Monitor Amazon Elastic Container Service (ECS)

To deploy OneAgent on AWS Elastic Container Service (ECS) clusters with EC2 launch type, follow the instructions below.

Prerequisites

Create a PaaS Token.
ECS cluster with Linux-based container instances.
Review the list of supported applications and versions.
An IAM role for your container instances should attach the AmazonEC2ContainerServiceforEC2Role managed policy. Instructions for creating this role, named ecsInstanceRole, are provided in the AWS documentation.

Deploy OneAgent as a daemon service

This approach describes the installation of OneAgent as a daemon service in its own container. ECS orchestrates the execution of the OneAgent task on each container instance that is part of the cluster.

Privileged mode and volume parameters are prerequisites for this deployment method. As a result, this can only be done using JSON revisions. Consider using build-time injection instead.

On the ECS console, go to Task Definitions > Create new task definition > Create new task definition with JSON.
Edit the task definition JSON:
- Set requiresCompatibilities to ["EC2"]
- Set family to a unique name of your choice for the task definition, such as oneagent
- Add ipcMode and set to host
- Add pidMode and set to host
- Set containerDefinitions[0] to
```
{
   "name": "oneagent",
   "image": "dynatrace/oneagent",
   "essential": true,
   "privileged": true
}
```
- Create a new dictionary in the volumes array:
```
{
   "name": "oneagent"
}
```
Select Create.
Select Create new revision > Create new revision.
In Infrastructure requirements, go to Network Mode and select host.
Scroll to Container - 1, go to Resource allocation limits and set the memory limits as needed

There are two types of memory limits: soft and hard. ECS requires that you define the limit for at least one type of memory. We recommend using the default setting (soft limit of 256 MiBs), as it's less restrictive, but you can adjust this setting as needed.
In the Environment variables section, go to Add individually and define ONEAGENT_INSTALLER_SCRIPT_URL depending on how you connect to Dynatrace:
- For Dynatrace SaaS: https://<your-environment-id>.live.dynatrace.com/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<paas_token>
- For ActiveGate: https://<your-active-gate-ip-or-hostname>:9999/e/<your-environment-id>/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<paas_token>
If you connect via an ActiveGate, you can skip the certificate check by adding the ONEAGENT_INSTALLER_SKIP_CERT_CHECK key with the value true.
optional Add OneAgent installer parameters.

While still in Environment variables, you can customize your OneAgent installation by adding several OneAgent installer parameters in the command text box. Make sure to separate each parameter by a space. For example, --set-monitoring-mode=infra-only --set-app-log-content-access=false --set-network-zone=<your.network.zone>.

Set the --set-network-zone=<your.network.zone> parameter if you want to configure network zones. See network zones for more information.
Scroll down to Storage > Volume - 1 and set Source path to /
Go to Container mount points, select Add mount point and enter the following values:
- Container: oneagent
- Source volume: oneagent
- Container path: /mnt/root
Select Create to save your task definition.
In the Task definitions menu, select the newly created OneAgent task and then select Deploy > Create service. This will create a service to run your task.
In Compute configuration, select Launch type and for Launch type select EC2.
In Deployment configuration, perform the following actions:
- Service name: Name the service.
- Service type: Select Daemon.
Leave the rest of the settings set as they are by default. Follow the remaining steps until you reach and select Create.

Once the service is created, the associated tasks will be executed. The oneagent service creates a task to deploy OneAgent on each container instance of your cluster.

You can see the container instances displayed on the ECS cluster dashboard, and the corresponding hosts in your Dynatrace monitoring environment.
After deploying OneAgent, restart the running application tasks to get service-level visibility.

Security implications

See Docker security implications for details.

Limitations

See Docker limitations for details.

Monitoring consumption

For Elastic Container Service, monitoring consumption is based on host units. See Application and Infrastructure Monitoring (Host Units) for details.