Prometheus has native Amazon EC2 discovery capabilities, but it does
not have the capacity to discover ECS instances that can be scraped
by Prometheus. This program is a Prometheus File Service Discovery
(file_sd_config) integration that bridges said gap.
Run prometheus-ecs-discovery --help to get information.
The command line parameters that can be used are:
- -config.cluster (string): the name of a cluster to scrape (defaults to scraping all clusters)
- -config.scrape-interval (duration): interval at which to scrape the AWS API for ECS service discovery information (default 1m0s)
- -config.scrape-times (int): how many times to scrape before exiting (0 = infinite)
- -config.write-to (string): path of file to write ECS service discovery information to (default "ecs_file_sd.yml")
- -config.role-arn (string): ARN of the role to assume when scraping the AWS API (optional)
- -config.server-name-label (string): Docker label to define the server name (default "PROMETHEUS_EXPORTER_SERVER_NAME")
- -config.job-name-label (string): Docker label to define the job name (default "PROMETHEUS_EXPORTER_JOB_NAME")
- -config.path-label (string): Docker label to define the scrape path of the application (default "PROMETHEUS_EXPORTER_PATH")
- -config.filter-label (string): docker label (and optional value) to filter on "NAME_OF_LABEL[=VALUE]".
- -config.port-label (string): Docker label to define the scrape port of the application (if missing an application won't be scraped) (default "PROMETHEUS_EXPORTER_PORT")
- -config.dynamic-port-detection (bool): Automatically detect the port mapping, if docker label "PROMETHEUS_DYNAMIC_EXPORT=1" is set. Only works when a single port is mapped, and falls back to the other methods, if not.
First, build this program using the usual go get mechanism.
Then, run it as follows:
- Ensure the program can write to a directory readable by your Prometheus master instance(s).
- Export the usual
AWS_REGION,AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEYinto the environment of the program, making sure that the keys have access to the EC2 / ECS APIs (IAM policies should includeECS:ListClusters,ECS:ListTasks,ECS:DescribeTask,EC2:DescribeInstances,ECS:DescribeContainerInstances,ECS:DescribeTasks,ECS:DescribeTaskDefinition,ECS:DescribeClusters). If the program needs to assume a different role to obtain access, this role's ARN may be passed in via the--config.role-arnoption. This option also allows for cross-account access, depending on which account the role is defined in. - Start the program, using the command line option
-config.write-toto point the program to the specific folder that your Prometheus master can read from. - Add a
file_sd_configto your Prometheus master:
scrape_configs:
- job_name: ecs
file_sd_configs:
- files:
- /path/to/ecs_file_sd.yml
refresh_interval: 10m
# Drop unwanted labels using the labeldrop action
metric_relabel_configs:
- regex: task_arn
action: labeldrop
To scrape the containers add following docker labels to them:
PROMETHEUS_EXPORTER_PORTspecify the container port where prometheus scrapes (mandatory)PROMETHEUS_EXPORTER_SERVER_NAMEspecify the hostname here, per default ip is used (optional)PROMETHEUS_EXPORTER_JOB_NAMEspecify job name here (optional)PROMETHEUS_EXPORTER_PATHspecify alternative scrape path here (optional)PROMETHEUS_EXPORTER_SCHEMEspecify an alternative scheme here, default is http (optional)
By docker labels one means dockerLabels map in ECS task definition JSONs like that:
{
...
"containerDefinitions": [
{
...
"dockerLabels": {
"PROMETHEUS_EXPORTER_PORT": "5000"
}
}
]
...
}That's it. You should begin seeing the program scraping the AWS APIs and writing the discovery file (by default it does that every minute, and by default Prometheus will reload the file the minute it is written). After reloading your Prometheus master configuration, this program will begin informing via the discovery file of new targets that Prometheus must scrape.