Monitor EC2 Image Builder logs with Amazon CloudWatch Logs - EC2 Image Builder
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Monitor EC2 Image Builder logs with Amazon CloudWatch Logs

CloudWatch Logs support is turned on by default. Logs are retained on the instance during the build process, and streamed to CloudWatch Logs. The instance logs are removed from the instance before image creation.

Build logs are streamed to following the Image Builder CloudWatch Logs group and stream:

LogGroup:

/aws/imagebuilder/ImageName

LogStream (x.x.x/x):

ImageVersion/ImageBuildVersion

You can opt out of CloudWatch Logs streaming by removing the following permissions associated with the instance profile.

"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "logs:CreateLogStream",
            "logs:CreateLogGroup",
            "logs:PutLogEvents"
        ],
        "Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*"
    }
]

For advanced troubleshooting, you can run predefined commands and scripts using Amazon Systems Manager Run Command. For more information, see Troubleshoot EC2 Image Builder issues.