AWS Managed Services
Deploy the Observability Stack to AWS using managed services. This creates the same observability platform as the local Docker Compose stack, backed by:
- Amazon OpenSearch Service or Amazon OpenSearch Serverless — logs, traces, and service map storage
- Amazon Managed Service for Prometheus — time-series metrics
- Amazon OpenSearch Ingestion (OSIS) — OTLP ingestion pipeline (replaces OTel Collector + Data Prepper)
- OpenSearch Dashboards — visualization and exploration
Choose an OpenSearch backend
Section titled “Choose an OpenSearch backend”| Managed (AOS) | Serverless (AOSS) | |
|---|---|---|
| Scaling | Fixed instance count | Auto-scales with OCU |
| Authentication | FGAC + basic auth | IAM only |
| Index management | Built-in index types | Explicit index templates |
| Master password | Yes (Secrets Manager) | No |
| Best for | Predictable workloads, fine-grained control | Variable workloads, zero cluster management |
Both backends use the same OSIS ingestion pipeline and Prometheus workspace. The choice only affects the OpenSearch storage layer.
Choose a deployment method
Section titled “Choose a deployment method”CLI installer
Section titled “CLI installer”Interactive single-command deploy. Creates all resources, configures dashboards, and optionally launches an EC2 instance running the OpenTelemetry Demo for sample telemetry.
Managed (default):
npx @opensearch-project/observability-stackServerless:
npx @opensearch-project/observability-stack --serverlessTakes ~15 minutes. See aws/cli-installer/README.md for full options.
Some loading time is cut from the video.
Infrastructure as code using AWS CDK. Deploys two stacks — one for the OpenSearch domain (or serverless collection) and Prometheus workspace (~17 min), one for the OSIS pipeline, dashboards, and optional demo workload (~6 min).
Managed (default):
cd aws/cdknpm installcdk deploy --allServerless:
cd aws/cdknpm installcdk deploy --all --context opensearchType=serverlessSee aws/cdk/README.md for configuration, architecture details, and SigV4 telemetry setup.
Sending telemetry
Section titled “Sending telemetry”Both methods create an OSIS ingestion endpoint that accepts OTLP data. Configure your OpenTelemetry Collector to export using SigV4 authentication:
extensions: sigv4auth: region: us-west-2 service: osis
exporters: otlphttp/logs: logs_endpoint: ${OSIS_ENDPOINT}/v1/logs auth: { authenticator: sigv4auth } compression: none otlphttp/traces: traces_endpoint: ${OSIS_ENDPOINT}/v1/traces auth: { authenticator: sigv4auth } compression: none otlphttp/metrics: metrics_endpoint: ${OSIS_ENDPOINT}/v1/metrics auth: { authenticator: sigv4auth } compression: noneThe IAM principal sending data needs osis:Ingest permission on the pipeline ARN.
Cleanup
Section titled “Cleanup”CLI installer:
node bin/cli-installer.mjs destroy --pipeline-name obs-stack --region us-west-2The destroy command automatically detects and cleans up both managed domains and serverless collections associated with the pipeline name.
CDK:
cd aws/cdkcdk destroy --all