Add an AWS Distro for OpenTelemetry Collector sidecar to the Guardian ECS task. The sidecar should scrape Guardian’s existing Prometheus metrics endpoint and export selected metrics to CloudWatch using EMF/custom metrics.
Scope
- Enable Guardian metrics in ECS:
- GUARDIAN_METRICS_ENABLED=true
- GUARDIAN_METRICS_ADDR=0.0.0.0:9464
- GUARDIAN_METRICS_PATH=/metrics
- Add an ADOT Collector sidecar container to the ECS task definition.
- Configure ADOT to scrape 127.0.0.1:9464/metrics.
- Export metrics to CloudWatch under a Guardian namespace, e.g. Guardian/Server.
- Add required IAM permissions for CloudWatch metric/log publishing.
- Create Terraform-managed CloudWatch dashboard widgets for request volume, error rate, latency, proposal lifecycle, canonicalization health, storage health, and ECS CPU/memory.
- Create Terraform-managed CloudWatch alarms for high error rate, high latency, canonicalization failures, stale/missing metrics, and ECS resource saturation.
- Keep the metrics endpoint private to the ECS task; do not expose it via ALB/security groups.
- Update AWS deployment docs with enablement and verification steps.
Acceptance Criteria
- ADOT sidecar runs with the Guardian ECS task.
- CloudWatch receives Guardian application metrics from the Prometheus endpoint.
- Dashboard and alarms are created by Terraform.
- Metrics scrape failures are visible in sidecar logs.
- Non-prod deployment verifies dashboard data and at least one alarm path.
Add an AWS Distro for OpenTelemetry Collector sidecar to the Guardian ECS task. The sidecar should scrape Guardian’s existing Prometheus metrics endpoint and export selected metrics to CloudWatch using EMF/custom metrics.
Scope
Acceptance Criteria