Amazon Elastic Container Service (ECS) is a scalable container management service that makes it easy to run, stop, and manage Docker containers on Amazon EC2 clusters.
This project demonstrates how AppDynamics agents can be embedded into an existing ECS/Fargate setup using Terraform.
The primary considerations that went into the design of this project are:
- Customers' existing container images and/or the image build process should be unaltered.
- The deployment process must remain immutable.
- Idempotency - customers should get the same instrumentation result even if the terraform config is applied multiple times.
- AppDynamics access key must be stored and accessed from AWS secret manager, not as plaintext.
In addition, we leveraged on AWS CloudFormation's DependsOn attribute to:
- Dynamically acquire the AppDynamics agent image from DockerHub. You may copy the image to your prefered registry.
- Copy the content of the agent image into an ephemeral volume, then
- Mount the shared volume into the main application's container at runtime.
This demo creates the following AWS resources:
- VPC
- One public and one private subnet per AZ
- Routing tables for the subnets
- Internet Gateway for public subnets
- NAT gateways with attached Elastic IPs for the private subnet
- Security groups - that allows access to the specified container port
- An Application Load Balancer (ALB) - with listeners for port 80
- An ECS cluster with a service - including auto-scaling policies for CPU and memory usage
- Task definition to run docker containers - an init container for
AppDynamicsand the main container application - IAM execution role
- Task definition to run docker containers - an init container for
- Secrets - Creates secrets in Secret Manager
(Source: https://aws.amazon.com/de/blogs/compute/task-networking-in-aws-fargate/)
- The main logic is in the
template/app.json.tplfile. Please review theDependsOnsection and the AppDynamics environment variables. - Create AppDyamics secret in
secrets.auto.tfvarsRemove .example from the file name. - Populate
appdynamics.auto.tfvarswith your controller credentials and the agent's container registry.
First, you will need to set up the Terraform provider to talk to your AWS account. Please refer to main.tf
provider "aws" {
access_key = var.aws-access-key
secret_key = var.aws-secret-key
region = var.aws-region
version = "~> 2.0"
}You can also leave out access_key and secret_key; then Terraform will use the profile values stored in your .aws/config.
Next, execute the following commands:
$ terraform init
$ terraform plan
$ terraform apply
$ terraform destroy