Monitor Amazon ECS tasks running on AWS Fargate by deploying OpenTelemetry Collector Contrib as a sidecar container. This comprehensive guide walks you through creating task definitions, configuring the collector, and setting up monitoring for your serverless ECS workloads.
Installation steps
Follow these steps in order to set up monitoring for your ECS Fargate tasks.
Before you begin
Make sure your environment meets these requirements:
Store your New Relic license key
Save your license key as a Systems Manager (SSM) parameter to securely store credentials for the OpenTelemetry Collector:
$aws ssm put-parameter \> --name "/newrelic-infra/ecs/license-key" \> --type SecureString \> --description 'New Relic license key for ECS monitoring' \> --value "YOUR_NEW_RELIC_LICENSE_KEY"Create IAM policy and execution role
Create an IAM policy so your ECS containers can securely retrieve the New Relic license key:
$aws iam create-policy \> --policy-name "NewRelicSSMLicenseKeyReadAccess" \> --policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["ssm:GetParameters"],"Resource":["arn:aws:ssm:*:*:parameter/newrelic-infra/ecs/license-key"]}]}' \> --description "Provides read access to the New Relic SSM license key parameter"Create an IAM role to be used as the task execution role:
$aws iam create-role \> --role-name "NewRelicECSTaskExecutionRole" \> --assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"ecs-tasks.amazonaws.com"},"Action":"sts:AssumeRole"}]}' \> --description "ECS task execution role for New Relic infrastructure"Attach the required managed policies to the role:
$# Attach the standard ECS task execution policy$aws iam attach-role-policy \> --role-name "NewRelicECSTaskExecutionRole" \> --policy-arn "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"$
$# Attach the New Relic SSM license key read access policy$aws iam attach-role-policy \> --role-name "NewRelicECSTaskExecutionRole" \> --policy-arn "arn:aws:iam::$(aws sts get-caller-identity --query Account --output text):policy/NewRelicSSMLicenseKeyReadAccess"Store collector configuration
Store the OpenTelemetry Collector configuration in AWS Systems Manager Parameter Store so you can manage and update settings without rebuilding container images:
$aws ssm put-parameter \> --name "/ecs/otel-collector/fargate-config" \> --type "String" \> --value "$(cat <<EOF$receivers:$ awsecscontainermetrics:$ collection_interval: <COLLECTION_INTERVAL>$
$processors:$ metricstransform/containers:$ transforms:$ - include: container.cpu.utilized$ action: insert$ new_name: container.cpu.utilization$ - include: container.memory.usage$ action: insert$ new_name: container.memory.usage.total$ - include: container.storage.read_bytes$ action: insert$ new_name: container.blockio.io_service_bytes_recursive$ operations:$ - action: add_label$ new_label: operation$ new_value: read$ - include: container.storage.write_bytes$ action: insert$ new_name: container.blockio.io_service_bytes_recursive$ operations:$ - action: add_label$ new_label: operation$ new_value: write$
$ batch:$ send_batch_size: <SEND_BATCH_SIZE>$ timeout: <BATCH_TIMEOUT>$
$ resource:$ attributes:$ - key: ClusterName$ from_attribute: aws.ecs.cluster.name$ action: insert$ - key: ServiceName$ from_attribute: aws.ecs.service.name$ action: insert$ - key: TaskId$ from_attribute: aws.ecs.task.id$ action: insert$ - key: TaskDefinitionFamily$ from_attribute: aws.ecs.task.family$ action: insert$ - key: LaunchType$ from_attribute: aws.ecs.launch_type$ action: insert$ - key: cloud.platform$ value: \"aws_ecs\"$ action: upsert$ - key: docker.host$ from_attribute: aws.ecs.task.id$ action: insert$ - key: docker.imageName$ from_attribute: container.image.name$ action: insert$ - key: docker.containerId$ from_attribute: container.id$ action: insert$ - key: docker.state$ from_attribute: aws.ecs.container.know_status$ action: insert$
$
$exporters:$ otlphttp:$ endpoint: https://otlp.nr-data.net:443$ headers:$ api-key: \${NEW_RELIC_LICENSE_KEY}$
$ debug:$ verbosity: basic$
$service:$ pipelines:$ metrics/containers:$ receivers: [awsecscontainermetrics]$ processors: [metricstransform/containers, resource, batch]$ exporters: [otlphttp, debug]$EOF$)"Configuration parameters
The following parameters can be customized in the OpenTelemetry Collector configuration:
Parameter | Description |
|---|---|
| The interval in seconds for collecting metrics from the ECS container metrics endpoint. |
| Memory limit for the OpenTelemetry Collector in MiB |
| Number of metrics to batch before sending to New Relic |
| Maximum time to wait before sending a batch |
| Timeout for resource detection processors |
Create task definition
Create a new ECS task definition for Fargate that includes the OpenTelemetry Collector sidecar container. Choose the appropriate task definition for your container platform:
Task definition parameters
The following parameters can be customized in your ECS Fargate task definition:
Parameter | Description |
|---|---|
| Total CPU units for the Fargate task |
| Total memory for the Fargate task in MiB |
| CPU units allocated to your application container |
| Memory allocated to your application container in MiB |
| CPU units allocated to the OpenTelemetry Collector |
| Memory reservation for the OpenTelemetry Collector in MiB |
| CloudWatch log group name for your application container |
| CloudWatch log group name for the OpenTelemetry Collector |
| AWS region for CloudWatch logs |
| Log stream prefix for your application container |
| Log stream prefix for the OpenTelemetry Collector |
Tip
Key differences between Linux and Windows Fargate containers:
- Runtime platform: Windows requires explicit
operatingSystemFamily: "WINDOWS_SERVER_2022_FULL" - Images: Windows uses specific Windows container images
- Entry point: Windows collector specifies
C:\\otelcol-contrib.exeas entry point - Memory allocation: Uses
memoryReservationfor flexible memory management
Important
Replace YOUR_ACCOUNT and region values with your actual AWS account ID and AWS region.
Deploy and run the task
Deploy your task definition to your ECS cluster:
Register the task definition:
bash$aws ecs register-task-definition --cli-input-json file://task-definition.jsonCreate a service:
bash$aws ecs create-service \>--cluster your-cluster-name \>--service-name otel-monitoring-service \>--task-definition otel-ecs-fargate-metrics:1 \>--desired-count 1 \>--launch-type FARGATE \>--network-configuration "awsvpcConfiguration={subnets=[subnet-12345,subnet-67890],securityGroups=[sg-abcdef],assignPublicIp=ENABLED}"
Verify data collection
Check that your data is flowing to New Relic:
Check OpenTelemetry Collector status: Review container logs to confirm the collector is running without errors and successfully connecting to New Relic:
bash$aws logs get-log-events \>--log-group-name "/ecs/otel-collector-fargate" \>--log-stream-name "otel/otel-collector/TASK_ID"Verify data in New Relic UI: Navigate to one.newrelic.com > All Capabilities > Infrastructure to confirm your ECS containers appear with metrics. For detailed guidance on exploring your data, see Find and query your ECS monitoring data.
Configuration differences from EC2
Key differences when running on Fargate:
- No host-level access: Cannot access underlying host metrics like in EC2
- Network mode: Must use
awsvpcnetwork mode - Resource constraints: Limited by Fargate CPU/memory combinations
- Storage: Ephemeral storage only, no persistent volumes
- Container insights: Relies on Task Metadata Endpoint v4 for container stats
Next steps
After setting up monitoring, you can:
- Create custom dashboards for your Fargate metrics
- Set up alerts for container and task-level issues
- Correlate ECS metrics with application traces and logs