CloudWatch Application Signals & Container Insights for your EKS Cluster¶

This example deploys CloudWatch Observability EKS add-on on an exisiting Amazon EKS cluster, which enables Container Insights enhanced observability for Amazon EKS and CloudWatch Application Signals by default.

Enables the CloudWatch Observability Add-on on EKS using the IAM service account role
Creates an IAM Service Linked role for enabling Application Signals

Prerequisites¶

Note

Make sure to complete the prerequisites section before proceeding.

Setup¶

1. Download sources and initialize Terraform¶

git clone https://github.com/aws-observability/terraform-aws-observability-accelerator.git
cd terraform-aws-observability-accelerator/examples/eks-container-insights
terraform init

2. AWS Region¶

Specify the AWS Region where the resources will be deployed:

export TF_VAR_aws_region=xxx

2. EKS Cluster Name¶

Specify the EKS Cluster Name where the resources will be deployed:

export TF_VAR_eks_cluster_id=xxx

3. Disable creation of `Cloudwatch Application Signals Service-linked Role`¶

If you already have Application Signals deployed in your AWS account, please set the value of this variable to false

variable "create_cloudwatch_application_signals_role" {
  type        = bool
  default     = true
  description = "Create a Cloudwatch Application Signals service-linked role"
}

Deploy¶

Simply run this command to deploy the example

terraform apply

Enabling Application Signals for your services¶

Amazon CloudWatch Application Signals is a new integrated native APM experience in AWS. CloudWatch Application Signals supports Java and Python applications running on your Amazon EKS cluster.

Next, you have to update your Application to Configure application metrics and trace sampling. For this, you must add an annotation to a manifest YAML in your cluster. Adding this annotation auto-instruments the application to send metrics, traces, and logs to Application Signals. You have two options for the annotation:

Annotate Workload auto-instruments a single workload in the cluster.

Paste the below line into the PodTemplate section of the workload manifest.

apiVersion: apps/v1
kind: Deployment
spec:
  template:
    metadata:
      # add this annotation under the pod template metadata of the services deployment YAML you want to monitor
      annotations:
        instrumentation.opentelemetry.io/inject-java: "true"
        instrumentation.opentelemetry.io/inject-python: "true"
...

In your terminal, enter kubectl apply -f your_deployment_yaml to apply the change.

Annotate Namespace auto-instruments all workloads deployed in the selected namespace.
- Paste the below line into the metadata section of the namespace manifest.
```
annotations: instrumentation.opentelemetry.io/inject-java: "true"
apiVersion: apps/v1
kind: Namespace
metadata:
    name: <your_namespace>
    # add this annotation under metadata of the namespace manifest you want to monitor
    annotations:
      instrumentation.opentelemetry.io/inject-java: "true"
      instrumentation.opentelemetry.io/inject-python: "true"
...
```
- In your terminal, enter kubectl apply -f your_namespace_yaml to apply the change.
- In your terminal, enter a command to restart all pods in the namespace. An example command to restart deployment workloads is kubectl rollout restart deployment -n namespace_name

Visualization of Container Insights data¶

After terraform apply is successful, open your Amazon CloudWatch console in the same region as your EKS cluster, then from the left hand side choose Insights -> Container Insights, there choose the EKS from the drop down and you will see the metrics shown on the dashboard:

Visualization of CloudWatch Application Signals data¶

After enabling your Application to pass metrics and traces by following the steps provided above, open your Amazon CloudWatch console in the same region as your EKS cluster, then from the left hand side choose Application Signals -> Services and you will see the metrics shown on the sample dashboard below:

Cleanup¶

To clean up your environment, destroy the Terraform example by running

terraform destroy