-
Notifications
You must be signed in to change notification settings - Fork 14
/
otel.tf
71 lines (62 loc) · 2.32 KB
/
otel.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
locals {
// optional AWS Distro for OpenTelemetry container
otel_container_defaults = {
essential = false
image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/ecr-public/aws-observability/aws-otel-collector:v0.36.0"
name = "otel"
readonlyRootFilesystem = false
mountPoints = []
portMappings = []
systemControls = []
ulimits = []
user = startswith(upper(var.operating_system_family), "WINDOWS") ? null : "0:1337"
volumesFrom = []
logConfiguration = var.cloudwatch_logs.enabled ? {
logDriver = "awslogs"
options = {
awslogs-group = var.cloudwatch_logs.name == "" ? aws_cloudwatch_log_group.containers[0].name : var.cloudwatch_logs.name
awslogs-region = data.aws_region.current.name
awslogs-stream-prefix = "otel"
mode = "non-blocking"
}
} : null
}
otel_container = var.otel.enabled ? jsonencode(module.otel_container_definition.merged) : ""
}
module "otel_container_definition" {
source = "registry.terraform.io/cloudposse/config/yaml//modules/deepmerge"
version = "1.0.2"
maps = [
local.otel_container_defaults,
var.otel.container_definition
]
}
resource "aws_iam_role_policy_attachment" "otel" {
count = var.otel.enabled && var.task_role_arn == "" ? 1 : 0
policy_arn = aws_iam_policy.otel[count.index].arn
role = aws_iam_role.ecs_task_role[count.index].name
}
resource "aws_iam_policy" "otel" {
count = var.otel.enabled && var.task_role_arn == "" ? 1 : 0
name = "${var.service_name}-otel-${data.aws_region.current.name}"
policy = data.aws_iam_policy_document.otel[count.index].json
}
data "aws_iam_policy_document" "otel" {
count = var.otel.enabled && var.task_role_arn == "" ? 1 : 0
statement {
sid = "AWSDistroOpenTelemetryPolicy"
actions = [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"xray:GetSamplingRules",
"xray:GetSamplingStatisticSummaries",
"xray:GetSamplingTargets",
"xray:PutTelemetryRecords",
"xray:PutTraceSegments"
]
resources = ["*"]
}
}