Your team is planning on deploying an application on an ECS cluster.
They also need to ensure that the X-Ray service can trace the application deployed on the cluster.
Which of the following is the right set of steps that are needed to accomplish this? Choose 2 answers from the options given below.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A and D.
This is given in the AWS Documentation.
Options B and C are invalid since these are irrelevant to the requirements given in the question.
For more information on X-Ray and ECS, please refer to the below URL-
https://docs.aws.amazon.com/xray/latest/devguide/xray-daemon-ecs.htmlTo enable X-Ray tracing for an application deployed on an ECS cluster, you need to take the following steps:
Create a Docker image with the X-Ray daemon: You can create a custom Docker image that includes the X-Ray daemon. This image should be based on the official AWS X-Ray daemon image available on DockerHub. You can then use this image to run your application on ECS.
Attach an IAM role with permissions to the ECS Cluster: You need to attach an IAM role to the ECS cluster, which has permissions to communicate with the X-Ray service. This role should have the AWSXRayDaemonWriteAccess
policy attached to it.
Deploy the EC2 Instance to the ECS Cluster: You need to deploy an EC2 instance to the ECS cluster, which will run the Docker container instances that host your application. This EC2 instance must have an IAM instance profile assigned to it that includes the IAM role with the AWSXRayDaemonWriteAccess
policy.
Assign a role to the Docker container instance in ECS which has a policy that allows it to write to xray: When you create a task definition for your application in ECS, you can specify an IAM task role for the container instances. This role should include the AWSXRayWriteOnlyAccess
policy, which grants the container instance permission to write data to X-Ray.
Therefore, the correct answers are A and D:
A. Create a Docker image with the X-Ray daemon. D. Assign a role to the Docker container instance in ECS which has a policy that allows it to write to xray.