AWS X-Ray

General AWS X-Ray Concepts

AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture.

With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors.

X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application’s underlying components.

AWS X-Ray Segments

You can use X-Ray to analyze both applications in development and in production, from simple three-tier applications to complex microservices applications consisting of thousands of services.

AWS X-Ray supports applications running on:

  • Amazon Elastic Compute Cloud (Amazon EC2).
  • Amazon EC2 Container Service (Amazon ECS).
  • AWS Lambda.
  • AWS Elastic Beanstalk.

X-Ray on EC2 / On-premise:

  • Linux system must run the X-Ray daemon.
  • IAM instance role if EC2, other AWS credentials on on-premise instance.

X-Ray on Lambda:

  • Make sure the X-Ray integration is ticked in the Lambda configuration (Lambda will run the daemon).
  • IAM role is the Lambda role.

X-Ray on Elastic Beanstalk:

  • Set configuration in the Elastic Beanstalk console.
  • Or use the Beanstalk extension (.ebextensions/xray-daemon.config)

X-Ray on ECS/EKS/Fargate:

  • Create a Docker image that runs the daemon or use the official X-Ray Docker image.
  • Ensure port mappings and network settings are correct and IAM task roles are defined.

The X-Ray SDK captures metadata for requests made to MySQL and PostgreSQL databases (self-hosted, Amazon RDS, Amazon Aurora), and Amazon DynamoDB.

It also captures metadata for requests made to Amazon Simple Queue Service and Amazon Simple Notification Service.

The X-Ray SDK is installed in your application and forwards to the X-Ray daemon which forwards to the X-Ray API.

You can then visualize what is happening in the X-Ray console.

The X-Ray SDK provides:

  • Interceptors to add your code to trace incoming HTTP requests.
  • Client handlers to instrument AWS SDK client that your application uses to call other AWS services.
  • An HTTP client to use to instrument calls to other internal and external HTTP web services.

AWS X-Ray Daemon and SDK

AWS X-Ray supports tracing for applications that are written in Node.js, Java, and .NET.

Code must be instrumented to use the AWS X-Ray SDK.

The IAM role must be correct to send traces to X-Ray.

The X-Ray daemon agent has a config to send traces cross account:

  • Make sure the IAM permissions are correct – the agent will assume a role.
  • This allows to have a central account for all your application tracing.

Key X-Ray terminology

Trace:

  • An X-Ray trace is a set of data points that share the same trace ID.

Segments:

  • An X-Ray segment encapsulates all the data points for a single component (for example, authorization service) of the distributed application.
  • Segments include system-defined and user-defined data in the form of annotations and are composed of one or more sub-segments that represent remote calls made from the service.

Subsegments:

  • Subsegments provide more granular timing information and details about downstream calls that your application made to fulfill the original request.
  • A subsegment can contain additional details about a call to an AWS service, an external HTTP API, or an SQL database.
  • You can even define arbitrary subsegments to instrument specific functions or lines of code in your application.
  • For services that don’t send their own segments, like Amazon DynamoDB, X-Ray uses subsegments to generate inferred segments and downstream nodes on the service map.
  • This lets you see all of your downstream dependencies, even if they don’t support tracing, or are external.

Annotations:

  • An X-Ray annotation is system-defined or user-defined data associated with a segment.
  • System-defined annotations include data added to the segment by AWS services, whereas user-defined annotations are metadata added to a segment by a developer.
  • A segment can contain multiple annotations.
  • These are key / value pairs used to index traces and use with filters.
  • Use annotations to record information on segments or subsegments that you want indexed for search.

Sampling:

  • To provide a performant and cost-effective experience, X-Ray does not collect data for every request that is sent to an application.
  • Instead, it collects data for a statistically significant number of requests.
  • X-Ray should not be used as an audit or compliance tool because it does not guarantee data completeness.

Metadata:

  • Key / value pairs, not indexed and not used for searching.

Exam tip: Remember that annotations can be used for adding system or user-defined data to segments and subsegments that you want to index for search. Metadata is not indexed and cannot be used for searching.

Annotations and filtering

AWS X-Ray lets you add annotations to data emitted from specific components or services in your application.

You can use this to append business-specific metadata that help you better diagnose issues.

You can also view and filter data for traces by properties such as annotation value, average latencies, HTTP response status, timestamp, database table used, and more.

X-Ray SDK

The X-Ray SDK is installed in your application and forwards to the X-Ray daemon which forwards to the X-Ray API.

You can then visualize what is happening in the X-Ray console.

The X-Ray SDK provides:

  • Interceptors to add your code to trace incoming HTTP requests.
  • Client handlers to instrument AWS SDK client that your application uses to call other AWS services.
  • An HTTP client to use to instrument calls to other internal and external HTTP web services.

Code must be instrumented to use the AWS X-Ray SDK.

The IAM role must be correct to send traces to X-Ray.

Scroll to Top