Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AWS] [EC2] enrich events with EC2 tags with add_cloud_metadata processor #41477

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

[AWS] [EC2] enrich events with EC2 tags with add_cloud_metadata processor #41477

wants to merge 6 commits into from
+367 −121

Conversation

Kavindu-Dodan
Copy link
Contributor

@Kavindu-Dodan Kavindu-Dodan commented Oct 29, 2024
edited
Loading

Proposed commit message

This PR adds support to enrich events with EC2 tags iff,

  • IMDS endpoint is enabled 1
  • Tag access is enabled through IMDS endpoint. 2

Tags are added to event payload with key aws.tags.<KEY>,

{
  "aws" : {
   "tags" : {
      "org" : "acme",
      "owner" : "userA"
    }
   }
}

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

The best way to validate this is through a beats deployment (ex:- metricbeat) in an EC2 instance.

  • Create an EC2 instance
    • Enable IMDS endpoint
    • Enable tags access through IMDS endpoint
    • Assign instance with a role with adequate permissions
    • Add few tags to the instance
  • Build metricbeat from this branch
  • Deploy custom build into EC2
  • Enable add_cloud_metadata processor
  • Run and observe metrics containing tags

Related issues

Closes #31899

Screenshots

image

Footnotes

  1. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html

  2. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/work-with-tags-in-IMDS.html#allow-access-to-tags-in-IMDS

@Kavindu-Dodan Kavindu-Dodan added enhancement backport-8.x Automated backport to the 8.x branch with mergify labels Oct 29, 2024
@Kavindu-Dodan Kavindu-Dodan requested a review from a team as a code owner October 29, 2024 21:35
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 29, 2024
@Kavindu-Dodan Kavindu-Dodan added Team:obs-ds-hosted-services Label for the Observability Hosted Services team and removed needs_team Indicates that the issue/PR needs a Team:* label labels Oct 29, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/obs-ds-hosted-services (Team:obs-ds-hosted-services)

@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/add-tags-in-cloud-metadata-processor-for-aws branch from 9adedf4 to 088385e Compare October 30, 2024 16:48
@kaiyan-sheng
Copy link
Contributor

Thanks for working on this @Kavindu-Dodan !!
@axw Do you have opinion on the naming for ec2 tags here from the processor?

Tags are added to event payload with key ec2.tag.<KEY>,
{
  "ec2" : {
   "tag" : {
      "org" : "acme",
      "owner" : "userA"
    }
   }
}

Just a reference: In AWS CloudWatch metricset, we are using aws.tags.<key>:<value>.

@axw
Copy link
Member

axw commented Nov 1, 2024

@kaiyan-sheng my first reaction was that I think the tags field should be independent of the AWS service, because you can tag all/most AWS resources and not just EC2 instances. That could be useful generally for filtering metrics & logs by organisation or something.

OTOH, opentelemetry-collector-contrib's resourcedetection processor uses ec2.tag.*: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/40fa8b8a925cadf569e785cbc85d6dfca152bde2/processor/resourcedetectionprocessor/internal/aws/ec2/ec2.go#L29 (maybe that's what you modelled after @Kavindu-Dodan?)

OTOOH: it seems that resourcedetectionprocessor only supports adding tags for EC2, e.g. there's no support for tags for ECS: open-telemetry/opentelemetry-collector-contrib#14960.

So... I don't know, but I'd be inclined to go with aws.tags.<key>:<value>

@Kavindu-Dodan
Copy link
Contributor Author

Kavindu-Dodan commented Nov 1, 2024
edited
Loading

@kaiyan-sheng my first reaction was that I think the tags field should be independent of the AWS service, because you can tag all/most AWS resources and not just EC2 instances. That could be useful generally for filtering metrics & logs by organisation or something.

OTOH, opentelemetry-collector-contrib's resourcedetection processor uses ec2.tag.*: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/40fa8b8a925cadf569e785cbc85d6dfca152bde2/processor/resourcedetectionprocessor/internal/aws/ec2/ec2.go#L29 (maybe that's what you modelled after @Kavindu-Dodan?)

OTOOH: it seems that resourcedetectionprocessor only supports adding tags for EC2, e.g. there's no support for tags for ECS: open-telemetry/opentelemetry-collector-contrib#14960.

Yes @axw , I came across OTel resource detection processor EC2 tag [1] and tried to match our implementation with that. Currently processor also support Azure tags [2]

So... I don't know, but I'd be inclined to go with aws.tags.<key>:<value>

Since we already use aws.tags. with AWS Cloudwatch metrics and to have consistency, I will go ahead and use the same format for the processor implementation.

Update

I am testing the tag prefix change and will update the observations. Initially I am seeing some data ingestion issue but not sure this is related to tag key prefix.

Update - 2

Okay, it was a permission issue when starting metricsbeat inside my AWS ec2 testbed. Change works fine (see Kibana screenshot)

image

@kaiyan-sheng @axw appreciate another review

[1] - https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/v0.112.0/processor/resourcedetectionprocessor/internal/aws/ec2/ec2.go#L29
[2] - https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/v0.112.0/processor/resourcedetectionprocessor/internal/azure/azure.go#L23

@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/add-tags-in-cloud-metadata-processor-for-aws branch 2 times, most recently from fb01541 to d72b62f Compare November 4, 2024 22:09
@Kavindu-Dodan
add support to extract ec2 tags from IMDS endpoint
90be16c 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
add dedicated tests for tag extractor
48b582f 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
expand test case and add documentation
2023e0f 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
add changelog entry
d7a4155 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
handle empty tags, add tests and close underlying body
7e53ca0 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan
review change - use aws.tags as tag prefix
091c5ca 
Signed-off-by: Kavindu Dodanduwa <kavindu.dodanduwa@elastic.co>
@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/add-tags-in-cloud-metadata-processor-for-aws branch from d72b62f to 091c5ca Compare November 6, 2024 23:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zmoog zmoog Awaiting requested review from zmoog

@kaiyan-sheng kaiyan-sheng Awaiting requested review from kaiyan-sheng

At least 1 approving review is required to merge this pull request.

Assignees

@Kavindu-Dodan Kavindu-Dodan

Labels
backport-8.x Automated backport to the 8.x branch with mergify enhancement Team:obs-ds-hosted-services Label for the Observability Hosted Services team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Have the add_cloud_metadata processor enrich events with EC2 tags
4 participants
@Kavindu-Dodan @elasticmachine @kaiyan-sheng @axw