diff --git a/cloudwatch.tf b/cloudwatch.tf index ff7d224..c96882c 100644 --- a/cloudwatch.tf +++ b/cloudwatch.tf @@ -4,6 +4,12 @@ * Licensed under the Apache License, Version 2.0 (the "License"); */ +resource "aws_cloudwatch_log_group" "ecs" { + count = var.hms_instance_type == "ecs" ? 1 : 0 + name = local.instance_alias + tags = var.apiary_tags +} + data "template_file" "s3_widgets" { count = length(local.schemas_info) diff --git a/common.tf b/common.tf index 63e22d7..a11582b 100644 --- a/common.tf +++ b/common.tf @@ -78,3 +78,23 @@ data "aws_route53_zone" "apiary_zone" { name = var.apiary_domain_name vpc_id = var.vpc_id } + +data "aws_secretsmanager_secret" "datadog_key" { + count = length(var.datadog_key_secret_name) > 0 ? 1 : 0 + name = var.datadog_key_secret_name +} + +data "aws_secretsmanager_secret_version" "datadog_key" { + count = length(var.datadog_key_secret_name) > 0 ? 1 : 0 + secret_id = data.aws_secretsmanager_secret.datadog_key[0].id +} + +data "external" "datadog_key" { + count = length(var.datadog_key_secret_name) > 0 ? 1 : 0 + program = ["echo", "${data.aws_secretsmanager_secret_version.datadog_key[0].secret_string}"] +} + +provider "datadog" { + api_key = chomp(data.external.datadog_key[0].result["api_key"]) + app_key = chomp(data.external.datadog_key[0].result["app_key"]) +} \ No newline at end of file diff --git a/templates.tf b/templates.tf index 985706e..f4b5941 100644 --- a/templates.tf +++ b/templates.tf @@ -61,6 +61,13 @@ locals{ mysql_permissions = "ALL" mysql_master_cred_arn = var.external_database_host == "" ? aws_secretsmanager_secret.apiary_mysql_master_credentials[0].arn : null mysql_user_cred_arn = data.aws_secretsmanager_secret.db_rw_user.arn + + # Datadog variables + datadog_secret_key = length(var.datadog_key_secret_name) > 0 ? chomp(data.external.datadog_key[0].result["api_key"]) : "" + wd_instance_type = var.hms_instance_type + metrics_port = var.datadog_metrics_port + datadog_agent_version = var.datadog_agent_version + datadog_agent_enabled = var.datadog_agent_enabled }) hms_readonly_template = templatefile("${path.module}/templates/apiary-hms-readonly.json", { @@ -104,5 +111,12 @@ locals{ mysql_write_db = "${var.external_database_host == "" ? join("", aws_rds_cluster.apiary_cluster.*.endpoint) : var.external_database_host}" mysql_master_cred_arn = var.external_database_host == "" ? aws_secretsmanager_secret.apiary_mysql_master_credentials[0].arn : null mysql_user_cred_arn = data.aws_secretsmanager_secret.db_ro_user.arn + + # Datadog variables + datadog_agent_enabled = var.datadog_agent_enabled + datadog_secret_key = length(var.datadog_key_secret_name) > 0 ? chomp(data.external.datadog_key[0].result["api_key"]) : "" + wd_instance_type = var.hms_instance_type + metrics_port = var.datadog_metrics_port + datadog_agent_version = var.datadog_agent_version }) } diff --git a/templates/apiary-hms-readonly.json b/templates/apiary-hms-readonly.json index df313cf..a16ac48 100644 --- a/templates/apiary-hms-readonly.json +++ b/templates/apiary-hms-readonly.json @@ -39,7 +39,7 @@ ], "command": ["sh", "/allow-grant.sh"] }, -%{ endif } +%{ endif } { "name": "apiary-hms-readonly", "image": "${hms_docker_image}:${hms_docker_version}", @@ -73,7 +73,7 @@ "condition": "SUCCESS" } ], -%{ endif } +%{ endif } "environment":[ { "name": "MYSQL_DB_HOST", @@ -179,4 +179,36 @@ %{ endfor } ] } -] +%{ if datadog_agent_enabled } + ,{ + "name": "datadog-agent", + "image": "public.ecr.aws/datadog/agent:${datadog_agent_version}", + "essential": true, + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": "${loggroup}", + "awslogs-region": "${region}", + "awslogs-stream-prefix": "/" + } + }, + "environment": [ + { + "name": "DD_API_KEY", + "value": "${datadog_secret_key}" + }, + { + "name": "ECS_FARGATE", + "value": "true" + } + ], + "healthCheck": { + "command": ["CMD-SHELL", "curl -f http://localhost:18000/actuator/health || exit 1"], + "interval": 5, + "retries": 3, + "startPeriod": 60, + "timeout": 5 + } + } +%{ endif } +] \ No newline at end of file diff --git a/templates/apiary-hms-readwrite.json b/templates/apiary-hms-readwrite.json index 0afae54..ef64a01 100644 --- a/templates/apiary-hms-readwrite.json +++ b/templates/apiary-hms-readwrite.json @@ -231,4 +231,36 @@ %{ endfor } ] } -] +%{ if datadog_agent_enabled } + ,{ + "name": "datadog-agent", + "image": "public.ecr.aws/datadog/agent:${datadog_agent_version}", + "essential": true, + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": "${loggroup}", + "awslogs-region": "${region}", + "awslogs-stream-prefix": "/" + } + }, + "environment": [ + { + "name": "DD_API_KEY", + "value": "${datadog_secret_key}" + }, + { + "name": "ECS_FARGATE", + "value": "true" + } + ], + "healthCheck": { + "command": ["CMD-SHELL", "curl -f http://localhost:18000/actuator/health || exit 1"], + "interval": 5, + "retries": 3, + "startPeriod": 60, + "timeout": 5 + } + } +%{ endif } +] \ No newline at end of file diff --git a/variables.tf b/variables.tf index f6de153..1238de9 100644 --- a/variables.tf +++ b/variables.tf @@ -715,3 +715,21 @@ variable "hms_ro_request_partition_limit" { type = string default = "" } + +variable "datadog_key_secret_name" { + description = "Name of the secret containing the DataDog API key. This needs to be created manually in AWS secrets manager. This is only applicable to ECS deployments." + type = string + default = null +} + +variable "datadog_agent_version" { + description = "Version of the Datadog Agent running in the ECS cluster. This is only applicable to ECS deployments." + type = string + default = "7.50.3-jmx" +} + +variable "datadog_agent_enabled" { + description = "Whether to include the datadog-agent container. This is only applicable to ECS deployments." + type = bool + default = false +} \ No newline at end of file