How Do I Collect Distributed Tracing Data for ECS/Fargate Services With AWS X-Ray?
Introduction
AWS X-Ray provides a powerful tool for collecting and analyzing distributed tracing data, which is crucial for monitoring the performance of applications running on AWS ECS/Fargate. This guide explains how to set up AWS X-Ray tracing for your ECS/Fargate services, enabling you to gain insights into your application’s behavior and performance.
Step-by-Step Explanation
To collect distributed tracing data for ECS/Fargate services using AWS X-Ray, follow these steps:
Define the IAM Role and Policy for the ECS Task: Create an IAM role with the necessary permissions for ECS tasks to interact with AWS X-Ray.
Create an ECS Task Definition: This should include both your application container and the X-Ray daemon container, which will run as a sidecar.
Configure the ECS Service: Use the task definition to set up your ECS service, ensuring it can communicate with AWS X-Ray.
Below is an example program demonstrating these steps:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// IAM Role for ECS Tasks
const ecsTaskExecutionRole = new aws.iam.Role("ecs_task_execution_role", {
name: "ecsTaskExecutionRole",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Effect: "Allow",
Principal: {
Service: "ecs-tasks.amazonaws.com",
},
}],
}),
});
const ecsTaskExecutionRolePolicy = new aws.iam.RolePolicyAttachment("ecs_task_execution_role_policy", {
role: ecsTaskExecutionRole.name,
policyArn: "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
});
// IAM Policy for X-Ray
const xrayWritePolicy = new aws.iam.Policy("xray_write_policy", {
name: "XRayWriteAccess",
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
],
Effect: "Allow",
Resource: "*",
}],
}),
});
// Attach the X-Ray policy to the task role
const xrayPolicyAttachment = new aws.iam.RolePolicyAttachment("xray_policy_attachment", {
role: ecsTaskExecutionRole.name,
policyArn: xrayWritePolicy.arn,
});
// ECS Task Definition
const app = new aws.ecs.TaskDefinition("app", {
family: "fargate-task",
requiresCompatibilities: ["FARGATE"],
networkMode: "awsvpc",
cpu: "256",
memory: "512",
executionRoleArn: ecsTaskExecutionRole.arn,
containerDefinitions: JSON.stringify([
{
name: "my-app",
image: "nginx",
essential: true,
portMappings: [{
containerPort: 80,
hostPort: 80,
}],
},
{
name: "xray-daemon",
image: "amazon/aws-xray-daemon",
essential: true,
portMappings: [{
containerPort: 2000,
hostPort: 2000,
protocol: "udp",
}],
environment: [{
name: "AWS_REGION",
value: "us-west-2",
}],
},
]),
});
const cluster = new aws.ecs.Cluster("cluster", {name: "my-cluster"});
// ECS Service
const appService = new aws.ecs.Service("app_service", {
name: "app-service",
cluster: cluster.id,
taskDefinition: app.arn,
desiredCount: 1,
launchType: "FARGATE",
networkConfiguration: {
subnets: [
"subnet-abc123",
"subnet-def456",
],
assignPublicIp: true,
},
});
Key Points
- IAM Role and Policy: Ensure the ECS task can assume the necessary role and has permissions to write trace data to AWS X-Ray.
- Task Definition: Include both the application and X-Ray daemon containers.
- ECS Service Configuration: Properly configure the service to utilize the task definition and communicate with AWS X-Ray.
Conclusion
By following the steps outlined, you can successfully set up AWS X-Ray to collect distributed tracing data from your ECS/Fargate services. This setup allows you to monitor and analyze the performance of your applications, helping you make informed decisions and optimizations.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.