Deploy the Cisco AppDynamics Infrastructure Collector in ECS Fargate

This page describes how to set up the Cisco AppDynamics Infrastructure Collector to monitor Amazon Elastic Container Service (ECS) entities running in Amazon Fargate.

If you want to set up the Cisco AppDynamics Infrastructure Collector to monitor non-Kubernetes Linux hosts, see Host Monitoring.

Before You Begin

Ensure that you meet the following requirements:

You have installed version >= 1.39.0 of the Amazon ECS Container Agent.
You have a EC2/Fargate AMD64 or ARM64 Linux environment.

Deploy the Cisco AppDynamics Infrastructure Collector in ECS Fargate

These are the high-level steps:

Update AWS Policy Permissions
Modify Your Existing Task Definition
Run the Task Definition

1. Update AWS Policy Permissions

This document contains references to third-party documentation. Splunk AppDynamics does not own any rights and assumes no responsibility for the accuracy or completeness of such third-party documentation.

You must update your AWS policy permissions to enable the Cisco AppDynamics Infrastructure Collector to gather metadata about your ECS cluster.

Create a new IAM policy:
Using the AWS JSON editor or the visual editor, create a policy named AppDynamicsInframonECSPolicy with the following JSON:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Resource": "*",
      "Action": [
        "ecs:Describe*",
        "ecs:List*"
      ]
    }
  ]
}

JSON

Attach the AppDynamicsInframonECSPolicy to the ecsTaskExecutionRole:
1. Open the AWS IAM console. In the left-hand navigation pane, click Roles.
2. In the search box, enter the role that you use to run ECS tasks and select it. This role is typically named ecsTaskExecutionRole.
3. On the role's details page, click the Permissions tab. Click Add permission and Attach policies.
4. In the search box, enter AppDynamicsInframonECSPolicy.
5. Locate the policy in the search results and check the box next to it.
6. Click Add permissions to attach the AppDynamicsInframonECSPolicy to the ecsTaskExecutionRole.

2. Modify Your Existing Task Definition

To run the Cisco AppDynamics Infrastructure Collector in ECS Fargate, you must add the Cisco AppDynamics Infrastructure Collector and Cisco AppDynamics Distribution of OpenTelemetry Collector containers to each task you want to monitor. To do so, you must update the task definition for the tasks that you want to monitor and re-deploy them.

Obtain the environment variables from the Cisco Cloud Observability UI:
1. Log into the Cisco Cloud Observability UI.
2. Use the left-hand navigation panel to navigate to Configure > Databases and Hosts.
3. Enter your credential set name and click Generate.
4. From the file, obtain the values for:
  1. APPD_OTELCOL_CLIENT_ID
  2. APPD_OTELCOL_CLIENT_SECRET
  3. APPD_OTELCOL_TOKEN_URL
  4. APPD_OTELCOL_ENDPOINT_URL
Open the Amazon ECS console. In the left-hand navigation pane, select Task definitions. Select the task you want to modify and click Create new revision.

Click Add more containers to add a new container for the Cisco AppDynamics Distribution of OpenTelemetry Collector.

Enter a container name.
For Image URI, enter appdynamics/appdynamics-cloud-otel-collector:latest.
For Essential Container, select Yes.

In the Environment variables section, click Add environment variable. Add the following environment variables and their values:

Environment Variable	Required	Description
`APPD_OTELCOL_CLIENT_ID`	Yes	Defines the client ID for authenticating with Cisco Cloud Observability.
`APPD_OTELCOL_CLIENT_SECRET`	Yes	Defines the secret string in plaintext for authenticating with Cisco Cloud Observability.
`APPD_OTELCOL_TOKEN_URL`	Yes	Defines the URL the collector retrieves OAuth2 tokens from.
`APPD_OTELCOL_ENDPOINT_URL`	Yes	Defines the endpoint the collector sends data to.

Click Add more containers to add a new container for the Cisco AppDynamics Infrastructure Collector.
1. Enter a container name.
2. For Image URI, enter appdynamics/infraagent-cnao:latest.
3. For Essential container, select Yes.
  
  (Optional) If you want to customize your Cisco AppDynamics Distribution of OpenTelemetry Collector, you can create an Amazon Elastic File System (EFS) volume to maintain your own manager_config.yaml file. See Amazon EFS volumes. The EFS volume must be mapped to the directory /opt/appdynamics/infra-manager/conf inside the container with a configuration file named manager_config.yml.
Click Create to save the revised task definition.

3. Run the Task Definition

You can run the task definition as an ECS service or task. Update the service or task with the revised task definition:

Open the Amazon ECS console. In the left-hand navigation pane, click Clusters. Select the cluster that you want to monitor.
Under Services or Tasks, check the box next to the service or task. Click Update.
Under Revision, select the version that corresponds to the revised task definition. Click Update.

Configuration Options

This section is optional.

In order to set the following configuration options for the Cisco AppDynamics Infrastructure Collector, you must create an Amazon Elastic File System (EFS) volume to maintain your own manager_config.yaml file. See Amazon EFS volumes. The EFS volume must be mapped to the directory /opt/appdynamics/infra-manager/conf inside the container with a configuration file named manager_config.yml.

The Cisco AppDynamics Infrastructure Collector reads configurations from the following variables set in the /opt/appdynamics/infra-manager/conf/manager_config.yml file:

Variable	Description	Default	Notes
`log-level`	A string specifying the verbosity of the Cisco AppDynamics Infrastructure Collector's logger. Possible values: `fatal`, `error`, `warn`, `info`, `debug`.	`info`	-
`log-files-max-size-mb`	Defines the maximum size in MB of the Cisco AppDynamics Infrastructure Collector log file. Once the log file exceeds this size, the file is copied to a backup file and compressed.	`10`	Host Only
`log-files-num-backups`	Defines the number of log backups to store on the disk.	`1`	Host Only
`mtls-enabled`	Enables mTLS for the Cisco AppDynamics Infrastructure Collector's communication with the Cisco AppDynamics Distribution of OpenTelemetry Collector. Minimum TLS 1.2 is required. See TLS/mTLS notes below.	false	-
`tls-enabled`	Enables TLS for the Cisco AppDynamics Infrastructure Collector's communication with the Cisco AppDynamics Distribution of OpenTelemetry Collector. Minimum TLS 1.2 is required. See TLS/mTLS notes below.	false	-

When mTLS or TLS is enabled, the Cisco AppDynamics Infrastructure Collector will search for the following files on the host:

File Location	Description	Notes
`/opt/appdynamics/infra-manager/certs/ca/ca.pem`	The location of the Certificate Authority file. If the file is not found at this location, the Cisco AppDynamics Infrastructure Collector defaults to the system's Certificate Authority.	Applicable to TLS and MTLS
`/opt/appdynamics/infra-manager/certs/client/client-key.pem`	The location of the client private key when mTLS is enabled.	MTLS only
`/opt/appdynamics/infra-manager/certs/client/client.pem`	The location of the client client certificate when mTLS is enabled.	MTLS only

Next Steps

Once you have successfully deployed the Cisco AppDynamics Infrastructure Collector, it collects data from the supported AWS services and populates the Observe page with entity-centric pages. You can now monitor the following supported AWS ECS services:

Amazon Web Services, the AWS logo, AWS, and any other AWS Marks used in these materials are trademarks of Amazon.com, Inc. or its affiliates in the United States and/or other countries.