Skip to content

[AWS] [EC2] enrich events with EC2 tags with add_cloud_metadata processor #41477

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 12, 2024
Merged

[AWS] [EC2] enrich events with EC2 tags with add_cloud_metadata processor #41477

merged 6 commits into from
Nov 12, 2024

Conversation

Kavindu-Dodan
Copy link
Contributor

@Kavindu-Dodan Kavindu-Dodan commented Oct 29, 2024
edited
Loading

Proposed commit message

This PR adds support to enrich events with EC2 tags iff,

  • IMDS endpoint is enabled 1
  • Tag access is enabled through IMDS endpoint. 2

Tags are added to event payload with key aws.tags.<KEY>,

{
  "aws" : {
   "tags" : {
      "org" : "acme",
      "owner" : "userA"
    }
   }
}

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

The best way to validate this is through a beats deployment (ex:- metricbeat) in an EC2 instance.

  • Create an EC2 instance
    • Enable IMDS endpoint
    • Enable tags access through IMDS endpoint
    • Assign instance with a role with adequate permissions
    • Add few tags to the instance
  • Build metricbeat from this branch
  • Deploy custom build into EC2
  • Enable add_cloud_metadata processor
  • Run and observe metrics containing tags

Related issues

Closes #31899

Screenshots

image

Footnotes

  1. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html

  2. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/work-with-tags-in-IMDS.html#allow-access-to-tags-in-IMDS

@Kavindu-Dodan Kavindu-Dodan added enhancement backport-8.x Automated backport to the 8.x branch with mergify labels Oct 29, 2024
@Kavindu-Dodan Kavindu-Dodan requested a review from a team as a code owner October 29, 2024 21:35
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 29, 2024
@Kavindu-Dodan Kavindu-Dodan added Team:obs-ds-hosted-services Label for the Observability Hosted Services team and removed needs_team Indicates that the issue/PR needs a Team:* label labels Oct 29, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/obs-ds-hosted-services (Team:obs-ds-hosted-services)

@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/add-tags-in-cloud-metadata-processor-for-aws branch from 9adedf4 to 088385e Compare October 30, 2024 16:48
@kaiyan-sheng
Copy link
Contributor

Thanks for working on this @Kavindu-Dodan !!
@axw Do you have opinion on the naming for ec2 tags here from the processor?

Tags are added to event payload with key ec2.tag.<KEY>,
{
  "ec2" : {
   "tag" : {
      "org" : "acme",
      "owner" : "userA"
    }
   }
}

Just a reference: In AWS CloudWatch metricset, we are using aws.tags.<key>:<value>.

@axw
Copy link
Member

axw commented Nov 1, 2024

@kaiyan-sheng my first reaction was that I think the tags field should be independent of the AWS service, because you can tag all/most AWS resources and not just EC2 instances. That could be useful generally for filtering metrics & logs by organisation or something.

OTOH, opentelemetry-collector-contrib's resourcedetection processor uses ec2.tag.*: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/40fa8b8a925cadf569e785cbc85d6dfca152bde2/processor/resourcedetectionprocessor/internal/aws/ec2/ec2.go#L29 (maybe that's what you modelled after @Kavindu-Dodan?)

OTOOH: it seems that resourcedetectionprocessor only supports adding tags for EC2, e.g. there's no support for tags for ECS: open-telemetry/opentelemetry-collector-contrib#14960.

So... I don't know, but I'd be inclined to go with aws.tags.<key>:<value>

@Kavindu-Dodan
Copy link
Contributor Author

Kavindu-Dodan commented Nov 1, 2024
edited
Loading

@kaiyan-sheng my first reaction was that I think the tags field should be independent of the AWS service, because you can tag all/most AWS resources and not just EC2 instances. That could be useful generally for filtering metrics & logs by organisation or something.

OTOH, opentelemetry-collector-contrib's resourcedetection processor uses ec2.tag.*: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/40fa8b8a925cadf569e785cbc85d6dfca152bde2/processor/resourcedetectionprocessor/internal/aws/ec2/ec2.go#L29 (maybe that's what you modelled after @Kavindu-Dodan?)

OTOOH: it seems that resourcedetectionprocessor only supports adding tags for EC2, e.g. there's no support for tags for ECS: open-telemetry/opentelemetry-collector-contrib#14960.

Yes @axw , I came across OTel resource detection processor EC2 tag [1] and tried to match our implementation with that. Currently processor also support Azure tags [2]

So... I don't know, but I'd be inclined to go with aws.tags.<key>:<value>

Since we already use aws.tags. with AWS Cloudwatch metrics and to have consistency, I will go ahead and use the same format for the processor implementation.

Update

I am testing the tag prefix change and will update the observations. Initially I am seeing some data ingestion issue but not sure this is related to tag key prefix.

Update - 2

Okay, it was a permission issue when starting metricsbeat inside my AWS ec2 testbed. Change works fine (see Kibana screenshot)

image

@kaiyan-sheng @axw appreciate another review

[1] - https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/v0.112.0/processor/resourcedetectionprocessor/internal/aws/ec2/ec2.go#L29
[2] - https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/v0.112.0/processor/resourcedetectionprocessor/internal/azure/azure.go#L23

@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/add-tags-in-cloud-metadata-processor-for-aws branch 2 times, most recently from fb01541 to d72b62f Compare November 4, 2024 22:09
@Kavindu-Dodan Kavindu-Dodan force-pushed the feat/add-tags-in-cloud-metadata-processor-for-aws branch from d72b62f to 091c5ca Compare November 6, 2024 23:15
kaiyan-sheng
kaiyan-sheng approved these changes Nov 7, 2024
View reviewed changes
Copy link
Contributor

@kaiyan-sheng kaiyan-sheng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! Thanks for working on this!!

@Kavindu-Dodan Kavindu-Dodan requested a review from axw November 8, 2024 15:30
@Kavindu-Dodan Kavindu-Dodan merged commit c878397 into elastic:main Nov 12, 2024
142 checks passed
mergify bot pushed a commit that referenced this pull request Nov 12, 2024
@Kavindu-Dodan @mergify
[AWS] [EC2] enrich events with EC2 tags with add_cloud_metadata proce…
234e3fa 
…ssor (#41477)

* add support to extract ec2 tags from IMDS endpoint

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* add dedicated tests for tag extractor

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* expand test case and add documentation

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* add changelog entry

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* handle empty tags, add tests and close underlying body

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* review change - use aws.tags as tag prefix

Signed-off-by: Kavindu Dodanduwa <[email protected]>

---------

Signed-off-by: Kavindu Dodanduwa <[email protected]>
(cherry picked from commit c878397)
@mergify mergify bot mentioned this pull request Nov 12, 2024
Merged
6 tasks
Kavindu-Dodan added a commit that referenced this pull request Nov 12, 2024
@mergify @Kavindu-Dodan
[AWS] [EC2] enrich events with EC2 tags with add_cloud_metadata proce…
79c5701 
…ssor (#41477) (#41615)

* add support to extract ec2 tags from IMDS endpoint

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* add dedicated tests for tag extractor

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* expand test case and add documentation

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* add changelog entry

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* handle empty tags, add tests and close underlying body

Signed-off-by: Kavindu Dodanduwa <[email protected]>

* review change - use aws.tags as tag prefix

Signed-off-by: Kavindu Dodanduwa <[email protected]>

---------

Signed-off-by: Kavindu Dodanduwa <[email protected]>
(cherry picked from commit c878397)

Co-authored-by: Kavindu Dodanduwa <[email protected]>
@khushijain21 khushijain21 mentioned this pull request Jun 23, 2025
Closed
@rseldner rseldner mentioned this pull request Oct 2, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaiyan-sheng kaiyan-sheng kaiyan-sheng approved these changes

@zmoog zmoog Awaiting requested review from zmoog

@axw axw Awaiting requested review from axw

Assignees

@Kavindu-Dodan Kavindu-Dodan

Labels
backport-8.x Automated backport to the 8.x branch with mergify enhancement Team:obs-ds-hosted-services Label for the Observability Hosted Services team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Have the add_cloud_metadata processor enrich events with EC2 tags
4 participants
@Kavindu-Dodan @elasticmachine @kaiyan-sheng @axw