fix: Add datadog-agent to ECS

ExpediaGroup · Jan 12, 2024 · eba7639 · eba7639
1 parent da49cc1
commit eba7639
Show file tree

Hide file tree

Showing 6 changed files with 111 additions and 0 deletions.
diff --git a/cloudwatch.tf b/cloudwatch.tf
@@ -4,6 +4,12 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  */
 
+resource "aws_cloudwatch_log_group" "ecs" {
+  count = var.hms_instance_type == "ecs" ? 1 : 0
+  name  = local.instance_alias
+  tags  = var.apiary_tags
+}
+
 data "template_file" "s3_widgets" {
   count = length(local.schemas_info)
 

diff --git a/common.tf b/common.tf
@@ -78,3 +78,13 @@ data "aws_route53_zone" "apiary_zone" {
   name   = var.apiary_domain_name
   vpc_id = var.vpc_id
 }
+
+data "aws_secretsmanager_secret" "datadog_key" {
+  count = length(var.datadog_key_secret_name) == 0 ? 0 : 1
+  name  = var.datadog_key_secret_name
+}
+
+data "aws_secretsmanager_secret_version" "datadog_key" {
+  count = length(var.datadog_key_secret_name) == 0 ? 0 : 1
+  secret_id = data.aws_secretsmanager_secret.datadog_key[0].id
+}
diff --git a/templates.tf b/templates.tf
@@ -61,6 +61,13 @@ locals{
     mysql_permissions      = "ALL"
     mysql_master_cred_arn  = var.external_database_host == "" ? aws_secretsmanager_secret.apiary_mysql_master_credentials[0].arn : null
     mysql_user_cred_arn    = data.aws_secretsmanager_secret.db_rw_user.arn
+
+    # Datadog vars
+    datadog_secret_key    = jsondecode(data.aws_secretsmanager_secret_version.datadog_key[0].secret_string).api_key
+    wd_instance_type      = var.hms_instance_type
+    metrics_port          = var.datadog_metrics_port
+    datadog_agent_version = var.datadog_agent_version
+    include_datadog_agent = var.include_datadog_agent
   })
 
   hms_readonly_template = templatefile("${path.module}/templates/apiary-hms-readonly.json", {
@@ -104,5 +111,12 @@ locals{
     mysql_write_db         = "${var.external_database_host == "" ? join("", aws_rds_cluster.apiary_cluster.*.endpoint) : var.external_database_host}"
     mysql_master_cred_arn  = var.external_database_host == "" ? aws_secretsmanager_secret.apiary_mysql_master_credentials[0].arn : null
     mysql_user_cred_arn    = data.aws_secretsmanager_secret.db_ro_user.arn
+
+    # Datadog vars
+    datadog_secret_key    = jsondecode(data.aws_secretsmanager_secret_version.datadog_key[0].secret_string).api_key
+    wd_instance_type      = var.hms_instance_type
+    metrics_port          = var.datadog_metrics_port
+    datadog_agent_version = var.datadog_agent_version
+    include_datadog_agent = var.include_datadog_agent
   })
 }
diff --git a/templates/apiary-hms-readonly.json b/templates/apiary-hms-readonly.json
@@ -179,4 +179,36 @@
 %{ endfor }
    ]
   }
+%{ if include_datadog_agent }
+  ,{
+    "name": "datadog-agent",
+    "image": "public.ecr.aws/datadog/agent:${datadog_agent_version}",
+    "essential": true,
+    "logConfiguration": {
+      "logDriver": "awslogs",
+      "options": {
+        "awslogs-group": "${loggroup}",
+        "awslogs-region": "${region}",
+        "awslogs-stream-prefix": "/"
+      }
+    },
+    "environment": [
+      {
+        "name": "DD_API_KEY",
+        "value": "${datadog_secret_key}"
+      },
+      {
+        "name": "ECS_FARGATE",
+        "value": "true"
+      }
+    ],
+    "healthCheck": {
+      "command": ["CMD-SHELL", "curl -f http://localhost:18000/actuator/health || exit 1"],
+      "interval": 5,
+      "retries": 3,
+      "startPeriod": 60,
+      "timeout": 5
+    }
+  }
+%{ endif }
 ]
diff --git a/templates/apiary-hms-readwrite.json b/templates/apiary-hms-readwrite.json
@@ -231,4 +231,36 @@
 %{ endfor }
     ]
   }
+%{ if include_datadog_agent }
+  ,{
+   "name": "datadog-agent",
+   "image": "public.ecr.aws/datadog/agent:${datadog_agent_version}",
+   "essential": true,
+   "logConfiguration": {
+     "logDriver": "awslogs",
+     "options": {
+       "awslogs-group": "${loggroup}",
+       "awslogs-region": "${region}",
+       "awslogs-stream-prefix": "/"
+     }
+   },
+   "environment": [
+     {
+       "name": "DD_API_KEY",
+       "value": "${datadog_secret_key}"
+     },
+     {
+       "name": "ECS_FARGATE",
+       "value": "true"
+     }
+   ],
+   "healthCheck": {
+     "command": ["CMD-SHELL", "curl -f http://localhost:18000/actuator/health || exit 1"],
+     "interval": 5,
+     "retries": 3,
+     "startPeriod": 60,
+     "timeout": 5
+   }
+ }
+%{ endif }
 ]
diff --git a/variables.tf b/variables.tf
@@ -704,6 +704,23 @@ variable "datadog_metrics_port" {
   default     = "8080"
 }
 
+variable "datadog_key_secret_name" {
+  description = "Name of the secret containing the DataDog API key. This needs to be created manually in AWS secrets manager. This is only applicable to ECS deployments."
+  type        = string
+}
+
+variable "datadog_agent_version" {
+  description = "Version of the Datadog Agent running in the ECS cluster. This is only applicable to ECS deployments."
+  type        = string
+  default     = "7.46.0-jmx"
+}
+
+variable "include_datadog_agent" {
+  description = "Whether to include the datadog-agent container. This is only applicable to ECS deployments."
+  type        = bool
+  default     = false
+}
+
 variable "hms_rw_request_partition_limit" {
   description = "Read-write Hive metastore setting for size of the Hive metastore limit of request partitions."
   type        = string