This page describes how to set up the Cisco AppDynamics Infrastructure Collector to monitor Amazon Elastic Container Service (ECS) entities running in Amazon Elastic Compute Cloud (EC2).

If you want to set up the Cisco AppDynamics Infrastructure Collector to monitor non-Kubernetes Linux hosts, see Host Monitoring.

Before You Begin

Ensure that you meet the following requirements:

Deploy the Cisco AppDynamics Infrastructure Collector in ECS EC2

These are the high-level steps:

  1. Update AWS Policy Permissions
  2. Enable Instance Metadata and Tags in Your EC2 Instance
  3. Create the Task Definition
  4. Run the Task Definition

1. Update AWS Policy Permissions

This document contains references to third-party documentation. Splunk AppDynamics does not own any rights and assumes no responsibility for the accuracy or completeness of such third-party documentation.

You must update your AWS policy permissions to enable the Cisco AppDynamics Infrastructure Collector to gather metadata about your ECS cluster.

  1. Create a new IAM policy:
    Using the AWS JSON editor or the visual editor, create a policy named AppDynamicsInframonECSPolicy with the following JSON:

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Resource": "*",
      "Action": [
        "ecs:Describe*",
        "ecs:List*"
      ]
    }
  ]
}
    JSON

  2. Attach the AppDynamicsInframonECSPolicy to the ecsTaskExecutionRole:

    1. Open the AWS IAM console. In the left-hand navigation pane, click Roles.

    2. In the search box, enter the role that you use to run ECS tasks and select it. This role is typically named ecsTaskExecutionRole.

    3. On the role's details page, click the Permissions tab. Click Add permission and Attach policies.

    4. In the search box, enter AppDynamicsInframonECSPolicy.

    5. Locate the policy in the search results and check the box next to it.

    6. Click Add permissions to attach the AppDynamicsInframonECSPolicy to the ecsTaskExecutionRole.

2. Enable Instance Metadata and Tags in Your EC2 Instance

  1. Enable instance metadata for your EC2 instance by using one of the following methods:
    1. Turn on access to instance metadata for existing instances
    2. Turn on access to instance metadata for new instances at launch
  2. Configure the EC2 instance to allow tags in instance metadata.

3. Create the ec2-infracollector Task Definition

To run the Cisco AppDynamics Infrastructure Collector in ECS EC2, you must add the Cisco AppDynamics Infrastructure Collector and Cisco AppDynamics Distribution of OpenTelemetry Collector containers to each container instance you want to monitor. To do so, you must create an ec2-infracollector task definition and deploy it on the container instances that are part of your ECS cluster.

  1. Obtain the environment variables from the Cisco Cloud Observability UI:
    1. Log into the Cisco Cloud Observability UI.
    2. Use the left-hand navigation panel to navigate to Configure > Databases and Hosts.
    3. Enter your credential set name and click Generate.

    4. From the file, obtain the values for:

      1. APPD_OTELCOL_CLIENT_ID

      2. APPD_OTELCOL_CLIENT_SECRET

      3. APPD_OTELCOL_TOKEN_URL

      4. APPD_OTELCOL_ENDPOINT_URL

  2. Open the Amazon ECS console. In the left-hand navigation pane, select Task definitions and click Create new task definition. We recommend that you use ec2-infracollector as the name for the task definition.
  3. In the Infrastructure requirements section:
    1. Select Amazon EC2 instances. Ensure that AWS Fargate is not selected.
    2. For Network mode, select host.
  4. In the Container - 1 section:
    1. Enter a container Name.
    2. For Image URI, enter appdynamics/appdynamics-cloud-otel-collector:latest.
    3. For Essential Container, select Yes.

    4. In the Environment variables section, click Add environment variable. Add the following environment variables and their values:

      Environment Variable

      Required

      Description

      APPD_OTELCOL_CLIENT_IDYes

      Defines the client ID for authenticating with Cisco Cloud Observability.

      APPD_OTELCOL_CLIENT_SECRETYes

      Defines the secret string in plaintext for authenticating with Cisco Cloud Observability.

      APPD_OTELCOL_TOKEN_URLYes

      Defines the URL the collector retrieves OAuth2 tokens from.

      APPD_OTELCOL_ENDPOINT_URLYesDefines the endpoint the collector sends data to.
  5. Click Add more containers. In the Container - 2 section: 
    1. Enter a container Name.
    2. For Image Url, enter appdynamics/infraagent-cnao:latest.

    3. For Essential container, select Yes.

      (Optional) If you want to customize your Cisco AppDynamics Distribution of OpenTelemetry Collector, you can create an Amazon Elastic File System (EFS) volume to maintain your own manager_config.yaml file. See Amazon EFS volumes. The EFS volume must be mapped to the directory /opt/appdynamics/infra-manager/conf inside the container with a configuration file named manager_config.yml.

  6. In the Storage - optional section, click Add volume to create a new volume.
    1. For Volume type, select Bind mount.
    2. For Volume name, enter var_run.
    3. For Source path, enter /var/run.
  7. In the Container mount points section, click Add mount point.
    1. For Container, select the Cisco AppDynamics Infrastructure Collector container that you created in step 4. 
    2. For Source volume, select var_run.
    3. For Container path, enter /var/run.
    4. Select the Read only box.
  8. Select the Create button to create the task definition.

4. Run the Task Definition

Run the task definition as an ECS daemon service to automatically run it on each of the container instances within the cluster.

Configuration Options

This section is optional.

In order to set the following configuration options for the Cisco AppDynamics Infrastructure Collector, you must create an Amazon Elastic File System (EFS) volume to maintain your own manager_config.yaml file. See Amazon EFS volumes. The EFS volume must be mapped to the directory /opt/appdynamics/infra-manager/conf inside the container with a configuration file named manager_config.yml.

The Cisco AppDynamics Infrastructure Collector reads configurations from the following variables set in the /opt/appdynamics/infra-manager/conf/manager_config.yml file:

VariableDescriptionDefaultNotes
log-level

A string specifying the verbosity of the Cisco AppDynamics Infrastructure Collector's logger. Possible values: fatal, error, warn, info, debug.

info-
log-files-max-size-mb

Defines the maximum size in MB of the Cisco AppDynamics Infrastructure Collector log file. Once the log file exceeds this size, the file is copied to a backup file and compressed.

10Host Only
log-files-num-backupsDefines the number of log backups to store on the disk.1Host Only
mtls-enabled

Enables mTLS for the Cisco AppDynamics Infrastructure Collector's communication with the Cisco AppDynamics Distribution of OpenTelemetry Collector. Minimum TLS 1.2 is required. See TLS/mTLS notes below.

false-
tls-enabled

Enables TLS for the Cisco AppDynamics Infrastructure Collector's communication with the Cisco AppDynamics Distribution of OpenTelemetry Collector.  Minimum TLS 1.2 is required. See TLS/mTLS notes below.

false-

When mTLS or TLS is enabled, the Cisco AppDynamics Infrastructure Collector will search for the following files on the host:

File LocationDescriptionNotes
/opt/appdynamics/infra-manager/certs/ca/ca.pem
  

The location of the Certificate Authority file. If the file is not found at this location, the Cisco AppDynamics Infrastructure Collector defaults to the system's Certificate Authority.

Applicable to TLS and MTLS
/opt/appdynamics/infra-manager/certs/client/client-key.pemThe location of the client private key when mTLS is enabled.MTLS only
/opt/appdynamics/infra-manager/certs/client/client.pemThe location of the client client certificate when mTLS is enabled.MTLS only

Next Steps

Once you have successfully deployed the Cisco AppDynamics Infrastructure Collector, it collects data from the supported AWS services and populates the Observe page with entity-centric pages. You can now monitor the following AWS ECS services:

Amazon Web Services, the AWS logo, AWS, and any other AWS Marks used in these materials are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.