diff --git a/terraform/.gitignore b/terraform/.gitignore
new file mode 100644
index 000000000..8e782a8e2
--- /dev/null
+++ b/terraform/.gitignore
@@ -0,0 +1 @@
+.external_modules
diff --git a/terraform/addons/xrays-sidecar/.header.md b/terraform/addons/xrays-sidecar/.header.md
new file mode 100644
index 000000000..de177fcad
--- /dev/null
+++ b/terraform/addons/xrays-sidecar/.header.md
@@ -0,0 +1,2 @@
+# AWS Xrays ECS Sidecar
+This addon provides a sidecar for AWS Xrays Opentelemetry to allow Fleet to send traces to AWS Xrays.
diff --git a/terraform/addons/xrays-sidecar/.terraform-docs.yml b/terraform/addons/xrays-sidecar/.terraform-docs.yml
new file mode 100644
index 000000000..1d139ddb4
--- /dev/null
+++ b/terraform/addons/xrays-sidecar/.terraform-docs.yml
@@ -0,0 +1 @@
+header-from: .header.md
diff --git a/terraform/addons/xrays-sidecar/README.md b/terraform/addons/xrays-sidecar/README.md
new file mode 100644
index 000000000..8f81f3c19
--- /dev/null
+++ b/terraform/addons/xrays-sidecar/README.md
@@ -0,0 +1,36 @@
+# AWS Xrays ECS Sidecar
+This addon provides a sidecar for AWS Xrays Opentelemetry to allow Fleet to send traces to AWS Xrays.
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_policy.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_policy_document.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [fleet\_extra\_environment\_variables](#output\_fleet\_extra\_environment\_variables) | n/a |
+| [fleet\_extra\_iam\_policies](#output\_fleet\_extra\_iam\_policies) | n/a |
+| [fleet\_sidecars](#output\_fleet\_sidecars) | n/a |
diff --git a/terraform/addons/xrays-sidecar/main.tf b/terraform/addons/xrays-sidecar/main.tf
new file mode 100644
index 000000000..001700b0a
--- /dev/null
+++ b/terraform/addons/xrays-sidecar/main.tf
@@ -0,0 +1,35 @@
+data "aws_region" "current" {}
+
+data "aws_iam_policy_document" "main" {
+ statement {
+ actions = [
+ "xray:PutTraceSegments",
+ "xray:PutTelemetryRecords",
+ "xray:GetSamplingRules",
+ "xray:GetSamplingTargets",
+ "xray:GetSamplingStatisticSummaries",
+ "logs:PutLogEvents",
+ "logs:CreateLogStream",
+ ]
+ resources = ["*"]
+ }
+}
+
+resource "aws_iam_policy" "main" {
+ policy = data.aws_iam_policy_document.main.json
+}
+
+data "aws_iam_policy_document" "execution" {
+ statement {
+ actions = [
+ "logs:CreateLogStream",
+ "logs:PutLogEvents",
+ "logs:CreateLogGroup",
+ ]
+ resources = ["*"]
+ }
+}
+
+resource "aws_iam_policy" "execution" {
+ policy = data.aws_iam_policy_document.execution.json
+}
diff --git a/terraform/addons/xrays-sidecar/outputs.tf b/terraform/addons/xrays-sidecar/outputs.tf
new file mode 100644
index 000000000..46339d3a2
--- /dev/null
+++ b/terraform/addons/xrays-sidecar/outputs.tf
@@ -0,0 +1,38 @@
+output "fleet_extra_iam_policies" {
+ value = [aws_iam_policy.main.arn]
+}
+
+output "fleet_extra_execution_iam_policies" {
+ value = [aws_iam_policy.execution.arn]
+}
+
+output "fleet_sidecars" {
+ value = [
+ {
+ "name" : "aws-otel-collector",
+ "image" : "public.ecr.aws/aws-observability/aws-otel-collector:v0.26.1",
+ "essential" : true,
+ "command" : [
+ "--config=/etc/ecs/ecs-default-config.yaml"
+ ],
+ "logConfiguration" : {
+ "logDriver" : "awslogs",
+ "options" : {
+ "awslogs-create-group" : "True",
+ "awslogs-group" : "/ecs/ecs-aws-otel-sidecar-collector",
+ "awslogs-region" : data.aws_region.current.name,
+ "awslogs-stream-prefix" : "ecs"
+ }
+ }
+ }
+ ]
+}
+
+output "fleet_extra_environment_variables" {
+ value = {
+ FLEET_LOGGING_TRACING_ENABLED = "true"
+ FLEET_LOGGING_TRACING_TYPE = "opentelemetry"
+ OTEL_SERVICE_NAME = "fleet"
+ OTEL_EXPORTER_OTLP_ENDPOINT = "http://localhost:4317"
+ }
+}
diff --git a/terraform/addons/xrays-sidecar/variables.tf b/terraform/addons/xrays-sidecar/variables.tf
new file mode 100644
index 000000000..8b1378917
--- /dev/null
+++ b/terraform/addons/xrays-sidecar/variables.tf
@@ -0,0 +1 @@
+
diff --git a/terraform/byo-vpc/byo-db/byo-ecs/main.tf b/terraform/byo-vpc/byo-db/byo-ecs/main.tf
index 588819e3b..546757222 100644
--- a/terraform/byo-vpc/byo-db/byo-ecs/main.tf
+++ b/terraform/byo-vpc/byo-db/byo-ecs/main.tf
@@ -46,7 +46,7 @@ resource "aws_ecs_task_definition" "backend" {
cpu = var.fleet_config.cpu
memory = var.fleet_config.mem
container_definitions = jsonencode(
- [
+ concat([
{
name = "fleet"
image = var.fleet_config.image
@@ -127,7 +127,7 @@ resource "aws_ecs_task_definition" "backend" {
},
], local.environment)
}
- ])
+ ], var.fleet_config.sidecars))
}
resource "aws_appautoscaling_target" "ecs_target" {
diff --git a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf
index eb586d916..eaddb9b6b 100644
--- a/terraform/byo-vpc/byo-db/byo-ecs/variables.tf
+++ b/terraform/byo-vpc/byo-db/byo-ecs/variables.tf
@@ -15,6 +15,7 @@ variable "fleet_config" {
cpu = optional(number, 512)
image = optional(string, "fleetdm/fleet:v4.22.1")
family = optional(string, "fleet")
+ sidecars = optional(list(any), [])
extra_environment_variables = optional(map(string), {})
extra_iam_policies = optional(list(string), [])
extra_execution_iam_policies = optional(list(string), [])
@@ -92,6 +93,7 @@ variable "fleet_config" {
cpu = 256
image = "fleetdm/fleet:v4.22.1"
family = "fleet"
+ sidecars = []
extra_environment_variables = {}
extra_iam_policies = []
extra_execution_iam_policies = []
diff --git a/terraform/byo-vpc/byo-db/variables.tf b/terraform/byo-vpc/byo-db/variables.tf
index 9f42603cb..c8aaa0059 100644
--- a/terraform/byo-vpc/byo-db/variables.tf
+++ b/terraform/byo-vpc/byo-db/variables.tf
@@ -54,6 +54,7 @@ variable "fleet_config" {
cpu = optional(number, 512)
image = optional(string, "fleetdm/fleet:v4.22.1")
family = optional(string, "fleet")
+ sidecars = optional(list(any), [])
extra_environment_variables = optional(map(string), {})
extra_iam_policies = optional(list(string), [])
extra_execution_iam_policies = optional(list(string), [])
@@ -131,6 +132,7 @@ variable "fleet_config" {
cpu = 256
image = "fleetdm/fleet:v4.22.1"
family = "fleet"
+ sidecars = []
extra_environment_variables = {}
extra_iam_policies = []
extra_execution_iam_policies = []
diff --git a/terraform/byo-vpc/variables.tf b/terraform/byo-vpc/variables.tf
index 2974bafe4..96cf0a611 100644
--- a/terraform/byo-vpc/variables.tf
+++ b/terraform/byo-vpc/variables.tf
@@ -134,6 +134,7 @@ variable "fleet_config" {
cpu = optional(number, 512)
image = optional(string, "fleetdm/fleet:v4.22.1")
family = optional(string, "fleet")
+ sidecars = optional(list(any), [])
extra_environment_variables = optional(map(string), {})
extra_iam_policies = optional(list(string), [])
extra_execution_iam_policies = optional(list(string), [])
@@ -211,6 +212,7 @@ variable "fleet_config" {
cpu = 256
image = "fleetdm/fleet:v4.22.1"
family = "fleet"
+ sidecars = []
extra_environment_variables = {}
extra_iam_policies = []
extra_execution_iam_policies = []
diff --git a/terraform/variables.tf b/terraform/variables.tf
index bc1d6e9e7..1120d65df 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -189,6 +189,7 @@ variable "fleet_config" {
cpu = optional(number, 512)
image = optional(string, "fleetdm/fleet:v4.22.1")
family = optional(string, "fleet")
+ sidecars = optional(list(any), [])
extra_environment_variables = optional(map(string), {})
extra_iam_policies = optional(list(string), [])
extra_execution_iam_policies = optional(list(string), [])
@@ -280,6 +281,7 @@ variable "fleet_config" {
cpu = 256
image = "fleetdm/fleet:v4.22.1"
family = "fleet"
+ sidecars = []
extra_environment_variables = {}
extra_iam_policies = []
extra_execution_iam_policies = []