Add container name to ECS ListTagsForResource request headers #4760
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
singholt
force-pushed
the
dev
branch
7 times, most recently
from
50432e6 to
0532b7b
Compare
singholt
changed the title
singholt
force-pushed
the
dev
branch
10 times, most recently
from
d5a8646 to
d3ca4e5
Compare
ShelbyZ
previously approved these changes
Aug 25, 2025
amogh09
reviewed
Aug 25, 2025
singholt
force-pushed
the
dev
branch
3 times, most recently
from
2c99e3b to
8be49ac
Compare
Enhance CloudTrail visibility by including container name in HTTP User-Agent header when ECS agent makes ListTagsForResource API calls on behalf of containers. Changes: - Add ContainerNameByV3EndpointID method to TaskEngineState interface - Modify NewTaskResponse to accept v3EndpointID and pass container name to context - Update GetResourceTags to accept context parameter for container identification - Enhance ecsRoundTripper.userAgent to append container name from request context - Update TMDS v4 handler to pass endpoint ID through call chain - Add comprehensive unit tests for new functionality This enables tracing HTTP requests from containers to specific ECS API calls in CloudTrail logs, improving observability and debugging capabilities.
amogh09
approved these changes
Aug 25, 2025
ShelbyZ
approved these changes
Aug 25, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
The ECS agent provides a task metadata endpoint -
/taskWithTags. Containers belonging to an ECS task can query this endpoint to retrieve task and container instance tags. The ECS agent makes ECS ListTagsForResource API calls on behalf of the containers querying the metadata endpoint.Querying this TMDS endpoint and making the ECS API requests too frequently can lead to API throttling. Often, customers use services like AWS CloudTrail to debug operational issues like throttling. Additionally, ECS operators/oncalls also benefit from this change by identifying the name of the container in the API request header.
This PR enables tracing HTTP requests from containers to specific ECS ListTagsForResource API calls in CloudTrail, improving observability and debugging capabilities.
Implementation details
Changes:
Testing
New tests cover the changes: yes
Tested manually and verified CloudTrail logs.
Before
After
Description for the changelog
Enhancement: Add container name visibility to the ListTagsForResource CloudTrail events coming from ECS agent
Additional Information
Does this PR include breaking model changes? If so, Have you added transformation functions? no
Does this PR include the addition of new environment variables in the README? no
Licensing
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.