When to Use FireLens
FireLens is a good fit when you are running workloads on ECS and want to:
- Ship container
stdout / stderr logs directly to Bronto without going through CloudWatch
- Keep your setup log-focused without the overhead of an OTel pipeline
- Use AWS’s native ECS log routing rather than managing a separate collector
If you also need traces from your ECS workloads, consider ADOT instead, which handles both logs and traces in a single pipeline.
Supported AWS Services
FireLens routes logs from containers running in:
| Service | Log type |
|---|
| Amazon ECS (EC2 launch type) | Container stdout / stderr |
| AWS Fargate | Container stdout / stderr |
What is FireLens?
AWS FireLens is an ECS log routing feature that uses a Fluent Bit (or Fluentd) sidecar container as a log driver. Container logs are piped from your application containers directly to the FireLens sidecar, which forwards them to Bronto using JSON Lines over HTTPS.
FireLens runs as a sidecar in the same ECS task. No separate infrastructure is required.
Bronto Ingestion Endpoint
FireLens uses Fluent Bit’s http output, which sends JSON Lines to the Bronto base endpoint (no path):
| Region | Endpoint |
|---|
| EU | ingestion.eu.bronto.io |
| US | ingestion.us.bronto.io |
This is different from the OTLP endpoints (/v1/logs, /v1/traces), which accept only protobuf and require an OTel-compatible agent. Fluent Bit’s http output uses JSON Lines and must target the base endpoint.
x-bronto-api-key: <YOUR_API_KEY>
Setup
Step 1 — Add the FireLens sidecar to your task definition
Add a log_router container using the AWS-provided Fluent Bit image. This container acts as the log driver for all other containers in the task.
{
"name": "log-router",
"image": "public.ecr.aws/aws-observability/aws-for-fluent-bit:stable",
"essential": true,
"firelensConfiguration": {
"type": "fluentbit",
"options": {
"enable-ecs-log-metadata": "true"
}
}
}
[OUTPUT]
Name http
Match *
Host ingestion.<REGION>.bronto.io
Port 443
Format json_lines
Compress gzip
tls On
tls.verify On
Header x-bronto-api-key <YOUR_API_KEY>
Header x-bronto-dataset <YOUR_DATASET_NAME>
Header x-bronto-collection <YOUR_COLLECTION_NAME>
<REGION> with eu or us.
Step 3 — Point your application containers at FireLens
Update the logConfiguration of each application container to use the awsfirelens log driver:
{
"logConfiguration": {
"logDriver": "awsfirelens",
"options": {
"Name": "http",
"Host": "ingestion.<REGION>.bronto.io",
"Port": "443",
"Format": "json_lines",
"Compress": "gzip",
"tls": "On",
"tls.verify": "On",
"Header": "x-bronto-api-key <YOUR_API_KEY>"
}
}
}
Data Organization
Set the recommended headers in your Fluent Bit [OUTPUT] block to control how data lands in Bronto — see Data Organization for how datasets, collections, and tags work.
| Header | Description |
|---|
x-bronto-dataset | Dataset to ingest into |
x-bronto-collection | Collection name |
x-bronto-tags | Comma-separated tags to attach to events |
[OUTPUT]
Name http
Match *
Host ingestion.<REGION>.bronto.io
Port 443
Format json_lines
Compress gzip
tls On
tls.verify On
Header x-bronto-api-key <YOUR_API_KEY>
Header x-bronto-dataset <YOUR_DATASET_NAME>
Header x-bronto-collection <YOUR_COLLECTION_NAME>
Header x-bronto-tags env=prod,team=platform
[OUTPUT] blocks with different Match patterns and per-output Header directives.
Cost Notes
- No CloudWatch ingestion fees — logs go directly from FireLens to Bronto.
- You pay only for the ECS task compute running the FireLens sidecar, which is negligible.
- Compare with CloudWatch Log Forwarder if your services already write to CloudWatch.
For assistance, contact support@bronto.io.
