Como usar a Pesquisa de transações com o AWS CloudFormation
Você pode usar o AWS CloudFormation para habilitar e configurar a Pesquisa de transações no X-Ray.
nota
Para criar uma pilha do AWS CloudFormation, consulte Criar sua primeira pilha.
Pré-requisitos
Você deve ter acesso a uma conta da AWS com um usuário ou perfil do IAM que tenha permissões para usar o Amazon EC2, o Amazon S3, o AWS CloudFormation ou ter acesso de usuário administrativo.
Você deve ter uma nuvem privada virtual (VPC) que tenha acesso à internet. Para simplificar, você pode usar a VPC padrão que vem com sua conta. A VPC padrão e as sub-redes padrão são suficientes para essa configuração.
Certifique-se de que a Pesquisa de transações esteja desabilitada antes de habilitá-la com o AWS CDK ou o AWS CloudFormation.
Como habilitar a Pesquisa de transações
Para habilitar a Pesquisa de transações usando o CloudFormation, é necessário criar os dois recursos a seguir.
AWS::Logs::ResourcePolicy
AWS::XRay::TransactionSearchConfig
Create AWS::Logs::ResourcePolicy: crie uma política de recursos que permita que o X-Ray envie rastreamentos para o CloudWatch Logs
YAML
Resources: LogsResourcePolicy: Type: AWS::Logs::ResourcePolicy Properties: PolicyName: TransactionSearchAccess PolicyDocument: !Sub > { "Version": "2012-10-17", "Statement": [ { "Sid": "TransactionSearchXRayAccess", "Effect": "Allow", "Principal": { "Service": "xray.amazonaws.com" }, "Action": "logs:PutLogEvents", "Resource": [ "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:aws/spans:*", "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/application-signals/data:*" ], "Condition": { "ArnLike": { "aws:SourceArn": "arn:${AWS::Partition}:xray:${AWS::Region}:${AWS::AccountId}:*" }, "StringEquals": { "aws:SourceAccount": "${AWS::AccountId}" } } } ] }
JSON
{ "Resources": { "LogsResourcePolicy": { "Type": "AWS::Logs::ResourcePolicy", "Properties": { "PolicyName": "TransactionSearchAccess", "PolicyDocument": { "Fn::Sub": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"TransactionSearchXRayAccess\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"xray.amazonaws.com\"\n },\n \"Action\": \"logs:PutLogEvents\",\n \"Resource\": [\n \"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:aws/spans:*\",\n \"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/application-signals/data:*\"\n ],\n \"Condition\": {\n \"ArnLike\": {\n \"aws:SourceArn\": \"arn:${AWS::Partition}:xray:${AWS::Region}:${AWS::AccountId}:*\"\n },\n \"StringEquals\": {\n \"aws:SourceAccount\": \"${AWS::AccountId}\"\n }\n }\n }\n ]\n}" } } } } }
Create and Configure AWS::XRay::TransactionSearchConfig: crie o recurso
TransactionSearchConfig
para habilitar a Pesquisa de transações.YAML
Resources: XRayTransactionSearchConfig: Type: AWS::XRay::TransactionSearchConfig
JSON
{ "Resources": { "XRayTransactionSearchConfig": { "Type": "AWS::XRay::TransactionSearchConfig" } } }
(Opcional) Você pode definir a propriedade
IndexingPercentage
para controlar o percentual de spans que serão indexados.YAML
Resources: XRayTransactionSearchConfig: Type: AWS::XRay::TransactionSearchConfig Properties: IndexingPercentage: 50
JSON
{ "Resources": { "XRayTransactionSearchConfig": { "Type": "AWS::XRay::TransactionSearchConfig", "Properties": { "IndexingPercentage": 20 } } } }
O valor de IndexingPercentage pode ser definido entre 0 e 100.
Exemplos de modelos
O exemplo a seguir inclui a política de recursos e a TransactionSearchConfig.
YAML
Resources: LogsResourcePolicy: Type: AWS::Logs::ResourcePolicy Properties: PolicyName: TransactionSearchAccess PolicyDocument: !Sub > { "Version": "2012-10-17", "Statement": [ { "Sid": "TransactionSearchXRayAccess", "Effect": "Allow", "Principal": { "Service": "xray.amazonaws.com" }, "Action": "logs:PutLogEvents", "Resource": [ "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:aws/spans:*", "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/application-signals/data:*" ], "Condition": { "ArnLike": { "aws:SourceArn": "arn:${AWS::Partition}:xray:${AWS::Region}:${AWS::AccountId}:*" }, "StringEquals": { "aws:SourceAccount": "${AWS::AccountId}" } } } ] } XRayTransactionSearchConfig: Type: AWS::XRay::TransactionSearchConfig Properties: IndexingPercentage: 10
JSON
{ "Resources": { "LogsResourcePolicy": { "Type": "AWS::Logs::ResourcePolicy", "Properties": { "PolicyName": "TransactionSearchAccess", "PolicyDocument": { "Fn::Sub": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"TransactionSearchXRayAccess\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"xray.amazonaws.com\"\n },\n \"Action\": \"logs:PutLogEvents\",\n \"Resource\": [\n \"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:aws/spans:*\",\n \"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/application-signals/data:*\"\n ],\n \"Condition\": {\n \"ArnLike\": {\n \"aws:SourceArn\": \"arn:${AWS::Partition}:xray:${AWS::Region}:${AWS::AccountId}:*\"\n },\n \"StringEquals\": {\n \"aws:SourceAccount\": \"${AWS::AccountId}\"\n }\n }\n }\n ]\n}" } } }, "XRayTransactionSearchConfig": { "Type": "AWS::XRay::TransactionSearchConfig", "Properties": { "IndexingPercentage": 20 } } } }
Veja um exemplo usando o AWS CDK no TypeScript.
CDK
import * as cdk from '@aws-cdk/core'; import * as logs from '@aws-cdk/aws-logs'; import * as xray from '@aws-cdk/aws-xray'; export class XRayTransactionSearchStack extends cdk.Stack { constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) { super(scope, id, props); // Create the resource policy const transactionSearchAccess = new logs.CfnResourcePolicy(this, 'XRayLogResourcePolicy', { policyName: 'TransactionSearchAccess', policyDocument: JSON.stringify({ Version: '2012-10-17', Statement: [ { Sid: 'TransactionSearchXRayAccess', Effect: 'Allow', Principal: { Service: 'xray.amazonaws.com', }, Action: 'logs:PutLogEvents', Resource: [ `arn:${this.partition}:logs:${this.region}:${this.account}:log-group:aws/spans:*`, `arn:${this.partition}:logs:${this.region}:${this.account}:log-group:/aws/application-signals/data:*`, ], Condition: { ArnLike: { 'aws:SourceArn': `arn:${this.partition}:xray:${this.region}:${this.account}:*`, }, StringEquals: { 'aws:SourceAccount': this.account, }, }, }, ], }), }); // Create the TransactionSearchConfig with dependency const transactionSearchConfig = new xray.CfnTransactionSearchConfig(this, 'XRayTransactionSearchConfig', { indexingPercentage: 10, }); // Add the dependency to ensure Resource Policy is created first transactionSearchConfig.addDependsOn(transactionSearchAccess); } }
Como verificar a configuração
Depois de implantar sua pilha do AWS CloudFormation, você pode verificar a configuração usando a AWS CLI.
aws xray get-trace-segment-destination
Uma configuração bem-sucedida retornará o seguinte:
{ "Destination": "CloudWatchLogs", "Status": "ACTIVE" }