Adding Module and Example for ECS cluster monitoring with ecs_observer

modules/ecs-monitoring/README.md

@@ -4,22 +4,14 @@ This module provides ECS cluster monitoring with the following resources:
 
 - AWS Distro For OpenTelemetry Operator and Collector for Metrics and Traces
 - Creates Grafana Dashboards on Amazon Managed Grafana.
-- Create SSM Parameter to store the ADOT config yaml file
+- Creates SSM Parameter to store and distribute the ADOT config file
 
 ## Pre-requisites
 * ECS Cluster with EC2 using examples --> ecs-cluster-with-vpc
 * Create a `Prometheus Workspace` either using the Console or using the commented code under modules/ecs-monitoring/main.tf.
 * Update your exisitng App(workload) *ECS Task Definition* to add below label/environment variable
     - Set ***ECS_PROMETHEUS_EXPORTER_PORT*** to point to the containerPort where the Prometheus metrics are exposed
     - Set ***Java_EMF_Metrics*** to true. The CloudWatch agent uses this flag to generated the embedded metric format in the log event.
-* Make sure to update the placeholder values in the below files
-    - configs/config.yaml
-        - region
-        - cluster_name
-        - cluster_region
-        - prometheusremotewrite --> endpoint
-    - task-definitions/otel_collector.json
-        - awslogs-region
 
 This module makes use of the below open source projects:
 * [aws-managed-grafana](https://github.com/terraform-aws-modules/terraform-aws-managed-service-grafana)
@@ -32,7 +24,7 @@ See examples using this Terraform modules in the **Amazon ECS** section of [this
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0.0 |
 
 ## Providers
@@ -46,7 +38,6 @@ See examples using this Terraform modules in the **Amazon ECS** section of [this
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_managed_grafana_default"></a> [managed\_grafana\_default](#module\_managed\_grafana\_default) | terraform-aws-modules/managed-service-grafana/aws | n/a |
-| <a name="module_managed_prometheus_default"></a> [managed\_prometheus\_default](#module\_managed\_prometheus\_default) | terraform-aws-modules/managed-service-prometheus/aws | n/a |
 
 ## Resources
 
@@ -62,6 +53,8 @@ See examples using this Terraform modules in the **Amazon ECS** section of [this
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_aws_ecs_cluster_name"></a> [aws\_ecs\_cluster\_name](#input\_aws\_ecs\_cluster\_name) | Name of your ECS cluster | `string` | n/a | yes |
+| <a name="input_ecs_adot_cpu"></a> [ecs\_adot\_cpu](#input\_ecs\_adot\_cpu) | CPU to be allocated for the ADOT ECS TASK | `string` | `"256"` | no |
+| <a name="input_ecs_adot_mem"></a> [ecs\_adot\_mem](#input\_ecs\_adot\_mem) | Memory to be allocated for the ADOT ECS TASK | `string` | `"512"` | no |
 | <a name="input_executionRoleArn"></a> [executionRoleArn](#input\_executionRoleArn) | ARN of the IAM Execution Role | `string` | n/a | yes |
 | <a name="input_taskRoleArn"></a> [taskRoleArn](#input\_taskRoleArn) | ARN of the IAM Task Role | `string` | n/a | yes |
 
@@ -71,6 +64,4 @@ See examples using this Terraform modules in the **Amazon ECS** section of [this
 |------|-------------|
 | <a name="output_grafana_workspace_endpoint"></a> [grafana\_workspace\_endpoint](#output\_grafana\_workspace\_endpoint) | The endpoint of the Grafana workspace |
 | <a name="output_grafana_workspace_id"></a> [grafana\_workspace\_id](#output\_grafana\_workspace\_id) | The ID of the Grafana workspace |
-| <a name="output_prometheus_workspace_endpoint"></a> [prometheus\_workspace\_endpoint](#output\_prometheus\_workspace\_endpoint) | Prometheus endpoint available for this workspace |
-| <a name="output_prometheus_workspace_id"></a> [prometheus\_workspace\_id](#output\_prometheus\_workspace\_id) | Identifier of the workspace |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/ecs-monitoring/configs/config.yaml

@@ -1,52 +1,52 @@
 extensions:
   sigv4auth:
-    region: "us-east-1"
+    region: "${aws_region}"
     service: "aps"
   ecs_observer: # extension type is ecs_observer
-    cluster_name: 'aot-test-cluster' # cluster name need to configured manually
-    cluster_region: 'us-east-1' # region can be configured directly or use AWS_REGION env var
-    result_file: '/etc/ecs_sd_targets.yaml' # the directory for file must already exists
-    refresh_interval: 60s
+    cluster_name: "${cluster_name}" # cluster name need to configured manually
+    cluster_region: "${cluster_region}" # region can be configured directly or use AWS_REGION env var
+    result_file: "/etc/ecs_sd_targets.yaml" # the directory for file must already exists
+    refresh_interval: ${refresh_interval}
     job_label_name: prometheus_job
     # JMX
     docker_labels:
-      - port_label: 'ECS_PROMETHEUS_EXPORTER_PORT'
+      - port_label: "ECS_PROMETHEUS_EXPORTER_PORT"
 
 receivers:
   otlp:
     protocols:
       grpc:
-        endpoint: 0.0.0.0:4317
+        endpoint: ${otlpGrpcEndpoint}
       http:
-        endpoint: 0.0.0.0:4318
+        endpoint: ${otlpHttpEndpoint}
   prometheus:
     config:
       scrape_configs:
         - job_name: "ecssd"
           file_sd_configs:
             - files:
-                - '/etc/ecs_sd_targets.yaml'
+                - "/etc/ecs_sd_targets.yaml"
           relabel_configs:
-            - source_labels: [ __meta_ecs_cluster_name ]
+            - source_labels: [__meta_ecs_cluster_name]
               action: replace
               target_label: ClusterName
-            - source_labels: [ __meta_ecs_service_name ]
+            - source_labels: [__meta_ecs_service_name]
               action: replace
               target_label: ServiceName
-            - source_labels: [ __meta_ecs_task_definition_family ]
+            - source_labels: [__meta_ecs_task_definition_family]
               action: replace
               target_label: TaskDefinitionFamily
-            - source_labels: [ __meta_ecs_task_launch_type ]
+            - source_labels: [__meta_ecs_task_launch_type]
               action: replace
               target_label: LaunchType
-            - source_labels: [ __meta_ecs_container_name ]
+            - source_labels: [__meta_ecs_container_name]
               action: replace
               target_label: container_name
             - action: labelmap
               regex: ^__meta_ecs_container_labels_(.+)$
-              replacement: '$$1'
+              replacement: "$$1"
   awsecscontainermetrics:
-    collection_interval: 15s
+    collection_interval: ${ecs_metrics_collection_interval}
 
 processors:
   resource:
@@ -111,7 +111,7 @@ processors:
 
 exporters:
   prometheusremotewrite:
-    endpoint: "https://aps-workspaces.us-east-1.amazonaws.com/workspaces/ws-f9a9b3d8-511e-4640-9b2d-15fbd53f7209/api/v1/remote_write"
+    endpoint: "${amp_remote_write_ep}"
     auth:
       authenticator: sigv4auth
   logging:
@@ -127,4 +127,4 @@ service:
     metrics/ecs:
       receivers: [awsecscontainermetrics]
       processors: [filter]
-      exporters: [logging, prometheusremotewrite]
+      exporters: [logging, prometheusremotewrite]

modules/ecs-monitoring/locals.tf

@@ -6,4 +6,28 @@ locals {
   region           = data.aws_region.current.name
   name             = "amg-ex-${replace(basename(path.cwd), "_", "-")}"
   description      = "AWS Managed Grafana service for ${local.name}"
+
+  default_otel_values = {
+    aws_region                      = data.aws_region.current.name
+    cluster_name                    = var.aws_ecs_cluster_name
+    cluster_region                  = data.aws_region.current.name
+    refresh_interval                = "60s"
+    ecs_metrics_collection_interval = "15s"
+    amp_remote_write_ep             = "https://aps-workspaces.us-east-1.amazonaws.com/workspaces/ws-f9a9b3d8-511e-4640-9b2d-15fbd53f7209/api/v1/remote_write"
+    otlpGrpcEndpoint                = "0.0.0.0:4317"
+    otlpHttpEndpoint                = "0.0.0.0:4318"
+  }
+
+  ssm_param_value = yamlencode(
+    templatefile("${path.module}/configs/config.yaml", local.default_otel_values)
+  )
+
+  container_def_default_values = {
+    container_name = "adot_new"
+    otel_image_ver = "v0.31.0"
+    aws_region     = data.aws_region.current.name
+  }
+
+  container_definitions = templatefile("${path.module}/task_definitions/otel_collector.json", local.container_def_default_values)
+
 }

modules/ecs-monitoring/main.tf

@@ -1,9 +1,10 @@
-# SSM Parameter
+# SSM Parameter for storing and distrivuting the ADOT config
 resource "aws_ssm_parameter" "adot-config" {
-  name        = "/observability_aws/otel_collector_conf"
+  name        = "/terraform-aws-observability/otel_collector_config"
   description = "SSM parameter for aws-observability-accelerator/otel-collector-config"
   type        = "String"
-  value       = yamlencode(file("configs/config.yaml"))
+  value       = local.ssm_param_value
+  tier        = "Intelligent-Tiering"
 }
 
 ############################################
@@ -16,8 +17,10 @@ module "managed_grafana_default" {
   associate_license = false
 }
 
+#####################
 ## Commented this module, as AMP workspace is a pre-requiste for this solution.
 ## You can use this code to create a AMP workspace
+#####################
 
 # module "managed_prometheus_default" {
 #   source          = "terraform-aws-modules/managed-service-prometheus/aws"
@@ -33,9 +36,9 @@ resource "aws_ecs_task_definition" "adot_ecs_prometheus" {
   execution_role_arn       = var.executionRoleArn
   network_mode             = "bridge"
   requires_compatibilities = ["EC2"]
-  cpu                      = "256"
-  memory                   = "512"
-  container_definitions    = file("task_definitions/otel_collector.json")
+  cpu                      = var.ecs_adot_cpu
+  memory                   = var.ecs_adot_mem
+  container_definitions    = local.container_definitions
 }
 
 ############################################

modules/ecs-monitoring/outputs.tf

@@ -8,12 +8,12 @@ output "grafana_workspace_endpoint" {
   value       = module.managed_grafana_default.workspace_endpoint
 }
 
-output "prometheus_workspace_id" {
-  description = "Identifier of the workspace"
-  value       = module.managed_prometheus_default.workspace_id
-}
+# output "prometheus_workspace_id" {
+#   description = "Identifier of the workspace"
+#   value       = module.managed_prometheus_default.workspace_id
+# }
 
-output "prometheus_workspace_endpoint" {
-  description = "Prometheus endpoint available for this workspace"
-  value       = module.managed_prometheus_default.workspace_prometheus_endpoint
-}
+# output "prometheus_workspace_endpoint" {
+#   description = "Prometheus endpoint available for this workspace"
+#   value       = module.managed_prometheus_default.workspace_prometheus_endpoint
+# }

modules/ecs-monitoring/task-definitions/otel_collector.json

@@ -1,11 +1,11 @@
 [
   {
-    "name": "adot",
-    "image": "amazon/aws-otel-collector:v0.31.0",
+    "name": "${container_name}",
+    "image": "amazon/aws-otel-collector:${otel_image_ver}",
     "secrets": [
       {
         "name": "AOT_CONFIG_CONTENT",
-        "valueFrom": "/aws-observability-accelerator/otel-collector-config"
+        "valueFrom": "/terraform-aws-observability/otel_collector_config"
       }
     ],
     "logConfiguration": {

modules/ecs-monitoring/variables.tf

@@ -12,3 +12,15 @@ variable "executionRoleArn" {
   description = "ARN of the IAM Execution Role"
   type        = string
 }
+
+variable "ecs_adot_cpu" {
+  description = "CPU to be allocated for the ADOT ECS TASK"
+  type        = string
+  default     = "256"
+}
+
+variable "ecs_adot_mem" {
+  description = "Memory to be allocated for the ADOT ECS TASK"
+  type        = string
+  default     = "512"
+}

modules/ecs-monitoring/versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.1.0"
+  required_version = ">= 1.0.0"
 
   required_providers {
     aws = {