Merge branch 'main' into LambdReleasev35

Author: vasireddy99

src/docs/getting-started/container-insights.mdx

@@ -32,6 +32,26 @@ CloudWatch Container Insights collects metrics for many resources such as CPU, m
 It also provides diagnostic information such as container restart failures.
 The metrics are aggregated at the cluster, node, pod, task, and service level as CloudWatch metrics.
 
+Note: Collecting infrastructure metrics through `awscontainerinsightreceiver` requires running ADOT Collector with privileged root access as it also collects container-related data from `cadvisor`.
+For EKS deployments, use the [Security Context](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) to specify the root user as owner of the Collector process:
+```
+containers:
+    - name: aws-otel-collector
+      image: public.ecr.aws/aws-observability/aws-otel-collector:latest
+      securityContext:
+          runAsUser: 0
+          runAsGroup: 0
+```
+For ECS deployments, use the [Task Definition](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinition.html#cfn-ecs-taskdefinition-containerdefinition-user) to specify the user owner of the collector process:
+```
+{
+  "name": "aoc-collector",
+  "image": "public.ecr.aws/aws-observability/aws-otel-collector:latest",
+  "user": "root",
+  ...
+ }
+```
+
 The following platforms are supported:
 
 - <Link to="/docs/getting-started/container-insights/eks-infra">Amazon EKS and Kubernetes platforms on Amazon EC2</Link>

src/docs/getting-started/container-insights/ecs-prometheus.mdx

@@ -321,6 +321,7 @@ NOTE: You need to replace placeholder values with actual value
 
 - The account id in the example is `123456` and is used in ARN for taskRole and executionRole, replace it with your own AWS account id.
 - `amazon/aws-otel-collector:v0.11.0` is using dockerhub (potential throttle) and you can use `latest` tag if you don't want to lock version.
+- Collecting infrastructure metrics requires running ADOT Collector with root access and this can be configured through `user` in the container definition.
 - `/aoc/ecs-prometheus` is the name of <Link to="/docs/setup/ecs/config-through-ssm">SSM parameter</Link>.
 - `networkMode` can be `bridge`, `host`, `awsvpc`. For fargate, it has to be `awsvpc`.
 - `logConfiguration` is for log from ADOT Collector itself. Log groups for metrics/log collected by collector is configured using `AOT_CONFIG_CONTENT`.
@@ -338,6 +339,7 @@ e.g. `cpu 255 memory 511` is invalid pair.
     {
       "name": "adot",
       "image": "amazon/aws-otel-collector:v0.11.0",
+      "user": "root",
       "secrets": [
         {
           "name": "AOT_CONFIG_CONTENT",