcsNativeBlueGreenStack-EcsConstructCluster14AE103B-Z9XJhNsj5dEW/77b881471b7a4fd1964a5728045f91d4","ecs_task_definition":"EcsNativeBlueGreenStackEcsConstructTaskDefinitionF683F4B2:44","datetime":"2026-01-13T02:14:39.000Z"}
CloudWatch Logsでは確認できなかった標準出力のログについても確認できました。
1レコードあたりのサイズが大きいので、プレフィックスやログストリームと重複している情報があるのであれば、実際に運用する際は以下のようにキーを削除するのもアリです。
[FILTER]
Name record_modifier
Match *
Remove_key container_name
Remove_key container_id
Remove_key ecs_cluster
Remove_key ecs_task_arn
Remove_key ecs_task_definition
Remove_key source
コストがかかっても設定をシンプルにしたい時に
AWS FireLens (AWS for Fluent Bit) から転送されたログをAWS Data Firehoseの動的パーティショニングを使ってS3バケットに出力してみました。
多少コストがかかっても設定をシンプルにしたい場合や、用意するData Firehoseのストリーム数を減らしたい場合は選択肢に入りそうです。
この記事が誰かの助けになれば幸いです。
以上、クラウド事業本部 コンサルティング部の のんピ(@non____97)でした!
