aws
diff --git a/‎packages/@aws-cdk/aws-ecs/lib/container-definition.ts
Lines changed: 1 addition & 0 deletions b/‎packages/@aws-cdk/aws-ecs/lib/container-definition.ts
Lines changed: 1 addition & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-ecs/lib/log-drivers/aws-log-driver.ts
Lines changed: 8 additions & 0 deletions b/‎packages/@aws-cdk/aws-ecs/lib/log-drivers/aws-log-driver.ts
Lines changed: 8 additions & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-ecs/lib/log-drivers/log-driver.ts
Lines changed: 6 additions & 0 deletions b/‎packages/@aws-cdk/aws-ecs/lib/log-drivers/log-driver.ts
Lines changed: 6 additions & 0 deletions
diff --git a/‎packages/@aws-cdk/aws-ecs/test/fargate/integ.asset-image.expected.json
Lines changed: 13 additions & 0 deletions b/‎packages/@aws-cdk/aws-ecs/test/fargate/integ.asset-image.expected.json
Lines changed: 13 additions & 0 deletions
@@ -229,6 +229,7 @@ export class ContainerDefinition extends cdk.Construct {
     this.memoryLimitSpecified = props.memoryLimitMiB !== undefined || props.memoryReservationMiB !== undefined;
 
     props.image.bind(this);
+    if (props.logging) { props.logging.bind(this); }
   }
 
   /**
 
@@ -1,5 +1,6 @@
 import logs = require('@aws-cdk/aws-logs');
 import cdk = require('@aws-cdk/cdk');
+import { ContainerDefinition } from '../container-definition';
 import { cloudformation } from '../ecs.generated';
 import { LogDriver } from "./log-driver";
 
@@ -61,6 +62,13 @@ export class AwsLogDriver extends LogDriver {
     });
   }
 
+  /**
+   * Called when the log driver is configured on a container
+   */
+  public bind(containerDefinition: ContainerDefinition): void {
+    this.logGroup.grantWrite(containerDefinition.taskDefinition.obtainExecutionRole());
+  }
+
   /**
    * Return the log driver CloudFormation JSON
    */
 
@@ -1,4 +1,5 @@
 import cdk = require('@aws-cdk/cdk');
+import { ContainerDefinition } from '../container-definition';
 import { cloudformation } from '../ecs.generated';
 
 /**
@@ -9,4 +10,9 @@ export abstract class LogDriver extends cdk.Construct {
    * Return the log driver CloudFormation JSON
    */
   public abstract renderLogDriver(): cloudformation.TaskDefinitionResource.LogConfigurationProperty;
+
+  /**
+   * Called when the log driver is configured on a container
+   */
+  public abstract bind(containerDefinition: ContainerDefinition): void;
 }
@@ -759,6 +759,19 @@
               ],
               "Effect": "Allow",
               "Resource": "*"
+            },
+            {
+              "Action": [
+                "logs:CreateLogStream",
+                "logs:PutLogEvents"
+              ],
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "FargateServiceLoggingLogGroup9B16742A",
+                  "Arn"
+                ]
+              }
             }
           ],
           "Version": "2012-10-17"
Original file line number	Diff line number	Diff line change
`@@ -229,6 +229,7 @@ export class ContainerDefinition extends cdk.Construct {`
`229`	`229`	`this.memoryLimitSpecified = props.memoryLimitMiB !== undefined \|\| props.memoryReservationMiB !== undefined;`
`230`	`230`
`231`	`231`	`props.image.bind(this);`
	`232`	`+ if (props.logging) { props.logging.bind(this); }`
`232`	`233`	`}`
`233`	`234`
`234`	`235`	`/**`