By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Tomcat Application deployed to AppRunner: Export JMX to CloudWatch?

0

I've joined a team that recently migrated a Java EE tomcat application from on premises to AWS App Runner using the amazoncorretto docker images. I'm looking now to improve visibility especially of our JMX stats by feeding them in to Cloudwatch.

How can I configure the App Runner cloudwatch agents to scrape prometheus metrics or the JMX port of my containerized service?

The closest examples I have seen to accomplish this only touch on ECS+Fargate and do not work with App Runner since those apps' underlying resources aren't exposed to the API or web console and obviously no user-managed cloudformation templates. I would like to just integrate Prometheus jmx_exporter or so in to the application but it's unclear how to do this with an App Runner application without setting up an ec2 instance and scraping those endpoints over the public network interface.

Topics
ComputeContainersJava Development
Tags
AWS App RunnerJava Development
Language
English
rrix_NWM
asked a month ago59 views
1 Answer
1
Accepted Answer

To integrate JMX metrics from your Tomcat application running in AWS App Runner with CloudWatch, you'll need to work within the constraints of the managed nature of App Runner, which does not expose the underlying instances for direct configuration like ECS or EC2 does. However, you can still export JMX metrics and push them to CloudWatch in a few steps.

Here’s a potential solution:

  1. Use JMX Exporter (Prometheus JMX Exporter) The JMX exporter is a Java agent that can scrape and expose JMX metrics over HTTP in a format that Prometheus can scrape. It can also integrate with CloudWatch through the CloudWatch Agent.

Steps to integrate JMX Exporter with your App Runner container: Add the JMX Exporter to your Docker Container: You can add the JMX exporter to your Tomcat container by downloading the JMX exporter Java agent and including it in your Dockerfile. Here’s how you can modify your Dockerfile to add it:

Dockerfile Copy Edit FROM amazoncorretto:11

Install JMX exporter jar

ADD jmx_exporter.jar /opt/jmx_exporter/jmx_exporter.jar

Start Tomcat with JMX Exporter

CMD ["java", "-javaagent:/opt/jmx_exporter/jmx_exporter.jar=8080:/opt/jmx_exporter/config.yml", "-jar", "your-tomcat-application.jar"] The config.yml file should be configured to specify which JMX beans to scrape. The JMX exporter will expose these metrics on an HTTP endpoint.

Expose the JMX Exporter HTTP Endpoint: The JMX exporter will expose the metrics via an HTTP endpoint, such as http://localhost:8080/metrics. You need to ensure that this endpoint is exposed to the public so that AWS CloudWatch can scrape it.

Since App Runner containers are abstracted, you cannot directly expose this endpoint to the internet in the same way you would with ECS or EC2 instances. However, you can work around this by setting up an intermediary service, such as a CloudWatch Agent or Prometheus itself, to scrape the metrics.

  1. Use CloudWatch Agent (Container Insights) AWS App Runner does not provide direct access to install and configure CloudWatch Agent on the underlying EC2 instances. However, you can make use of AWS CloudWatch Container Insights for monitoring containerized applications running on App Runner.

Unfortunately, as of now, App Runner does not natively support scraping Prometheus endpoints directly with CloudWatch Agent (which would be a common solution in ECS). But you can try the following approach:

Use Amazon Managed Prometheus: You can configure your App Runner application to expose metrics in Prometheus format (via JMX Exporter). Then, you can integrate AWS Managed Prometheus to scrape the exposed endpoint.

Set up Amazon Managed Prometheus.

Configure it to scrape metrics from your App Runner service by specifying the endpoint (http://localhost:8080/metrics).

Once the metrics are in Prometheus, you can configure Prometheus to send these metrics to CloudWatch.

  1. Leverage CloudWatch Logs Alternatively, if Prometheus scraping is not an option, you can configure your application to send logs (including JMX-related logs) to CloudWatch Logs. From there, you can create custom metrics based on log data.

Configure Tomcat to Log JMX Stats: You can configure Tomcat or your application to log JMX stats to the console.

Enable CloudWatch Logs for App Runner: Configure your App Runner service to send logs to CloudWatch.

Create Custom CloudWatch Metrics: Once the logs are in CloudWatch, you can create custom metrics based on the logs (e.g., using metric filters) for things like memory usage, thread counts, and other JMX metrics.

Conclusion: While AWS App Runner does not expose underlying EC2 instances for direct management or allow the installation of CloudWatch Agent or Prometheus directly, you can still achieve visibility into JMX metrics by using solutions like:

JMX Exporter to expose metrics in Prometheus format and then scrape them with AWS Managed Prometheus.

Use CloudWatch Logs to capture JMX stats and create custom metrics based on those logs.

For now, integrating Prometheus via an intermediary service like AWS Managed Prometheus or leveraging CloudWatch Logs for log-based metrics would be the most feasible approach in App Runner.

M Zubair Bin Ramzan
answered a month ago
  • rrix_NWM
    a month ago

    Thanks for the comprehensive answer. unfortunately, however, starting the jmx exporter agent on the same port as the tomcat application does not work with Catalina raising [java.net.BindException: Address already in use] and I couldn't figure out a way to embed it in to tomcat as a servlet or as another WAR. And of course as you point out, running the agent on 8081 or etc will not be available on the internet (or even from a neighboring VPC running an ec2 instance running an agent) We considered having the jmx exporter listen on a different port and then writing a tomcat servlet which opens a connection to the jmx exporter for either managed prometheus or for an ec2-hosted CW agent to query, but we're going to just emit the JMX stats to stdout and use log filters to extract the metrics in to cloudwatch per your last suggestion.

    it would be really grand if some day the apprunner cloudwatch agent could be extended to populate /opt/aws/amazon-cloudwatch/etc/amazon-cloudwatch-agent.d with files from SSM or the apprunner application configuration so that this could be more straightforward!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content