.net.net 4.net 4.5.net apm.NET Application Performance.NET Applications.NET Best Practise.NET Core.NET Monitoring.NET PerformanceABAPACAADDMADO.NETagent lifecycleagent of transformationAgents of TransformationAgile & DevOpsAgile & DevOpsAgile DevelopmentAgile OperationsAgile OpsAIAI/MLAIOpsalert fatigueAmazon EC2Amazon EKSamazon web servicesanalyst reportAnalyticsandroidAndroid monitoringanomaly detectionanti-patternsAoTAPACapacheAPCApdexapiAPI MonitoringApicaAPMAPM Analyticsapm application performance monitoringAPM Best PracticeAPM Best PracticesAPM Business MetricsAPM IntegrationAPM Marketapm monitoring toolsapm solutionsAPM Thought LeadershipAPM VendorsAPMaaSapp attention indexApp Attention Index 2019App Attention Index 2023app dynamicsApp Manapp ownerappd summitappd summit europeappdynamicsappdynamics apmappdynamics certificationAppDynamics CustomersAppDynamics DevOpsAppDynamics EUMappdynamics flowmapAppDynamics for AzureAppDynamics for DatabasesAppDynamics for MobileAppDynamics Growthappdynamics liteAppDynamics Partnersappdynamics pricingAppDynamics ProAppDynamics REST APIAppDynamics SaaSAppDynamics SAP MonitoringAppDynamics SuccessAppDynamics Universityappdynamics xapplicationapplication developmentApplication DiagnosticsApplication ElasticityApplication IntelligenceApplication Intelligence PlatformApplication Mappingapplication monitoringapplication monitoring for PCFapplication observabilityApplication PerformanceApplication Performance ManagementApplication Performance MonitoringApplication Runbook AutomationApplication ScalabilityApplication SecurityApplication Supportapplication testingAppSecappsec prioritizationappsphereappsphere 2015appsphere 2016artificial intelligenceASMASP.NETASP.NET Monitoringatlassianauto-scalingautomationAvailability MonitoringawardsawsAWS Cloud Connectoraws ec2AWS Elastic Container ServiceAWS LambdaAWS re:InventazureAzure Cosmos DBAzure FunctionsAzure MonitoringBackend MonitoringbankingBehavioral Learningbest apm toolsbetaBig DataBig Data AnalyticsbizdevopsBlack FridayblockchainBrowser AgentBrowser Monitoringbrowser real user monitoringbrowser rumBrowser Synthetic MonitoringBTMbusinessBusiness Activity MonitoringBusiness ImpactBusiness Intelligencebusiness iqbusiness journeybusiness journeysBusiness Metricsbusiness outcomesbusiness risk observabilitybusiness risk scorebusiness risk scoringbusiness transactionbusiness transaction insightsBusiness Transaction ManagementBusiness Transaction Performancebusiness transaction securityBusiness TransactionsBusinessiQC++CACA WilyCareercase studyCassandraCDEMChatGPTCI/CDCICSCIOciscoCisco AppDynamicsCisco AppDynamics OpenAI MonitoringCisco Application Centric InfrastructureCisco Cloud ObservabilityCisco Full-Stack ObservabilityCisco Intersightcisco intersight workload optimizerCisco LiveCisco Live 2022Cisco Live 2023Cisco Live 2023 AmsterdamCisco Live 2023 MelbourneCisco Live EMEACisco Observability PlatformCisco Secure ApplicationCisco ThousandEyesclient side performanceCloudcloud architecturecloud automationCloud BurstingCloud Deploymentcloud foundrycloud foundry foundationCloud MigrationCloud MonitoringCloud NativeCloud Native Computing Foundationcloud native observabilitycloud native securitycloud observabilitycloud orchestrationcloud planningcloud pricingCloud Scalingcloud securitycloudwatchcluster monitoringCMDBCNCFcodingCognition Enginecognitive operationscollaborationCompuwareCompuware Vantageconcurrent collectionsconferencecontainerscontinuous integrationcovid-19CPU Burncrash courseculturecustom dashboardscustomer DEMcustomer experienceCustomer LoyaltyCustomer SuccessCyber MondayDashboarddashboardsData Clouddata privacydata securitydatabasedatabase monitoringdatabase performanceDatabase Performance Monitoringdb2Deep DiagnosticsDEMDeploying APMdeveloperdevelopersDevelopmentdevelopment lifecycleDevOpsDevOps AppDynamicsDevOps Best PracticesDevOps Culturedevops lifecycledevopsdaysDevSecOpsdigital experienceDigital experience monitoringdigital transformationdigital trustDisaster RecoverydiscoverydockerDockerfiledowntimedowntime costdynamic baselinesDynatracee-commerceEase-of-UseecommerceeCommerce MonitoringECSedge computingeducationEKSelasticsearchEnd User ExperienceEnd User Experience MonitoringEnd User MonitoringEnterpriseEnterprise APMEnterprise deploymenterrorsETLEUEUEMEUMEuropean UnionEvaluating APMEventeventsexperience economyextensionsfasterfederal customersFedRAMPfinancefinancial servicesflame graphsFlutter Agentfog of developmentforresterForrester APMfull application stackfull-stack observabilityGartnerGartner APMGartner APM Magic QuadrantGartner Magic QuadrantGartner MQGDPRGeneral Data Protection Regulationghostglassdoorgogo langGomezGoogle Cloud FunctionsGovAPMgovernmentGrafanagrafana pluginguided tourHadoophealthcareHealthCare.govhhvmHigh AvailabilityHIPPAhistory of programminghybrid cloudhybrid cloud observabilityhybrid workIaaSIBMIBM DataPowerIBM Think 2019idcIISIIS Monitoringindustry insightsinfographicinfrastructureinfrastructure monitoringinfrastructure optimizationinfrastructure pricinginfrastructure visibilityInsuranceintegrationIntegration Partner Programinternet of thingsInternshipInvestment BankingiosiOS monitoringIOTiPhone CrashIRAPIstioITIT operationsITILITSMJavajava 9java apmJava CPUJava Memory LeakJava Monitoringjava programming languagejavascriptJConsoleJMXJVMJVM MonitoringK8sKNativeKPIKubeCon + CloudNative ConkubernetesKubernetes MonitoringLas VegaslegacyLoad RunnerLoad Testinglog analysislog analyticsLog Fileslog4jlogginglogsmachine learningmainframeManaged Service ProvidersmanagementmappingmariadbMaturitymemory leaksMesosmetric datametricsmicoservicesmicroservice patternsmicroservicesmicroservices iqMicrosoftmicrosoft azuremigrationMLmobileMobile APMmobile app metricsMobile Application MonitoringMobile Application Performancemobile applicationsMobile Best Practicesmobile eumMobile Monitoringmobile real-user monitoringMobile RUMMongoDBMonitoringMonitoring AgentsMRUMMSPMTTRMulti Cloudmulti tenancy cloudmulticloudmultitenancyMVC 4mysqlNetflixNetwork MonitoringNetwork Performance Managementnetwork visibilityNew RelicnewsnginxNodenode.jsnode.js apmnode.js monitoringnodetimeNoSQLNPMobamacareObamacare websiteobservabilityomni-channelon-premon-prem vs cloudon-premisesonline shoppingOPCacheopcodeOpenAIOpenAI APIopenshiftopenshift by red hatopenshift by redhatOpenTelemetryoperational analyticsOperationsoperatorsOpNetopsOpTierOraclePaaSpartnerpartner programpartnersPCFpercentilesPerformancePerformance Bottleneckperformance engineeringPerformance Managementperformance metricsPerformance Monitoringperformance testingphpphp 7php apmPHP Best Practicesphp performancephp securityphp upgradePivotalPivotal Cloud Foundryplatform monitoring for PCFpodcastprivate equityproductionProduction Monitoringprofilingprogramming languageprogramming languagesPublic Cloudpublic sectorpythonqaQuest FoglightRBARCAReal User Monitoringreal-time business metricsreal-time business monitoringred hatred hat openshiftresearch reportresponse timeretailriskRoot Cause AnalysisRSARtBMRUMrunbookSaaSSaas APMsaas application performance monitoringsan franciscoSAPSAP monitoringSAP NetWeaverSAP obSAP S/4HANAScalabilitysdkSecure Applicationsecuritysecurity resilienceserverserverlessservice assuranceService Broker Tileservice endpointsservice level agreementServiceNowshardingsingle page applicationsite reliability engineeringSLAslow SQLSmart AgentSmart Agent for Cisco AppDynamicssmart speakersSOASOA monitoringSoftware DevelopmentSpectro Cloud PaletteSplunkspring releaseSpring4ShellSQLSREsupply chainSynthetic Monitoringtaggingtagstechnical debttelemetryTest In ProductionThe Age of Application Observabilitythousandeyestransaction analyticsTransaction ProfilingTroubleshooting ApplicationstuningTypeScriptUCCEUCCE monitoringunified monitoringunified observability experienceUser Experienceuser session trackingVirtual War RoomVisualVMWar RoomwearableswebinarWebPerfWily IntroscopeWindows AzureWindows Azure StoreWNISwomenwomen in techwomen in technologywordpressyarnz/os
Cloud
Engineering

Observability-as-Code with AppDynamics: CloudFormation and AWS Elastic Container Service (ECS)

by AppDynamics Team
August 31 2022
 

In this technical deep-dive, we'll show you how to leverage AppDynamics to observe the state of the Amazon AWS Elastic Container Service.

Gartner predicts that by 2024, 30% of enterprises will adopt observability techniques to improve their business service performance — up from less than 10% in 2020. Indeed, observability is becoming a competitive advantage, and companies with a system in place to determine the health and state of business-critical services without human intervention have a distinctive edge.

At the same time, adoption of Infrastructure-as-Code (IaC) is increasing at an exponential rate, as IaC in the management of IT infrastructure (i.e., networks, containers, virtual machines, load balancers and more) enables organizations to provision and effectively manage large-scale architectures. An overwhelming amount of monitoring data now needs to be put into context to become useful information, and automation has become a non-negotiable feature to achieve this.

As applications are built to scale and organizations increasingly adopt a multi-cloud strategy, it becomes increasingly important and more complicated to observe the entire software lifecycle effectively, from code deployment through build and deploy to alerting and dashboarding. As a result, there is an increasing demand for a new dimension of observability strategy — a scalable method that is easily pluggable into existing IaC and GitOps workflows, a solution that does not require organisations to change their established IaC tooling or approaches.

The scalable monitoring methodology is often referred to as Monitoring as Code (MaC), Monitoring as a Service (MaaS), Everything as Code (EaC), or Observability as Code. The core principle remains the same regardless of what it is called; monitoring and observability should be treated and managed as code without the need for manual intervention.

Observability as Code extends IaC, including GitOps workflows and/or continuous integration/continuous delivery (CI/CD) pipelines.

Anatomy of Observability-as-Code

At AppDynamics, we firmly believe that observability and monitoring configurations should be treated and managed as code, and we are committed to ensuring that our customers can achieve this goal via our open APIs and the provision of an AppDynamics Terraform Provider and Ansible Collections—both of which are currently on our roadmap.

Observability-as-Code can be subcategorized into two broad areas, as depicted in Fig. 1.0.

Fig. 1.0

  1. Deployment as Code: Automating the agent deployment using the same approach as infrastructure deployment.  The outcome of this is to instrument the applications, profile the infrastructure, and send metrics, events, logs and traces (MELT) to AppDynamics.
  2. Configuration as Code: Configuring alerts, transaction discovery, RBAC, dashboards, health rules, etc., as code.

Deployment as Code

This blog provides practical steps, nuances, rationales and sample implementation manifests aimed at enabling you to gain a quicker return on your investment. We will show you practical working code on how to instrument Amazon ECS workloads as code using the AWS CloudFormation template, Terraform and Ansible.  For this demo, we chose ECS Fargate because it’s gaining popularity in the industry and fits quite well with the top three IaC toolings in the marketplace today: AWS CloudFormation, RedHat Ansible and HashiCorp Terraform, respectively.

Please note that we won’t spend time covering standard AWS setups for stacks, policies, roles and the like in great detail, with the assumption that you already have these in place. For help with the setup, please reach out to your AppDynamics representative and we’ll be glad to assist.

Are you ready to get started? Let’s dive in!

1. The AWS CloudFormation Approach

AWS CloudFormation provides AWS customers with a simple way to provision and manage their infrastructure and/or AWS resources as code. Using the CloudFormation template, users can describe all the AWS resources they want to provision (such as ECS, EC2 or Amazon RDS, etc.) in a YAML or JSON template file. CloudFormation takes care of provisioning and configuring those resources.

Here’s how you can natively embed AppDynamics agents into ECS using CloudFormation.

How are we adding agents?

An example CloudFormation template without AppDynamics can be found here, and this is the same template with AppDynamics instrumentation details added.

Fig. 2.0

In the examples above, we have provided a working CloudFormation template with and without AppDynamics agents. Perform a diff on both templates to see the difference and get hands-on right away, or continue reading for further information.

Note the changes mounting a volume to this application and the explicit service dependency (with DependsOn parameter). These are the key updates we’re performing to build observability into this application process.

ContainerDependency

We use the ECS ContainerDependency feature to inject AppDynamics agents into a shared ephemeral volume mount. This approach is similar to how Kubernetes init containers work. Unlike Kubernetes init containers that MUST come to successful completion before the main container comes up, ECS ContainerDependency provides additional conditional granularity for the dependent container with the following (super useful) container start args:  START, COMPLETE, SUCCESS and HEALTHY.

Fig. 3.0

Using Fig.3.o as a reference, the AppDynamics container is introduced as a dependent container and is configured to exit on COMPLETION. To create a hard dependency on the dependency (AppDynamics) container, we recommend you mark the container as an essential container by setting the essential flag “true”—doing this means your main container will not start up if the dependent container fails for any reason.

Note: If “essential” is set to false, you will run the risk of running the application without any monitoring, which may also result in false-positive alerts from AppDynamics.

The image of the AppDynamics container can and should be acquired from the official images in Docker Hub; acquiring the image from the official Docker Hub repo means your organization does not have to maintain AppDynamics images. If, however, you prefer to maintain your own base images internally because they need to be hardened (or for any other reason), we recommend you use a multi-stage build process to create your custom images from the official image. An example is provided here.

Moreso, we wrote a custom entry point copy command to copy the agent binaries from the AppDynamics agent (dependent) container onto the ephemeral volume mount. This step ensures the agent binaries are available to the main container when it starts up, as shown in Fig.4.0

Fig. 4.0

Persistent Volume

Another option, which involves a bit of work and automation scripts  — and also has the inherent risk of running out of date — is to mount the agent binaries from persistent storage such as EFS or EBS. You may consider using EFS for the Fargate launch type and EBS for the EC2 launch type. This approach eliminates the need to add the DependsOn container.

In summary, the instrumentation logic and outcome are the same regardless of whether you choose to acquire the official image from Docker Hub at runtime, embed the agents into your image at build time, or load the image from persistent storage. AppDynamics supports all three methods and we encourage our customers to choose what works best for them.

Next, we added all the necessary environment variables needed to dynamically configure the language agent, instrument the application, and send metrics to the controller (these steps can also be reviewed in the AppDynamics official documentation):

Fig. 5.0; Define environment variables

Secrets

We are adding this as its own chapter to highlight that the AppDynamics controller access key (or any other secret!) should be kept confidential at all times and should not be checked into your code repository. We also added a section in the CloudFormation template to demonstrate how you would read the access key from AWS Secrets Manager.

Fig. 6.0: Secret ARN

In conclusion, refer to the monitoring-as-code: ECS guide for all of the files used in the above exercise.  Should you like to set this up from scratch as a proof-of-concept, we have a full example, including scripts to help create the necessary policies and roles. Please refer to the corresponding README for further guidance.

2. The Terraform Approach

The Terraform example uses the same logic as the CloudFormation template to instrument your ECS Fargate workloads using ApDynamics.  All the artifacts are stored in this GitHub repository.

The primary considerations that went into the design of this project are:

  • Customers’ existing container images and/or the image build process should be unaltered.
  • The deployment process must remain immutable.
  • Idempotency: customers should get the same instrumentation result even if the Terraform config is applied multiple times.
  • The AppDynamics access key must be stored and accessed from the AWS secret manager, not as plaintext.

In addition, we leveraged AWS CloudFormation’s DependsOn attribute to:

  • Dynamically acquire the AppDynamics agent image from DockerHub. You may copy the image to your preferred registry.
  • Copy the content of the agent image into an ephemeral volume.
  • Mount the shared volume into the main application’s container at runtime.

Refer to the ecs-main.tf file in the ECS module for details.

Fig. 7.0 Terraform initialization

3. The Ansible Playbook approach

Please refer to the AppDynamics repository Monitoring as Code: Cloud with Ansible for source code and details on how to execute the playbook. This project leverages the AWS Ansible module to demonstrate how to embed the AppDynamics agent into an ECS Fargate instance.

Furthermore, the project creates an ECS Fargate Cluster that allows you to define Tasks that describe your containers, as defined in Task Definition. Tasks can be scaled in and out with ECS Cluster Services, including all the supporting services.  Also, the project creates secrets, like the controller access key, and stores them in AWS Secrets Manager.

Refer to the ecs_task_definition.yml file to see how AppDynamics agents are added to the ECS Fargate instance.

Fig. 8.0: ECS Task Definition

Conclusion

Today’s software challenges and the market shift towards the cloud are fueling automation and promoting strategic thinking over tactical course changes. It’s the path we’re walking with our customers every day.

Knowing the ins and outs of customers’ tools and infrastructure, asking the right questions, and predicting obstacles along the way helps us successfully drive AppDynamics’ observability-as-code adoption with cloud teams across organizations. This approach provides the native and built-in solutions for understanding each system based on its internal mechanisms and outputs.

AppDynamics Team

Related Posts

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

By clicking subscribe, I have read and understood the Privacy Policy and Terms of Use.
Platform
Solutions
Learn

Company
Support