Identify Amazon ECS optimization opportunities using application trace data
Amazon ECS integrates with AWS Distro for OpenTelemetry to collect trace data from your
application. Amazon ECS uses an AWS Distro for OpenTelemetry sidecar container to collect and
route trace data to AWS X-Ray. For more information, see Setting up AWS Distro for
OpenTelemetry Collector in Amazon ECS
For the AWS Distro for OpenTelemetry Collector to send trace data to AWS X-Ray, your application must be configured to create the trace data. For more information, see Instrumenting your application for AWS X-Ray in the AWS X-Ray Developer Guide.
Required IAM permissions for AWS Distro for OpenTelemetry integration with AWS X-Ray
The Amazon ECS integration with AWS Distro for OpenTelemetry requires that you create a task role and specify the role in your task definition. We recommend that you configure the AWS Distro for OpenTelemetry sidecar to route container logs to CloudWatch Logs.
Important
If you also collect application metrics using the AWS Distro for OpenTelemetry integration, ensure your task IAM role also contains the permissions necessary for that integration. For more information, see Correlate Amazon ECS application performance using application metrics.
Create the following policy, and then attach it to the task execution role.
To use the JSON policy editor to create a policy
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
. -
In the navigation pane on the left, choose Policies.
If this is your first time choosing Policies, the Welcome to Managed Policies page appears. Choose Get Started.
-
At the top of the page, choose Create policy.
-
In the Policy editor section, choose the JSON option.
-
Enter the following JSON policy document:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:PutLogEvents", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:DescribeLogGroups", "logs:PutRetentionPolicy", "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:GetSamplingStatisticSummaries", "ssm:GetParameters" ], "Resource": "*" } ] }
-
Choose Next.
Note
You can switch between the Visual and JSON editor options anytime. However, if you make changes or choose Next in the Visual editor, IAM might restructure your policy to optimize it for the visual editor. For more information, see Policy restructuring in the IAM User Guide.
-
On the Review and create page, enter a Policy name and a Description (optional) for the policy that you are creating. Review Permissions defined in this policy to see the permissions that are granted by your policy.
-
Choose Create policy to save your new policy.