ECS cloudwatch task error: “The specified log group does not exist”

This quick one is just for the googlers.

Saw an error bringing up tasks on a fresh ECS cluster and task run. The task definition included configuration to send logs to a cloudwatch log group.

"logConfiguration": {
    "logDriver": "awslogs",
    "options": {
        "awslogs-group": "web",
        "awslogs-region": "us-west-2",
        "awslogs-stream-prefix": "ecs"

Unfortunately this is missing a not well documented flag:

"awslogs-create-group": "true",

Adding this argument, along with the correct permissions to create log groups, allows the task to create the group and send logs. The following permission is needed on the task execution role:


Full docs here: