Beat autodiscover docker.sock permission denied on AWS ECS

Trying to use Autodiscover for both filebeat and metricbeat on AWS ECS cluster.

However, I am getting /var/run/docker.sock/ Operation not committed when attempting to run both manually and with a task definition. I have mounted /var/run/docker.sock to /var/run/docker.sock in the task definition, from host to container.

Here is the relevant portion of my filebeat:

    - type: docker
        - condition:
            contains.docker.container.image: ["image1", "image2", "image3"]

And the output (when running ./metricbeat or ./filebeat in a container with docker.sock mounted:

sh-4.2$ ./metricbeat
metricbeat2018/01/08 18:31:23.302787 cloudid.go:42: INFO Setting Elasticsearch and Kibana URLs based on the cloud id: output.elasticsearch.hosts=https://host and
Exiting: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.22/containers/json?limit=0: dial unix /var/run/docker.sock: connect: permission denied

Is this impossible on AWS?

I have tried running privileged as root, and get a docker.sock not found.

Note: it should not be relevant I don't think, but I am using's hosted elasticsearch solution.

Hi @iseyer_alx,

Our docker integration should work on ECS, we have reports from the community using it (example).

Could you share the full log output? Also, could you please detail how did you configure the container? The mount looks correct, did you keep it as writable, that's needed?, I'm also interested in how you configured the "run as root" part.

This topic was automatically closed after 21 days. New replies are no longer allowed.