Amazon ECS is a scalable, high-performance container orchestration service that supports Docker containers. With the Datadog Agent, you can monitor ECS containers and tasks on every EC2 instance in your cluster.
This page covers Amazon ECS setup with the Datadog Container Agent. For other setups, see:
Note: If you are looking to set up ECS on Fargate, see Amazon ECS on AWS Fargate instructions. The Datadog Agent container deployed on EC2 instances cannot monitor Fargate Tasks. Additionally, AWS Batch is not supported.
The Datadog Agent in ECS should be deployed as a container once on every EC2 instance in your ECS cluster. This is done by creating a Task Definition for the Datadog Agent container and deploying it as a Daemon service. Each Datadog Agent container then monitors the other containers on their respective EC2 instances.
If you don’t have a working EC2 Container Service cluster configured, review the Getting Started section in the ECS documentation to set up and configure a cluster. Once configured, follow the setup instructions below.
- Create and add an ECS Task Definition
- Schedule the Datadog Agent as a Daemon Service
- Optional Setup the additional Datadog Agent features
Note: Datadog’s Autodiscovery can be used in conjunction with ECS and Docker to automatically discover and monitor running tasks in your environment.
Create an ECS task
The Task Definition launches the Datadog Agent container with the necessary configurations. When you need to modify the Agent configuration, update this Task Definition and redeploy the Daemon Service as needed. You can configure the Task Definition using either the AWS CLI tools or using the Amazon Web Console.
The following sample is a minimal configuration for core infrastructure monitoring. However, additional Task Definition samples with various features enabled are provided in the Setup additional Agent features section if you want to use those instead.
Managing the task definition file
For Linux containers, download datadog-agent-ecs.json
- If you are using an original Amazon Linux 1 AMI use datadog-agent-ecs1.json
- If you are using Windows use datadog-agent-ecs-win.json
Edit your base Task Definition file
<YOUR_DATADOG_API_KEY> with the Datadog API key for your account.
DD_SITE environment variable to
Note: If the
DD_SITE environment variable is not explicitly set, it defaults to the
datadoghq.com. If you are using one of the other sites (
US1-FED) and do not set this, it results in an invalid API key message. Use the documentation site selector to see documentation appropriate for the site you’re using.
Optionally - Add the following to your ECS task definition to deploy on an ECS Anywhere cluster.
Optionally - Add an Agent health check to your ECS Task Definition
"command": ["CMD-SHELL","agent health"],
For all of these examples the
DD_API_KEY environment variable can alternatively be populated by referencing the ARN of a “Plaintext” secret stored in AWS Secret Manager. Any additional tags can be added by the environment variable
Registering the task definition
Once you have your Task Definition file created you can execute the following command to register this in AWS.
aws ecs register-task-definition --cli-input-json <path to datadog-agent-ecs.json>
Once you have your Task Definition file created you can login to your AWS console to register this.
- Log in to your AWS Console and navigate to the Elastic Container Service section.
- Click on Task Definitions on the left side and click the button Create new Task Definition.
- Choose “EC2” as the launch type, alternatively you can choose “External” if you plan to deploy the agent task on an ECS Anywhere cluster
- Once on the “Configure task and container definitions” page scroll to the bottom and select Configure via JSON. From here you can copy and paste the configuration from your file.
- Click Save on the JSON tab
- You can make any additional changes from the page here or by repeating this Configure via JSON process
- Click Create at the bottom to register this Task Definition
Run the Agent as a daemon service
Ideally, you want one running Datadog Agent container on each EC2 instance. The easiest way to achieve this is to run the Datadog Agent Task Definition as a Daemon Service.
Schedule a daemon service in AWS using Datadog’s ECS task
- Log in to the AWS console and navigate to the ECS Clusters section. Click into your cluster you run the Agent on.
- Create a new service by clicking the Create button under Services.
- For launch type, select EC2 then the task definition created previously.
- For service type, select
DAEMON, and enter a Service name. Click Next.
- Since the service runs once on each instance, you don’t need a load balancer. Select None. Click Next.
- Daemon services don’t need Auto Scaling, so click Next Step, and then Create Service.
Setup Additional Agent Features
The initial Task Definition provided above is a fairly minimal one. This Task Definition deploys an Agent container with a base configuration to collect core metrics about the containers in your ECS cluster. This Agent can also run Agent Integrations based on Docker Autodiscovery Labels discovered on your corresponding containers.
If you’re using:
If you’re using DogStatsD you can add in a Host Port mapping for 8125/udp to your Dataog Agent’s container definition like:
as well as set the environment variable
For APM and DogStatsD double check the security group settings on your EC2 instances. Make sure these ports are not open to the public. Datadog recommends using the host’s private IP to route data from the application containers to the Datadog Agent container.
Live Container data is automatically collected by the Datadog Agent container. To collect Live Process information for all your containers and send it to Datadog updated your Task Definitions with the environment variable:
Network Performance Monitoring collection
This feature is available for Linux only
- Follow the above instructions to install the Datadog Agent.
- If you already have a task definition, update your datadog-agent-ecs.json file (datadog-agent-ecs1.json if you are using an original Amazon Linux AMI) with the following configuration:
For Agent v6.10+,
awsvpc mode is supported for applicative containers, provided that security groups are set to allow the host instance’s security group to reach the applicative containers on relevant ports.
While it’s possible to run the Agent in
awsvpc mode, it’s not the recommended setup, because it may be difficult to retrieve the ENI IP to reach the Agent for Dogstatsd metrics and APM traces.
Instead, run the Agent in bridge mode with port mapping to allow easier retrieval of host IP through the metadata server.
Need help? Contact Datadog support.
Additional helpful documentation, links, and articles: