Enable Application Signals on an Amazon EKS cluster with your services
To enable CloudWatch Application Signals on your applications on an existing Amazon EKS cluster, use the instructions in this section.
Important
If you are already using OpenTelemetry with an application that you intend to enable for Application Signals, see OpenTelemetry compatibility considerations before you enable Application Signals.
To enable Application Signals for your applications on an existing Amazon EKS cluster
Open the CloudWatch console at https://console.amazonaws.cn/cloudwatch/
. In the navigation pane, choose Services.
If you haven't enabled Application Signals in this account yet, you must grant Application Signals the permissions it needs to discover your services. To do so, do the following. You need to do this only once for your account.
Choose Start discovering your Services.
Select the check box and choose Start discovering Services.
Completing this step for the first time in your account creates the AWSServiceRoleForCloudWatchApplicationSignals service-linked role. This role grants Application Signals the following permissions:
-
xray:GetServiceGraph
-
logs:StartQuery
-
logs:GetQueryResults
-
cloudwatch:GetMetricData
-
cloudwatch:ListMetrics
-
tag:GetResources
For more information about this role, see Service-linked role permissions for CloudWatch Application Signals.
-
Choose Enable Application Signals.
For Specify platform, choose EKS.
For Select an EKS cluster, select the cluster where you want to enable Application Signals.
If this cluster does not already have the Amazon CloudWatch Observability EKS add-on enabled, you are prompted to enable it. If this is the case, do the following:
Choose Add CloudWatch Observability EKS add-on. The Amazon EKS console appears.
Select the check box for Amazon CloudWatch Observability and choose Next.
The CloudWatch Observability EKS add-on enables both Application Signals and CloudWatch Container Insights with enhanced observability for Amazon EKS. For more information about Container Insights, see Container Insights.
Select the most recent version of the add-on to install.
Select an IAM role to use for the add-on. If you choose Inherit from node, attach the correct permissions to the IAM role used by your worker nodes. Replace
my-worker-node-role
with the IAM role used by your Kubernetes worker nodes.aws iam attach-role-policy \ --role-name
my-worker-node-role
\ --policy-arn arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy \ --policy-arn arn:aws:iam::aws:policy/AWSXRayWriteOnlyAccessIf you want to create a service role to use the add-on, see Install the CloudWatch agent by using the Amazon CloudWatch Observability EKS add-on or the Helm chart.
Choose Next, confirm the information on the screen, and choose Create.
In the next screen, choose Enable CloudWatch Application Signals to return to the CloudWatch console and finish the process.
-
There are two options for enabling your applications for Application Signals. For consistency, we recommend that you choose one option per cluster.
The Console option is simpler. Using this method causes your pods to immediately restart.
The Annotate Manifest File method gives you more control of when your pods restart, and can also help you manage your monitoring in a more decentralized way if you don’t want to centralize it.
Choose View Services when done. This takes you to the Application Signals Services view, where you can see the data that Application Signals is collecting. It might take a few minutes for data to appear.
To enable Application Signals in another Amazon EKS cluster, choose Enable Application Signals from the Services screen.
For more information about the Services view, see Monitor the operational health of your applications with Application Signals.
Note
We've identified some considerations that you should keep in mind when enabling Python applications for Application Signals. For more information, see Python application doesn't start after Application Signals is enabled.