# CloudFormation에서 트랜잭션 검색 사용
CloudFormation를 사용하여 X-Ray 트랜잭션 검색을 활성화하고 구성할 수 있습니다.
**참고**
CloudFormation 스택을 생성하려면 [첫 번째 스택 생성](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/gettingstarted.walkthrough.html)을 참조하세요.
## 사전 조건
+ Amazon EC2, Amazon S3 및 CloudFormation을 사용할 수 있는 권한을 보유한 IAM 사용자 또는 역할이 있는 AWS 계정에 대한 액세스 권한 또는 관리 사용자 액세스 권한이 있어야 합니다.
+ 인터넷에 액세스할 수 있는 가상 프라이빗 클라우드(VPC)가 있어야 합니다. 작업을 단순화하기 위해 계정과 함께 제공되는 기본 VPC를 사용할 수 있습니다. 이 구성에서는 기본 VPC 및 기본 서브넷으로 충분합니다.
+ AWS CDK 또는 CloudFormation 사용을 활성화하기 전에 트랜잭션 검색이 비활성화되어 있는지 확인하세요.
## 트랜잭션 검색 활성화
CloudFormation을 사용하여 트랜잭션 검색을 활성화하려면 다음과 같은 두 가지 리소스를 생성해야 합니다.
+ `AWS::Logs::ResourcePolicy`
+ `AWS::XRay::TransactionSearchConfig`
1. **AWS::Logs::ResourcePolicy 생성** - X-Ray에서 CloudWatch Logs로 트레이스 보내기를 허용하는 리소스 정책 생성
**YAML**
```
Resources:
LogsResourcePolicy:
Type: AWS::Logs::ResourcePolicy
Properties:
PolicyName: TransactionSearchAccess
PolicyDocument: !Sub >
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TransactionSearchXRayAccess",
"Effect": "Allow",
"Principal": {
"Service": "xray.amazonaws.com"
},
"Action": "logs:PutLogEvents",
"Resource": [
"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:aws/spans:*",
"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/application-signals/data:*"
],
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:${AWS::Partition}:xray:${AWS::Region}:${AWS::AccountId}:*"
},
"StringEquals": {
"aws:SourceAccount": "${AWS::AccountId}"
}
}
}
]
}
```
**JSON**
```
{
"Resources": {
"LogsResourcePolicy": {
"Type": "AWS::Logs::ResourcePolicy",
"Properties": {
"PolicyName": "TransactionSearchAccess",
"PolicyDocument": {
"Fn::Sub": "{\n \"Version\": \"2012-10-17\", \n \"Statement\": [\n {\n \"Sid\": \"TransactionSearchXRayAccess\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"xray.amazonaws.com\"\n },\n \"Action\": \"logs:PutLogEvents\",\n \"Resource\": [\n \"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:aws/spans:*\",\n \"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/application-signals/data:*\"\n ],\n \"Condition\": {\n \"ArnLike\": {\n \"aws:SourceArn\": \"arn:${AWS::Partition}:xray:${AWS::Region}:${AWS::AccountId}:*\"\n },\n \"StringEquals\": {\n \"aws:SourceAccount\": \"${AWS::AccountId}\"\n }\n }\n }\n ]\n}"
}
}
}
}
}
```
1. **AWS::XRay::TransactionSearchConfig 생성 및 구성** - `TransactionSearchConfig` 리소스를 생성하여 트랜잭션 검색을 활성화합니다.
**YAML**
```
Resources:
XRayTransactionSearchConfig:
Type: AWS::XRay::TransactionSearchConfig
```
**JSON**
```
{
"Resources": {
"XRayTransactionSearchConfig": {
"Type": "AWS::XRay::TransactionSearchConfig"
}
}
}
```
1. (선택 사항) 인덱싱할 스팬의 백분율을 제어하도록 `IndexingPercentage` 속성을 설정할 수 있습니다.
**YAML**
```
Resources:
XRayTransactionSearchConfig:
Type: AWS::XRay::TransactionSearchConfig
Properties:
IndexingPercentage: 50
```
**JSON**
```
{
"Resources": {
"XRayTransactionSearchConfig": {
"Type": "AWS::XRay::TransactionSearchConfig",
"Properties": {
"IndexingPercentage": 20
}
}
}
}
```
IndexingPercentage 값은 0\~100으로 설정할 수 있습니다.
## 템플릿 예제
다음 예제에서는 리소스 정책과 TransactionSearchConfig가 모두 포함됩니다.
**YAML**
```
Resources:
LogsResourcePolicy:
Type: AWS::Logs::ResourcePolicy
Properties:
PolicyName: TransactionSearchAccess
PolicyDocument: !Sub >
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TransactionSearchXRayAccess",
"Effect": "Allow",
"Principal": {
"Service": "xray.amazonaws.com"
},
"Action": "logs:PutLogEvents",
"Resource": [
"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:aws/spans:*",
"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/application-signals/data:*"
],
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:${AWS::Partition}:xray:${AWS::Region}:${AWS::AccountId}:*"
},
"StringEquals": {
"aws:SourceAccount": "${AWS::AccountId}"
}
}
}
]
}
XRayTransactionSearchConfig:
Type: AWS::XRay::TransactionSearchConfig
Properties:
IndexingPercentage: 10
```
**JSON**
```
{
"Resources": {
"LogsResourcePolicy": {
"Type": "AWS::Logs::ResourcePolicy",
"Properties": {
"PolicyName": "TransactionSearchAccess",
"PolicyDocument": {
"Fn::Sub": "{\n \"Version\": \"2012-10-17\", \n \"Statement\": [\n {\n \"Sid\": \"TransactionSearchXRayAccess\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"xray.amazonaws.com\"\n },\n \"Action\": \"logs:PutLogEvents\",\n \"Resource\": [\n \"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:aws/spans:*\",\n \"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/application-signals/data:*\"\n ],\n \"Condition\": {\n \"ArnLike\": {\n \"aws:SourceArn\": \"arn:${AWS::Partition}:xray:${AWS::Region}:${AWS::AccountId}:*\"\n },\n \"StringEquals\": {\n \"aws:SourceAccount\": \"${AWS::AccountId}\"\n }\n }\n }\n ]\n}"
}
}
},
"XRayTransactionSearchConfig": {
"Type": "AWS::XRay::TransactionSearchConfig",
"Properties": {
"IndexingPercentage": 20
}
}
}
}
```
다음은 TypeScript에서 AWS CDK를 사용하는 예제입니다.
**CDK**
```
import * as cdk from '@aws-cdk/core';
import * as logs from '@aws-cdk/aws-logs';
import * as xray from '@aws-cdk/aws-xray';
export class XRayTransactionSearchStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// Create the resource policy
const transactionSearchAccess = new logs.CfnResourcePolicy(this, 'XRayLogResourcePolicy', {
policyName: 'TransactionSearchAccess',
policyDocument: JSON.stringify({
Version: '2012-10-17',
Statement: [
{
Sid: 'TransactionSearchXRayAccess',
Effect: 'Allow',
Principal: {
Service: 'xray.amazonaws.com',
},
Action: 'logs:PutLogEvents',
Resource: [
`arn:${this.partition}:logs:${this.region}:${this.account}:log-group:aws/spans:*`,
`arn:${this.partition}:logs:${this.region}:${this.account}:log-group:/aws/application-signals/data:*`,
],
Condition: {
ArnLike: {
'aws:SourceArn': `arn:${this.partition}:xray:${this.region}:${this.account}:*`,
},
StringEquals: {
'aws:SourceAccount': this.account,
},
},
},
],
}),
});
// Create the TransactionSearchConfig with dependency
const transactionSearchConfig = new xray.CfnTransactionSearchConfig(this, 'XRayTransactionSearchConfig', {
indexingPercentage: 10,
});
// Add the dependency to ensure Resource Policy is created first
transactionSearchConfig.addDependsOn(transactionSearchAccess);
}
}
```
## 구성 확인
CloudFormation 스택을 배포한 후 AWS CLI를 사용하여 구성을 확인할 수 있습니다.
**aws xray get-trace-segment-destination**
구성되면 다음이 반환됩니다.
```
{
"Destination": "CloudWatchLogs",
"Status": "ACTIVE"
}
```