search
githubEdit

ECS prometheus metrics to Apica Ascent

AWS ECS is an orchestration service for Docker containers, allowing simple manage and scaling of applications with easy access to other AWS services. The below instructions outline how we can forward ECS container metrics to Ascent with the help of Prometheus service discovery using the following steps.

  • Create IAM policy to enable Prometheus container to scan the cluster with container having Dockerlabels.

  • Deploy a Prometheus service that would auto-discover any ECS tasks it finds in the same VPC using AWS API (prometheus-ecs-discovery GitHub repositoryarrow-up-right.)

  • Tag ECS tasks with DockerLabels.

hashtag
IAM policy for the ECS task

Create the below policy and attach it to the IAM role that the Prometheus ECS task will use to run the container, this will allow the container to scan the ECS-cluster containers and generate the config file, it also enables Prometheus to read from S3 bucket to fetch Prometheus.yml

{
    "Statement": [
        {
            "Action": [
                "ecs:List*",
                "ecs:Describe*"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:ecs:<region>:<account-id>:cluster/<ecs-cluster-name>",
                "arn:aws:ecs:<region>:<account-id>:task/<ecs-cluster-name>/*"
            ]
        },
        {
            "Action": [
                "ecs:ListClusters",
                "ecs:ListTasks",
                "ecs:DescribeTasks",
                "ecs:DescribeTaskDefinition",
                "ecs:DescribeContainerInstances"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::<s3-bucket-name>",
                "arn:aws:s3:::<s3-bucket-name>/*"
            ]
        }
    ],
    "Version": "2012-10-17"
}

hashtag
Prometheus containers

ECS task definition will have one task with 2 containers and common volume. Primary container will scan the ECS-cluster and find containers with labels PROMETHEUS_EXPORTER_PORT docker label and write to /output/ecsfilesd.yml which will be accessed by second container, second prometheus container will load its configuration data from an S3 bucket upon startup and it also scrapes any ECS containers container within the /output/ecs_file_sd.yml and will use remote write feature to forward metrics to the Ascent remote-write endpoint.

circle-info

The configuration also includes firelens integration(Log_router container) to forward logs to Ascent.

Upload the below configuration file below named as prometheus.yml to S3 bucket and provide the ascent-remote-write-endpoint below.

For any container to be scraped, add Dockerlabels below on ECS task with the metrics path and endpoint.

PreviousForwarding AWS ECS Logs to Apica Ascent using AWS FireLensNextAWS S3

Last updated

Was this helpful?