Datadog Agent for AWS ECS Clusters for Traces

Create an IAM Role for ECS Tasks

Create an IAM role for the ECS tasks, so they can send data to Kloudfuse and interact with AWS services.

You can use the following policy to allow Datadog Agent to collect metrics, logs, and traces.

Navigate to IAM in the AWS Console, and create a new Role with the following specifications:

Trusted entity

ECS (Elastic Container Service)

Policy

Custom, or use AWS-managed policies:

  • AmazonEC2ContainerServiceforEC2Role, for ECS task communication

  • CloudWatchFullAccess, for metrics

  • AWSXRayDaemonWriteAccess, for tracing

  • logs policy, for CloudWatch logs access

Install Datadog Agent on ECS

Datadog provides a Docker image that runs as an agent inside the ECS containers. To use this image, configure ECS Task Definitions.

  1. Create an ECS Task Definition with Datadog Agent.

    Modify your ECS service’s task definition to run the Datadog agent as a sidecar container.

    {
"containerDefinitions": [
{
    "name": "datadog-agent",
    "image": "public.ecr.aws/datadog/agent:latest",
    "cpu": 100,
    "memory": 512,
    "essential": true,
    "environment": [
        {
            "name": "DD_LOGS_ENABLED",
            "value": "true"
        },
        {
            "name": "DD_API_KEY",
            "value": "kloudfuse"
        },
        {
            "name": "DD_URL",
            "value": "https://<kf-domain-name>/ingester"
        },
        {
            "name": "DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL",
            "value": "true"
        },
        {
            "name": "DD_LOGS_CONFIG_FORCE_USE_HTTP",
            "value": "true"
        },
        {
            "name": "DD_LOGS_CONFIG_LOGS_DD_URL",
            "value": "<kf-domain-name>:443"
        },
    ],
    "mountPoints": [
        {
            "sourceVolume": "docker_sock",
            "containerPath": "/var/run/docker.sock"
        },
        {
            "sourceVolume": "cgroup",
            "containerPath": "/host/sys/fs/cgroup"
        },
        {
            "sourceVolume": "proc",
            "containerPath": "/host/proc"
        },
        {
            "sourceVolume": "pointdir",
            "containerPath": "/opt/datadog-agent/run",
            "readOnly": false
        },
        {
            "sourceVolume": "containers_root",
            "containerPath": "/var/lib/docker/containers",
            "readOnly": true
        }
    ],
    "linuxParameters": {
        "initProcessEnabled": true
    },
}
],
"family": "datadog-agent-task",
"taskRoleArn": "arn:aws:iam::<aws-account-id>:role/<custom-ecs-iam-role>",
"executionRoleArn": "arn:aws:iam::<aws-account-id>:role/<custom-ecs-iam-role>",
"placementConstraints": [],
"compatibilities": [
"EXTERNAL",
"EC2"
],
"tags": []
}
    code

Collect Events

To enable application performance monitoring (APM) tracing, configure the Datadog agent to use the DD_APM_ENABLED=true flag.

Set up tracing for your services by modifying the environment in the ECS task definition:

{
"name": "DD_APM_ENABLED",
"value": "true"
}
json

When using ECS Fargate, the Datadog agent automatically detects and enable APM for any applications with tracing libraries, such as Python, Node.js, Java, and so on.

Add the necessary tracing libraries to your application, such as ddtrace for Python or Node.js, and configure it to send traces to the Datadog agent.