IN PROGRESS

Author: alukach

Cargo.lock

@@ -39,7 +39,7 @@ azure_storage = "0.20.0"
 azure_core = "0.20.0"
 time = { version = "0.3", features = ["formatting"] }
 url = "2.2.2"
-reqwest = { version = "0.11.0", features = ["stream", "json"] }
+reqwest = { version = "0.12", features = ["stream", "json"] }
 actix-cors = "0.7.0"
 moka = { version = "0.12.8", features = ["future"] }
 percent-encoding = "2.1.0"
@@ -50,5 +50,19 @@ actix-http = "^3"
 thiserror = "2.0.12"
 serde_json = "1.0.141"
 
+# OpenTelemetry dependencies
+opentelemetry = "0.24"
+opentelemetry_sdk = { version = "0.24", features = ["rt-tokio"] }
+opentelemetry-otlp = { version = "0.17", features = ["grpc-tonic", "trace"] }
+opentelemetry-semantic-conventions = "0.16"
+tracing = "0.1"
+tracing-opentelemetry = "0.25"
+tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
+tracing-actix-web = "0.7"
+opentelemetry-http = "0.13"
+reqwest-middleware = "0.4"
+reqwest-tracing = { version = "0.5", features = ["opentelemetry_0_24"] }
+
 [dev-dependencies]
 common-s3-headers = "1.0.0"
+temp-env = "0.3"

Cargo.toml

@@ -0,0 +1,197 @@
+# AWS Distro for OpenTelemetry (ADOT) Setup
+
+This deployment includes AWS Distro for OpenTelemetry (ADOT) Collector as a sidecar container for distributed tracing with AWS X-Ray and metrics collection with CloudWatch.
+
+## Architecture
+
+```
+┌─────────────────────────────────────────────────┐
+│              ECS Task                           │
+│                                                 │
+│  ┌──────────────────┐    ┌─────────────────┐  │
+│  │                  │    │                 │  │
+│  │  Application     │───▶│  ADOT Collector │  │
+│  │  Container       │    │                 │  │
+│  │                  │    │  localhost:4317 │  │
+│  └──────────────────┘    └────────┬────────┘  │
+│                                    │           │
+└────────────────────────────────────┼───────────┘
+                                     │
+                      ┌──────────────┴───────────────┐
+                      │                              │
+                      ▼                              ▼
+              ┌───────────────┐            ┌─────────────────┐
+              │  AWS X-Ray    │            │  CloudWatch     │
+              │  (Traces)     │            │  (Metrics/Logs) │
+              └───────────────┘            └─────────────────┘
+```
+
+## Components
+
+### Application Container (source-data-proxy)
+
+The main Rust application is instrumented with OpenTelemetry and sends traces to the ADOT collector via OTLP:
+
+- **Endpoint**: `http://localhost:4317` (OTLP gRPC)
+- **Protocol**: OpenTelemetry Protocol (OTLP)
+- **Context Propagation**: W3C TraceContext headers
+- **Sampling**: 10% (configurable via `OTEL_TRACE_SAMPLE_RATE`)
+
+### ADOT Collector Sidecar
+
+The ADOT collector runs as a sidecar container in the same ECS task:
+
+- **Image**: `public.ecr.aws/aws-observability/aws-otel-collector:latest`
+- **CPU**: 256 units (0.25 vCPU)
+- **Memory**: 512 MB
+- **Configuration**: Default ECS configuration (`/etc/ecs/ecs-default-config.yaml`)
+
+#### Receivers
+
+- **OTLP gRPC**: Port 4317
+- **OTLP HTTP**: Port 4318
+
+#### Exporters
+
+- **AWS X-Ray**: For distributed tracing
+- **CloudWatch EMF**: For metrics
+
+## Environment Variables
+
+### Application Container
+
+```bash
+# OpenTelemetry Configuration
+OTEL_SERVICE_NAME=source-data-proxy
+OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4317
+OTEL_TRACE_SAMPLE_RATE=0.1
+OTEL_TRACES_SAMPLER=parentbased_traceidratio
+RUST_LOG=info,source_data_proxy=debug
+TRACING_SKIP_PATHS=/
+DEPLOYMENT_ENV=<stack-name>
+
+# Disable telemetry for local development (optional)
+OTEL_SDK_DISABLED=true
+```
+
+### ADOT Collector
+
+```bash
+AWS_REGION=<region>
+```
+
+## IAM Permissions
+
+The ECS task role is granted the following permissions:
+
+```json
+{
+  "Effect": "Allow",
+  "Action": [
+    "xray:PutTraceSegments",
+    "xray:PutTelemetryRecords",
+    "cloudwatch:PutMetricData",
+    "logs:PutLogEvents",
+    "logs:CreateLogGroup",
+    "logs:CreateLogStream",
+    "logs:DescribeLogStreams",
+    "logs:DescribeLogGroups"
+  ],
+  "Resource": "*"
+}
+```
+
+## Viewing Traces
+
+### AWS X-Ray Console
+
+1. Navigate to AWS X-Ray Console
+2. Select "Service Map" to see the distributed trace topology
+3. Select "Traces" to view individual traces
+4. Filter by service name: `source-data-proxy`
+
+### CloudWatch Logs
+
+Application logs are written to:
+- **Log Group**: `/ecs/<stack-name>-proxy`
+- **Format**: JSON with OpenTelemetry context (trace_id, span_id)
+
+ADOT Collector logs are written to:
+- **Log Group**: `/ecs/<stack-name>-adot-collector`
+
+## Resource Usage
+
+### Default Configuration
+
+- **Application Container**: 4 vCPU, 12 GB RAM
+- **ADOT Collector**: 0.25 vCPU, 512 MB RAM
+- **Total per task**: 4.25 vCPU, 12.5 GB RAM
+
+## Customization
+
+To customize the ADOT collector configuration, modify the `AdotCollector` construct:
+
+```typescript
+new AdotCollector(this, "adot-collector", {
+  taskDefinition: this.service.taskDefinition,
+  cpu: 512,                              // Increase CPU
+  memoryLimitMiB: 1024,                  // Increase memory
+  logRetention: logs.RetentionDays.ONE_MONTH, // Longer retention
+});
+```
+
+## Cost Optimization
+
+### Sampling
+
+Adjust the sampling rate to control costs:
+
+```typescript
+environment: {
+  OTEL_TRACE_SAMPLE_RATE: "0.01", // 1% sampling
+}
+```
+
+### Health Check Filtering
+
+Health checks are automatically filtered from tracing via `TRACING_SKIP_PATHS=/` to reduce noise and cost.
+
+### ADOT Collector Resources
+
+The default allocation (0.25 vCPU, 512 MB) is suitable for moderate traffic. Monitor CloudWatch metrics and adjust if needed.
+
+## Troubleshooting
+
+### No Traces in X-Ray
+
+1. Check ADOT collector logs: `/ecs/<stack-name>-adot-collector`
+2. Verify IAM permissions on the task role
+3. Check application logs for initialization errors
+4. Verify OTLP endpoint is set to `http://localhost:4317`
+
+### High CPU/Memory Usage on ADOT Collector
+
+1. Check the number of spans being sent
+2. Consider reducing sampling rate
+3. Increase ADOT collector resources
+4. Review batch configuration in ADOT config
+
+### Local Development
+
+For local development without ADOT:
+
+```bash
+# Disable OpenTelemetry entirely
+OTEL_SDK_DISABLED=true cargo run
+
+# OR run a local OTLP collector
+docker run -p 4317:4317 -p 16686:16686 jaegertracing/all-in-one:latest
+cargo run
+```
+
+## References
+
+- [AWS ADOT Documentation](https://aws-otel.github.io/)
+- [ADOT on ECS](https://aws-otel.github.io/docs/getting-started/ecs)
+- [AWS X-Ray Developer Guide](https://docs.aws.amazon.com/xray/latest/devguide/)
+- [OpenTelemetry Rust](https://opentelemetry.io/docs/instrumentation/rust/)

deploy/ADOT_SETUP.md

@@ -0,0 +1,80 @@
+# ECS Fargate Setup with Application Load Balancer
+
+This document describes the CDK infrastructure for the Source Data Proxy ECS Fargate service.
+
+## Architecture
+
+The setup includes:
+
+1. **ECS Cluster**: Hosts the Fargate services
+2. **Application Load Balancer**: Routes traffic to the ECS service
+3. **ECS Fargate Service**: Runs the source-data-proxy container
+4. **Target Group**: Health checks and load balancing configuration
+5. **Security Groups**: Network access control
+
+## Components
+
+### EcsCluster (`ecs-cluster.ts`)
+- Creates an ECS cluster with container insights and service discovery
+- Enables ECS Exec for debugging
+- Configures CloudWatch logging
+
+### SourceDataProxy (`source-data-proxy.ts`)
+- Uses the `ApplicationLoadBalancedFargateService` pattern for simplified setup
+- Automatically creates ALB, target group, and service configuration
+- Defines ECS task definition with Fargate configuration
+- Creates the ECS service with auto-scaling capabilities
+- Builds Docker image from source code using `ContainerImage.fromAsset()`
+
+## Configuration
+
+### Environment Variables
+- `TASK_ROLE_ARN`: IAM role for the ECS task
+- `EXECUTION_ROLE_ARN`: IAM role for ECS task execution
+
+### Task Definition
+- **CPU**: 4 vCPU (4096 CPU units)
+- **Memory**: 12 GB (12288 MB)
+- **Architecture**: x86_64 Linux
+- **Network Mode**: awsvpc
+- **Port**: 8080 (HTTP)
+
+### Load Balancer
+- **Type**: Application Load Balancer (automatically configured)
+- **Protocol**: HTTP (port 80)
+- **Health Check**: Default ALB health checks
+- **Target Type**: IP (for Fargate)
+
+## Deployment
+
+The service is deployed through CDK with the following workflow:
+
+1. **CDK Deploy**: Infrastructure is deployed using CDK, which automatically builds the Docker image from source code
+2. **Service Update**: ECS service is updated with new task definition
+
+## Security
+
+- ECS service runs in private subnets
+- ALB is internet-facing but only forwards to private ECS tasks
+- Security groups restrict access appropriately
+- IAM roles provide least-privilege access
+
+## Monitoring
+
+- CloudWatch logs for container logs
+- Container insights for cluster monitoring
+- ALB access logs for traffic analysis
+- Health checks for service availability
+
+## Scaling
+
+- Service starts with 2 desired tasks for high availability
+- Circuit breaker enabled for automatic rollback on failures
+- Service discovery enabled for internal communication
+
+## Integration
+
+The service integrates with:
+- Vercel API proxy for external API access
+- Source API for data retrieval
+- CloudWatch for logging and monitoring

deploy/ECS_SETUP.md

@@ -0,0 +1,60 @@
+{
+  "vpc-provider:account=417712557820:filter.vpc-id=vpc-05858c6e5697bbc40:region=us-east-1:returnAsymmetricSubnets=true": {
+    "vpcId": "vpc-05858c6e5697bbc40",
+    "vpcCidrBlock": "172.31.0.0/16",
+    "ownerAccountId": "417712557820",
+    "availabilityZones": [],
+    "subnetGroups": [
+      {
+        "name": "Public",
+        "type": "Public",
+        "subnets": [
+          {
+            "subnetId": "subnet-0b58bb77fafa39150",
+            "cidr": "172.31.0.0/20",
+            "availabilityZone": "us-east-1a",
+            "routeTableId": "rtb-027f8b153e98defc0"
+          },
+          {
+            "subnetId": "subnet-05005bb04f849cc10",
+            "cidr": "172.31.80.0/20",
+            "availabilityZone": "us-east-1b",
+            "routeTableId": "rtb-027f8b153e98defc0"
+          },
+          {
+            "subnetId": "subnet-0946107edbccd3597",
+            "cidr": "172.31.16.0/20",
+            "availabilityZone": "us-east-1c",
+            "routeTableId": "rtb-027f8b153e98defc0"
+          },
+          {
+            "subnetId": "subnet-032270dfa5a352ff0",
+            "cidr": "172.31.32.0/20",
+            "availabilityZone": "us-east-1d",
+            "routeTableId": "rtb-027f8b153e98defc0"
+          },
+          {
+            "subnetId": "subnet-01f7a2705fd7610df",
+            "cidr": "172.31.48.0/20",
+            "availabilityZone": "us-east-1e",
+            "routeTableId": "rtb-027f8b153e98defc0"
+          },
+          {
+            "subnetId": "subnet-027a32b8b687b9419",
+            "cidr": "172.31.64.0/20",
+            "availabilityZone": "us-east-1f",
+            "routeTableId": "rtb-027f8b153e98defc0"
+          }
+        ]
+      }
+    ]
+  },
+  "availability-zones:account=417712557820:region=us-east-1": [
+    "us-east-1a",
+    "us-east-1b",
+    "us-east-1c",
+    "us-east-1d",
+    "us-east-1e",
+    "us-east-1f"
+  ]
+}