Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bronto.io/llms.txt

Use this file to discover all available pages before exploring further.

When to Use FireLens

FireLens is a good fit when you are running workloads on ECS and want to:
  • Ship container stdout / stderr logs directly to Bronto without going through CloudWatch
  • Keep your setup log-focused without the overhead of an OTel pipeline
  • Use AWS’s native ECS log routing rather than managing a separate collector
If you also need traces from your ECS workloads, consider ADOT instead, which handles both logs and traces in a single pipeline.

Supported AWS Services

FireLens routes logs from containers running in:
ServiceLog type
Amazon ECS (EC2 launch type)Container stdout / stderr
AWS FargateContainer stdout / stderr
FireLens is ECS-specific. For EKS container logs, use Fluent Bit on EKS. For Lambda or other AWS services, see the overview.

What is FireLens?

AWS FireLens is an ECS log routing feature that uses a Fluent Bit (or Fluentd) sidecar container as a log driver. Container logs are piped from your application containers directly to the FireLens sidecar, which forwards them to Bronto using JSON Lines over HTTPS. FireLens runs as a sidecar in the same ECS task. No separate infrastructure is required.

Bronto Ingestion Endpoint

FireLens uses Fluent Bit’s http output, which sends JSON Lines to the Bronto base endpoint (no path):
RegionEndpoint
EUingestion.eu.bronto.io
USingestion.us.bronto.io
This is different from the OTLP endpoints (/v1/logs, /v1/traces), which accept only protobuf and require an OTel-compatible agent. Fluent Bit’s http output uses JSON Lines and must target the base endpoint.
All requests require the header: 
x-bronto-api-key: <YOUR_API_KEY>
See API Keys for how to generate a key.

Setup

Step 1 — Add the FireLens sidecar to your task definition

Add a log_router container using the AWS-provided Fluent Bit image. This container acts as the log driver for all other containers in the task. 
{
  "name": "log-router",
  "image": "public.ecr.aws/aws-observability/aws-for-fluent-bit:stable",
  "essential": true,
  "firelensConfiguration": {
    "type": "fluentbit",
    "options": {
      "enable-ecs-log-metadata": "true"
    }
  }
}

Step 2 — Configure Fluent Bit to forward to Bronto

Pass a custom Fluent Bit configuration to the sidecar via an S3 object or SSM Parameter Store. The output section targets Bronto’s base ingestion endpoint using JSON Lines format. For the full Fluent Bit configuration reference and output options, see the Fluent Bit setup guide. 
[OUTPUT]
    Name              http
    Match             *
    Host              ingestion.<REGION>.bronto.io
    Port              443
    Format            json_lines
    Compress          gzip
    tls               On
    tls.verify        On
    Header            x-bronto-api-key <YOUR_API_KEY>
    Header            x-bronto-dataset <YOUR_DATASET_NAME>
    Header            x-bronto-collection <YOUR_COLLECTION_NAME>
Replace <REGION> with eu or us.

Step 3 — Point your application containers at FireLens

Update the logConfiguration of each application container to use the awsfirelens log driver: 
{
  "logConfiguration": {
    "logDriver": "awsfirelens",
    "options": {
      "Name": "http",
      "Host": "ingestion.<REGION>.bronto.io",
      "Port": "443",
      "Format": "json_lines",
      "Compress": "gzip",
      "tls": "On",
      "tls.verify": "On",
      "Header": "x-bronto-api-key <YOUR_API_KEY>"
    }
  }
}

Data Organization

Set the recommended headers in your Fluent Bit [OUTPUT] block to control how data lands in Bronto — see Data Organization for how datasets, collections, and tags work.
HeaderDescription
x-bronto-datasetDataset to ingest into
x-bronto-collectionCollection name
x-bronto-tagsComma-separated tags to attach to events
[OUTPUT]
    Name              http
    Match             *
    Host              ingestion.<REGION>.bronto.io
    Port              443
    Format            json_lines
    Compress          gzip
    tls               On
    tls.verify        On
    Header            x-bronto-api-key <YOUR_API_KEY>
    Header            x-bronto-dataset <YOUR_DATASET_NAME>
    Header            x-bronto-collection <YOUR_COLLECTION_NAME>
    Header            x-bronto-tags env=prod,team=platform
To route different containers in the same task to different datasets, define multiple [OUTPUT] blocks with different Match patterns and per-output Header directives.

Cost Notes

  • No CloudWatch ingestion fees — logs go directly from FireLens to Bronto.
  • You pay only for the ECS task compute running the FireLens sidecar, which is negligible.
  • Compare with CloudWatch Log Forwarder if your services already write to CloudWatch.
For assistance, contact support@bronto.io.