How to configure Fluent Bit to send EKS EC2 logs to CloudWatch on AWS

How to configure Fluent Bit to send EKS EC2 logs to CloudWatch on AWS

Fluent Bit is a high-performance and lightweight open-source log processor and forwarder. It’s designed to collect, process, and forward logs and other data in a variety of formats. When Fluent Bit used in AWS Elastic Kubernetes Service (EKS), it works as important and powerful for collecting and managing logs within AWS Kubernetes clusters.

In today’s tutorial, we will learn how we can configure the Fluent Bit on EKS to collect and forward the CloudWatch with easy and simple steps.

Read Also: Application Load Balancer on Amazon EKS


  • Full access of AWS account (Root Access)
  • Up and Running EKS cluster
  • An Application must be deployed on the EKS

Assign EC2 Group of EKS to Access AWS CloudWatch

Before deploying the Fluent Bit on EKS, We need to allow permission on EC2 group of EKS to access the CloudWatch. Without it, Fluent Bit will not be allowed to send the Pod’s logs from EC2 to EKS.

Follow the below steps to allow the permission.

  • Navigate to IAM service of AWS and then Click on the Roles option.
AWS Roles
  • Search for the name of the EKS cluster in search bar. In my case, the EKS cluster name is First. Now click on the Node group of the EKS as shown in the below screenshot.
  • Click on the Add permissions and then select the Attach policies option.
AWS IAM Policies
  • Now search for the CloudWatchFullAccess policy in the search bar of policies and Add it to EKS’s node group.
AWS CloudWatch Policies

Note:- Make sure to add the CloudWatch policy to EKS Node Group without it Fluent Bit will not able to send logs to CloudWatch. If you have multiple node group connected to EKS cluster then you need to manually add the policy to each node group as mentioned above.

Deploy Fluent Bit on Amazon EKS

  • Create the namespace named as amazon-cloudwatch, run the following command to create the namespace.
kubectl apply -f
  • Now create a ConfigMap named as cluster-info with the following command. Replace the Cluster-Name and Cluster-Region with your EKS cluster’s name and region.
[[ ${FluentBitReadFromHead} = 'On' ]] && FluentBitReadFromTail='Off'|| FluentBitReadFromTail='On'
[[ -z ${FluentBitHttpPort} ]] && FluentBitHttpServer='Off' || FluentBitHttpServer='On'
kubectl create configmap fluent-bit-cluster-info \${ClusterName} \
--from-literal=http.server=${FluentBitHttpServer} \
--from-literal=http.port=${FluentBitHttpPort} \
--from-literal=read.head=${FluentBitReadFromHead} \
--from-literal=read.tail=${FluentBitReadFromTail} \
--from-literal=logs.region=${RegionName} -n amazon-cloudwatch
  • To deploy the Fluent Bit as daemonset in the EKS cluster, then run the following command.
kubectl apply -f
  • Run the following command to verify that the Fluent Bit is successfully deployed on the AWS Kubernetes Cluster.
kubectl get pods -n amazon-cloudwatch

Access the Pods Logs on AWS CloudWatch

Navigate to the CloudWatch service in the AWS and click on the Log groups options.

CloudWatch Log Group


After successfully deploying the Fluent Bit on EKS, If you are unable to see the log groups in the correct AWS region. Then check the status of the Fluent Bit daemonSet pods with the following command and make sure that the status is in Running state.

kubectl get pods -n amazon-cloudwatch

If the status of the pods shows as CreateContainerConfigError then describe the pods to check the issue with the following command.

kubectl describe pod Pod_Name -n amazon-cloudwatch

If the status of the pods shows as Running and still Fluent bit not working, then check the logs of the pods with the following command.

kubectl logs Pod_Name -n amazon-cloudwatch


In AWS EKS cluster, Fluent Bit plays a major role in collecting and managing log data efficiently. Its ability to gather, analyze, and transmit logs in a scalable and customizable manner makes it a valuable element for log management, problem-solving, and monitoring within Kubernetes environments.

If you guys have any queries or questions, then drop a comment regarding your queries.