Identify Amazon ECS optimization opportunities using application trace data
Amazon ECS integrates with Amazon Distro for OpenTelemetry to collect trace data from your
application. Amazon ECS uses an Amazon Distro for OpenTelemetry sidecar container to collect and
route trace data to Amazon X-Ray. For more information, see Setting up Amazon Distro for
OpenTelemetry Collector in Amazon ECS
For the Amazon Distro for OpenTelemetry Collector to send trace data to Amazon X-Ray, your application must be configured to create the trace data. For more information, see Instrumenting your application for Amazon X-Ray in the Amazon X-Ray Developer Guide.
Required IAM permissions for Amazon Distro for OpenTelemetry integration with Amazon X-Ray
The Amazon ECS integration with Amazon Distro for OpenTelemetry requires that you create a task role and specify the role in your task definition. We recommend that you configure the Amazon Distro for OpenTelemetry sidecar to route container logs to CloudWatch Logs.
Important
If you also collect application metrics using the Amazon Distro for OpenTelemetry integration, ensure your task IAM role also contains the permissions necessary for that integration. For more information, see Correlate Amazon ECS application performance using application metrics.
Create the following policy, and then attach it to the task execution role.
To use the JSON policy editor to create a policy
Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/
. -
In the navigation pane on the left, choose Policies.
If this is your first time choosing Policies, the Welcome to Managed Policies page appears. Choose Get Started.
-
At the top of the page, choose Create policy.
-
In the Policy editor section, choose the JSON option.
-
Enter the following JSON policy document:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:PutLogEvents", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:DescribeLogGroups", "logs:PutRetentionPolicy", "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:GetSamplingStatisticSummaries", "ssm:GetParameters" ], "Resource": "*" } ] }
-
Choose Next.
Note
You can switch between the Visual and JSON editor options anytime. However, if you make changes or choose Next in the Visual editor, IAM might restructure your policy to optimize it for the visual editor. For more information, see Policy restructuring in the IAM User Guide.
-
On the Review and create page, enter a Policy name and a Description (optional) for the policy that you are creating. Review Permissions defined in this policy to see the permissions that are granted by your policy.
-
Choose Create policy to save your new policy.