Merge branch 'main' into add-checksum

Author: harrryr

.github/workflows/application-signals-e2e-test.yml

@@ -75,13 +75,13 @@ jobs:
           shortsha="$(git rev-parse --short HEAD)"
           echo "SHORT_SHA=$shortsha" >> $GITHUB_OUTPUT
         shell: bash
-  
+
       - name: Configure AWS credentials for private ECR
         uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: arn:aws:iam::${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ACCOUNT_ID }}:role/${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ROLE_NAME}}
           aws-region: us-east-1
-          
+
       - name: Login to Amazon private ECR
         id: login-ecr
         run: |
@@ -163,3 +163,44 @@ jobs:
       aws-region: us-east-1
       test-cluster-name: 'eks-windows-manual'
       caller-workflow-name: 'main-build'
+        
+  build-lambda-staging-sample-app:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.STAING_ARTIFACTS_ACCESS_ROLE }}
+          role-external-id: ApplicationSignalsDotnet
+          aws-region: us-east-1
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v2
+        with:
+          dotnet-version: '8.0.x'
+
+      - name: Setup .NET Lambda Tools
+        shell: bash
+        run: dotnet tool install -g Amazon.Lambda.Tools
+        working-directory: sample-applications/lambda-test-apps/SimpleLambdaFunction
+
+      - name: Build Lambda Sample App
+        shell: bash
+        run: dotnet lambda package -pl ./src/SimpleLambdaFunction
+        working-directory: sample-applications/lambda-test-apps/SimpleLambdaFunction
+      
+      - name: Upload Sample App to S3
+        shell: bash
+        run: |
+          aws s3 cp ./src/SimpleLambdaFunction/bin/Release/net8.0/SimpleLambdaFunction.zip s3://adot-autoinstrumentation-dotnet-staging/function-${{ github.run_id }}.zip
+        working-directory: sample-applications/lambda-test-apps/SimpleLambdaFunction
+        
+  dotnet-lambda-test:
+    needs: [ build-lambda-staging-sample-app ]
+    uses: aws-observability/aws-application-signals-test-framework/.github/workflows/dotnet-lambda-test.yml@main
+    secrets: inherit
+    with:
+      aws-region: us-east-1
+      caller-workflow-name: 'main-build'

.github/workflows/release_build.yml

@@ -80,12 +80,6 @@ jobs:
         with:
           name: AWS.Otel.DotNet.Auto.psm1
           path: ./installationScripts
-      
-      - name: Download nuget package
-        uses: actions/download-artifact@v3
-        with:
-          name: nuget-packages.zip
-          path: ./artifacts/nuget
 
       - name: Configure AWS credentials for Private S3 Bucket
         uses: aws-actions/configure-aws-credentials@v4
@@ -103,7 +97,6 @@ jobs:
           done
           aws s3 cp ./installationScripts/aws-otel-dotnet-install.sh "${{ env.RELEASE_PRIVATE_S3 }}/$PREFIX/aws-otel-dotnet-install.sh"
           aws s3 cp ./installationScripts/AWS.Otel.DotNet.Auto.psm1 "${{ env.RELEASE_PRIVATE_S3 }}/$PREFIX/AWS.Otel.DotNet.Auto.psm1"
-          aws s3 cp ./artifacts/nuget/nuget-packages.zip "${{ env.RELEASE_PRIVATE_S3 }}/$PREFIX/nuget-packages.zip"
 
       # Publish to GitHub releases
       - name: Create GH release
@@ -141,9 +134,6 @@ jobs:
             ./installationScripts/AWS.Otel.DotNet.Auto.psm1 \
             AWS.Otel.DotNet.Auto.psm1.sha256 \
             --clobber
-          gh release upload "v${{ github.event.inputs.version }}" \
-            ./artifacts/nuget/nuget-packages.zip \
-            --clobber
 
   release-image:
     # We want to build and release nuget first so that if it fails, it fails before publishing to private ECR

.github/workflows/release_lambda.yml

@@ -0,0 +1,197 @@
+name: Release Lambda layer
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: The version to tag the lambda release with, e.g., 1.2.0
+        required: true
+      aws_region:
+        description: 'Deploy to aws regions'
+        required: true
+        default: 'us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, af-south-1, ap-east-1, ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1, me-south-1'
+
+env:
+  COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1
+  LAYER_NAME: AWSOpenTelemetryDistroDotNet
+
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  build-and-upload:
+    strategy:
+      fail-fast: false
+      matrix:
+        aws-region: [ 'us-east-1' ]
+    uses: ./.github/workflows/main_build.yml
+    secrets: inherit
+    with:
+      caller-workflow-name: 'release_lambda_workflow'
+
+  setup-regions-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      aws_regions_json: ${{ steps.set-matrix.outputs.aws_regions_json }}
+    steps:
+      - name: Set up regions matrix
+        id: set-matrix
+        run: |
+          IFS=',' read -ra REGIONS <<< "${{ github.event.inputs.aws_region }}"
+          MATRIX="["
+          for region in "${REGIONS[@]}"; do
+            trimmed_region=$(echo "$region" | xargs)
+            MATRIX+="\"$trimmed_region\","
+          done
+          MATRIX="${MATRIX%,}]"
+          echo ${MATRIX}
+          echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT
+      - name: Checkout Repo @ SHA - ${{ github.sha }}
+        uses: actions/checkout@v4
+
+  publish-prod:
+    runs-on: ubuntu-latest
+    needs: [build-and-upload, setup-regions-matrix]
+    strategy:
+      matrix:
+        aws_region: ${{ fromJson(needs.setup-regions-matrix.outputs.aws_regions_json) }}
+    steps:
+      - name: role arn
+        env:
+          COMMERCIAL_REGIONS: ${{ env.COMMERCIAL_REGIONS }}
+        run: |
+          COMMERCIAL_REGIONS_ARRAY=(${COMMERCIAL_REGIONS//,/ })
+          FOUND=false
+          for REGION in "${COMMERCIAL_REGIONS_ARRAY[@]}"; do
+            if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then
+              FOUND=true
+              break
+            fi
+          done
+          if [ "$FOUND" = true ]; then
+            echo "Found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS"
+            SECRET_KEY="LAMBDA_LAYER_RELEASE"
+          else
+            echo "Not found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS"
+            SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE"
+          fi
+          SECRET_KEY=${SECRET_KEY//-/_}
+          echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV
+      - uses: aws-actions/[email protected]
+        with:
+          role-to-assume: ${{ secrets[env.SECRET_KEY] }}
+          role-duration-seconds: 1200
+          aws-region: ${{ matrix.aws_region }}
+      - name: Get s3 bucket name for release 
+        run: |
+          echo BUCKET_NAME=dotnet-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV
+      - name: Download Linux x64 Artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: aws-distro-opentelemetry-dotnet-instrumentation-linux-glibc-x64.zip
+      - name: publish
+        run: |
+          aws s3 mb s3://${{ env.BUCKET_NAME }}
+          aws s3 cp aws-distro-opentelemetry-dotnet-instrumentation-linux-glibc-x64.zip s3://${{ env.BUCKET_NAME }}
+          layerARN=$(
+            aws lambda publish-layer-version \
+              --layer-name ${{ env.LAYER_NAME }} \
+              --content S3Bucket=${{ env.BUCKET_NAME }},S3Key=aws-distro-opentelemetry-dotnet-instrumentation-linux-glibc-x64.zip \
+              --compatible-runtimes dotnet6 dotnet8 \
+              --compatible-architectures "x86_64" \
+              --license-info "Apache-2.0" \
+              --description "AWS Distro of OpenTelemetry Lambda Layer for .Net Runtime v${{ github.event.inputs.version }}" \
+              --query 'LayerVersionArn' \
+              --output text
+          )
+          echo $layerARN
+          echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV
+          mkdir ${{ env.LAYER_NAME }}
+          echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
+          cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
+      - name: public layer
+        run: |
+          layerVersion=$(
+            aws lambda list-layer-versions \
+              --layer-name ${{ env.LAYER_NAME }} \
+              --query 'max_by(LayerVersions, &Version).Version'
+          )
+          aws lambda add-layer-version-permission \
+            --layer-name ${{ env.LAYER_NAME }} \
+            --version-number $layerVersion \
+            --principal "*" \
+            --statement-id publish \
+            --action lambda:GetLayerVersion
+      - name: upload layer arn artifact
+        if: ${{ success() }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ env.LAYER_NAME }}
+          path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
+      - name: clean s3
+        if: always()
+        run: |
+          aws s3 rb --force s3://${{ env.BUCKET_NAME }}
+  generate-release-note:
+    runs-on: ubuntu-latest
+    needs: publish-prod
+    steps:
+      - name: Checkout Repo @ SHA - ${{ github.sha }}
+        uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v2
+      - name: download layerARNs
+        uses: actions/download-artifact@v3
+        with:
+          name: ${{ env.LAYER_NAME }}
+          path: ${{ env.LAYER_NAME }}
+      - name: show layerARNs
+        run: |
+          for file in ${{ env.LAYER_NAME }}/*
+          do
+          echo $file
+          cat $file
+          done
+      - name: generate layer-note
+        working-directory: ${{ env.LAYER_NAME }}
+        run: |
+          echo "| Region | Layer ARN |" >> ../layer-note
+          echo "|  ----  | ----  |" >> ../layer-note
+          for file in *
+          do
+          read arn < $file
+          echo "| " $file " | " $arn " |" >> ../layer-note
+          done
+          cd ..
+          cat layer-note
+      - name: generate tf layer
+        working-directory: ${{ env.LAYER_NAME }}
+        run: |
+          echo "locals {" >> ../layer.tf
+          echo "  sdk_layer_arns = {" >> ../layer.tf
+          for file in *
+          do
+          read arn < $file
+          echo "    \""$file"\" = \""$arn"\"" >> ../layer.tf
+          done
+          cd ..
+          echo "  }" >> layer.tf
+          echo "}" >> layer.tf
+          terraform fmt layer.tf
+          cat layer.tf
+      - name: upload layer tf file
+        uses: actions/upload-artifact@v3
+        with:
+          name: layer.tf
+          path: layer.tf
+    # do we want this as part of the release build or alone as it's own release?
+      - name: Create GH release
+        id: create_release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        run: |
+          gh release create --target "$GITHUB_REF_NAME" \
+             --title "Release lambda-v${{ github.event.inputs.version }}" \
+             --draft \
+             "lambda-v${{ github.event.inputs.version }}" \
+             layer.tf

build/Build.InstallationScripts.cs

@@ -8,7 +8,7 @@
 internal partial class Build : NukeBuild
 {
     private readonly AbsolutePath installationScriptsFolder = RootDirectory / "bin" / "InstallationScripts";
-    private readonly string version = "1.4.0.dev0";
+    private readonly string version = "1.5.0.dev0";
 
     public Target BuildInstallationScripts => _ => _
         .After(this.Clean)

build/Build.cs

@@ -12,7 +12,7 @@
 
 internal partial class Build : NukeBuild
 {
-    private const string OpenTelemetryAutoInstrumentationDefaultVersion = "v1.7.0";
+    private const string OpenTelemetryAutoInstrumentationDefaultVersion = "v1.9.0";
     private static readonly AbsolutePath TestNuGetPackageApps = NukeBuild.RootDirectory / "test" / "test-applications" / "nuget-package";
 
     [Solution("AWS.Distro.OpenTelemetry.AutoInstrumentation.sln")]
@@ -144,6 +144,10 @@ private static string GetOTelAutoInstrumentationFileName()
             var source = RootDirectory / "instrument.sh";
             var dest = this.openTelemetryDistributionFolder;
             FileSystemTasks.CopyFileToDirectory(source, dest, FileExistsPolicy.Overwrite);
+
+            var otelInstrumentSource = RootDirectory / "otel-instrument";
+            var otelInstrumentDest = this.openTelemetryDistributionFolder;
+            FileSystemTasks.CopyFileToDirectory(otelInstrumentSource, otelInstrumentDest, FileExistsPolicy.Overwrite);
         });
 
     private Target CopyConfiguration => _ => _

instrument.sh

@@ -214,7 +214,13 @@ if [ "$ENABLE_PROFILING" = "true" ]; then
       export OTEL_TRACES_EXPORTER="none";
     fi
 
-    # TODO: need to disable all instrumentations except aws sdk and lambda.
+    if [ -z "${OTEL_DOTNET_AUTO_TRACES_INSTRUMENTATION_ENABLED}" ]; then
+      export OTEL_DOTNET_AUTO_TRACES_INSTRUMENTATION_ENABLED="false";
+    fi
+
+    if [ -z "${OTEL_DOTNET_AUTO_METRICS_INSTRUMENTATION_ENABLED}" ]; then
+      export OTEL_DOTNET_AUTO_METRICS_INSTRUMENTATION_ENABLED="false";
+    fi
 
   else
     export OTEL_EXPORTER_OTLP_PROTOCOL="http/protobuf"

otel-instrument

@@ -0,0 +1,5 @@
+#!/bin/sh
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+. $(dirname "$0")/instrument.sh "$@"

sample-applications/lambda-test-apps/SimpleLambdaFunction/terraform/lambda/main.tf

@@ -27,7 +27,7 @@ module "test-function" {
   layers = compact([aws_lambda_layer_version.sdk_layer.arn])
 
   environment_variables = {
-    AWS_LAMBDA_EXEC_WRAPPER = "/opt/instrument.sh"
+    AWS_LAMBDA_EXEC_WRAPPER = "/opt/otel-instrument"
   }
 
   tracing_mode = var.tracing_mode

src/AWS.Distro.OpenTelemetry.AutoInstrumentation/AwsAttributeKeys.cs

@@ -14,6 +14,7 @@ internal sealed class AwsAttributeKeys
     internal static readonly string AttributeAWSRemoteOperation = "aws.remote.operation";
 
     internal static readonly string AttributeAWSRemoteResourceIdentifier = "aws.remote.resource.identifier";
+    internal static readonly string AttributeAWSCloudformationPrimaryIdentifier = "aws.remote.resource.cfn.primary.identifier";
     internal static readonly string AttributeAWSRemoteResourceType = "aws.remote.resource.type";
     internal static readonly string AttributeAWSSdkDescendant = "aws.sdk.descendant";
     internal static readonly string AttributeAWSConsumerParentSpanKind = "aws.consumer.parent.span.kind";
@@ -47,7 +48,12 @@ internal sealed class AwsAttributeKeys
     internal static readonly string AttributeAWSDynamoTableName = "aws.table_name";
     internal static readonly string AttributeAWSSQSQueueUrl = "aws.queue_url";
 
+    internal static readonly string AttributeAWSLambdaResourceMappingId = "aws.lambda.resource_mapping.id";
     internal static readonly string AttributeAWSS3Bucket = "aws.s3.bucket";
+    internal static readonly string AttributeAWSSecretsManagerSecretArn = "aws.secretsmanager.secret.arn";
+    internal static readonly string AttributeAWSSNSTopicArn = "aws.sns.topic.arn";
+    internal static readonly string AttributeAWSStepFunctionsActivityArn = "aws.stepfunctions.activity.arn";
+    internal static readonly string AttributeAWSStepFunctionsStateMachineArn = "aws.stepfunctions.state_machine.arn";
 
     internal static readonly string AttributeAWSBedrockGuardrailId = "aws.bedrock.guardrail.id";
     internal static readonly string AttributeAWSBedrockAgentId = "aws.bedrock.agent.id";