feat: [DEVOPS-2394] add Extend collector configs + awss3 exporter

jmsundar · claude · jmsundar · commit 2ae867404e63 · 2026-04-15T14:15:19.000-05:00
Scaffolds Extend's in-house OTel Lambda layer diverging from
coralogix-nodejs-autoinstrumentation:

- extend/collector-config-cx-only.yaml — default CX-only config (parity)
- extend/collector-config-cx-arize-s3.yaml — CX + Arize OTLP/gRPC + S3 archival
- collector/lambdacomponents/default.go — register awss3exporter
- extend/README.md — fork rationale + consumer contract

Secret resolution is native via collector's secretsmanagerprovider
(${secretsmanager:&lt;name-or-arn&gt;} syntax resolved at startup). No bash wrapper.

Follow-ups: go.mod upstream breakage (pre-existing), GH Actions publish flow,
SSM layer-version registration.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/collector/go.mod b/collector/go.mod
diff --git a/collector/go.sum b/collector/go.sum
diff --git a/collector/lambdacomponents/default.go b/collector/lambdacomponents/default.go
@@ -17,6 +17,7 @@
 package lambdacomponents
 
 import (
+	"github.com/open-telemetry/opentelemetry-collector-contrib/exporter/awss3exporter"
 	"github.com/open-telemetry/opentelemetry-collector-contrib/exporter/prometheusremotewriteexporter"
 	"github.com/open-telemetry/opentelemetry-collector-contrib/extension/sigv4authextension"
 	"github.com/open-telemetry/opentelemetry-collector-contrib/processor/attributesprocessor"
@@ -55,6 +56,7 @@ func Components(extensionID string) (otelcol.Factories, error) {
 	}
 
 	exporters, err := exporter.MakeFactoryMap(
+		awss3exporter.NewFactory(),
 		debugexporter.NewFactory(),
 		loggingexporter.NewFactory(),
 		otlpexporter.NewFactory(),
diff --git a/extend/README.md b/extend/README.md
@@ -0,0 +1,46 @@
+# Extend OTel Lambda Layer
+
+Extend's fork of [coralogix/opentelemetry-lambda](https://github.com/coralogix/opentelemetry-lambda) (branch `coralogix-nodejs-autoinstrumentation`) — published as our own Lambda layer to replace `coralogix-nodejs-wrapper-and-exporter-{arch}` and support dual export to Coralogix + Arize + S3 archival.
+
+Ticket: [DEVOPS-2394](https://helloextend.atlassian.net/browse/DEVOPS-2394)
+
+## What differs from upstream
+
+1. **Dual-backend collector configs** (`extend/collector-config-*.yaml`):
+   - `collector-config-cx-only.yaml` — default, CX-only export (parity with existing CX layer)
+   - `collector-config-cx-arize-s3.yaml` — CX + Arize OTLP/gRPC + S3 archival
+
+2. **awss3exporter registration** in `collector/lambdacomponents/default.go` for trace archival to S3.
+
+3. **Native secret resolution** — configs use `${secretsmanager:<name-or-arn>}` syntax, resolved by the collector's `secretsmanagerprovider` at startup (registered in `collector/internal/collector/collector.go:77`). No bash wrapper.
+
+## Consumer contract (via `extend-cdk-lib` NodeLambdaBuilder)
+
+`OPENTELEMETRY_COLLECTOR_CONFIG_URI` selects which config to load (set by CDK). Required env vars:
+
+| Var | Source | Purpose |
+|-----|--------|---------|
+| `CX_SECRET` | existing | CX API key — Secrets Manager name or ARN |
+| `CX_APPLICATION` | existing | CX application tag |
+| `CX_SUBSYSTEM` | existing | CX subsystem tag |
+| `ARIZE_API_KEY_SECRET` | new | Arize OTel API key — Secrets Manager name or ARN |
+| `ARIZE_SPACE_ID` | new | Arize space ID (Relay global ID) |
+| `ARIZE_PROJECT_NAME` | new | Arize project name |
+| `ARIZE_S3_BUCKET_NAME` | new | S3 bucket for archival |
+| `ARIZE_COLLECTOR_ENDPOINT` | optional | default `otlp.arize.com:443` (gRPC) |
+
+## Build (pending workflow setup)
+
+Follows upstream: `./ci-scripts/build_nodejs_layer.sh` — requires sibling checkouts of `coralogix/opentelemetry-js-contrib` and `coralogix/opentelemetry-js`. See `.github/workflows/publish-nodejs.yml` for the published flow.
+
+**Extend-specific follow-ups** (tracked in DEVOPS-2394):
+- [ ] Add `awss3exporter` to `collector/go.mod` via `go mod tidy`
+- [ ] Add GitHub Actions workflow to publish to Extend AWS accounts
+- [ ] Publish layer version to SSM `/extend/otel-lambda/layer-version/{arch}` for CDK lookup
+
+## Upstream sync
+
+```
+git fetch upstream coralogix-nodejs-autoinstrumentation
+git merge upstream/coralogix-nodejs-autoinstrumentation
+```
diff --git a/extend/collector-config-cx-arize-s3.yaml b/extend/collector-config-cx-arize-s3.yaml
@@ -0,0 +1,99 @@
+# Extend OTel Lambda collector config — dual export to Coralogix + Arize + S3 archival.
+#
+# Consumed by services that integrate Arize tracing. Selected via the
+# OPENTELEMETRY_COLLECTOR_CONFIG_URI env var set by extend-cdk-lib
+# NodeLambdaBuilder when `arizeTracingProps` is provided.
+#
+# Secret resolution is native: `${secretsmanager:<name-or-arn>}` is expanded
+# at collector startup by the secretsmanagerprovider confmap provider
+# (registered in collector/internal/collector/collector.go:77).
+#
+# Required env vars (set by extend-cdk-lib):
+#   CX_SECRET                — Coralogix API key secret name/ARN
+#   CX_APPLICATION           — Coralogix application tag (AWS account env name)
+#   CX_SUBSYSTEM             — Coralogix subsystem tag (service name)
+#   ARIZE_API_KEY_SECRET     — Arize OTel API key secret name/ARN
+#   ARIZE_SPACE_ID           — Arize space ID (Relay global ID)
+#   ARIZE_PROJECT_NAME       — Arize project name
+#   ARIZE_S3_BUCKET_NAME     — S3 bucket for archival
+#   AWS_REGION               — provided by Lambda runtime
+#
+# Optional:
+#   CX_ENDPOINT              — default otel-traces.coralogix.com:443
+#   ARIZE_COLLECTOR_ENDPOINT — default otlp.arize.com:443 (gRPC)
+
+receivers:
+  otlp:
+    protocols:
+      grpc:
+        endpoint: localhost:4317
+      http:
+        endpoint: localhost:4318
+  telemetryapi:
+
+processors:
+  batch:
+    timeout: 1s
+  decouple:
+
+exporters:
+  # Coralogix — OTLP gRPC to CX traces endpoint
+  otlp/coralogix:
+    endpoint: ${env:CX_ENDPOINT:-otel-traces.coralogix.com:443}
+    headers:
+      Authorization: Bearer ${secretsmanager:${env:CX_SECRET}}
+      CX-Application-Name: ${env:CX_APPLICATION}
+      CX-Subsystem-Name: ${env:CX_SUBSYSTEM}
+
+  # Coralogix — metrics endpoint
+  otlp/coralogix_metrics:
+    endpoint: otel-metrics.coralogix.com:443
+    headers:
+      Authorization: Bearer ${secretsmanager:${env:CX_SECRET}}
+      CX-Application-Name: ${env:CX_APPLICATION}
+      CX-Subsystem-Name: ${env:CX_SUBSYSTEM}
+
+  # Coralogix — logs endpoint
+  otlp/coralogix_logs:
+    endpoint: otel-logs.coralogix.com:443
+    headers:
+      Authorization: Bearer ${secretsmanager:${env:CX_SECRET}}
+      CX-Application-Name: ${env:CX_APPLICATION}
+      CX-Subsystem-Name: ${env:CX_SUBSYSTEM}
+
+  # Arize — OTLP gRPC (default transport per Arize docs)
+  # https://arize.com/docs/ax/integrations/opentelemetry/opentelemetry-arize-otel
+  otlp/arize:
+    endpoint: ${env:ARIZE_COLLECTOR_ENDPOINT:-otlp.arize.com:443}
+    headers:
+      api_key: ${secretsmanager:${env:ARIZE_API_KEY_SECRET}}
+      space_id: ${env:ARIZE_SPACE_ID}
+      project_name: ${env:ARIZE_PROJECT_NAME}
+
+  # S3 archival — partitioned OTLP JSON
+  awss3:
+    s3uploader:
+      region: ${env:AWS_REGION}
+      s3_bucket: ${env:ARIZE_S3_BUCKET_NAME}
+      s3_prefix: traces/${env:CX_APPLICATION}/${env:CX_SUBSYSTEM}
+      s3_partition: minute
+      compression: gzip
+    marshaler: otlp_json
+
+service:
+  pipelines:
+    traces:
+      receivers: [otlp]
+      processors: [batch, decouple]
+      exporters: [otlp/coralogix, otlp/arize, awss3]
+    metrics:
+      receivers: [otlp]
+      processors: [batch, decouple]
+      exporters: [otlp/coralogix_metrics]
+    logs:
+      receivers: [otlp, telemetryapi]
+      processors: [batch, decouple]
+      exporters: [otlp/coralogix_logs]
+  telemetry:
+    metrics:
+      address: localhost:8888
diff --git a/extend/collector-config-cx-only.yaml b/extend/collector-config-cx-only.yaml
@@ -0,0 +1,66 @@
+# Extend OTel Lambda collector config — Coralogix-only export.
+#
+# Default config used when a service has NOT opted in to Arize tracing.
+# Maintains parity with the existing CX-managed layer behavior.
+#
+# Required env vars (set by extend-cdk-lib NodeLambdaBuilder):
+#   CX_SECRET        — Coralogix API key secret name/ARN
+#   CX_APPLICATION   — Coralogix application tag
+#   CX_SUBSYSTEM     — Coralogix subsystem tag
+#
+# Optional:
+#   CX_ENDPOINT      — default otel-traces.coralogix.com:443
+
+receivers:
+  otlp:
+    protocols:
+      grpc:
+        endpoint: localhost:4317
+      http:
+        endpoint: localhost:4318
+  telemetryapi:
+
+processors:
+  batch:
+    timeout: 1s
+  decouple:
+
+exporters:
+  otlp/coralogix:
+    endpoint: ${env:CX_ENDPOINT:-otel-traces.coralogix.com:443}
+    headers:
+      Authorization: Bearer ${secretsmanager:${env:CX_SECRET}}
+      CX-Application-Name: ${env:CX_APPLICATION}
+      CX-Subsystem-Name: ${env:CX_SUBSYSTEM}
+
+  otlp/coralogix_metrics:
+    endpoint: otel-metrics.coralogix.com:443
+    headers:
+      Authorization: Bearer ${secretsmanager:${env:CX_SECRET}}
+      CX-Application-Name: ${env:CX_APPLICATION}
+      CX-Subsystem-Name: ${env:CX_SUBSYSTEM}
+
+  otlp/coralogix_logs:
+    endpoint: otel-logs.coralogix.com:443
+    headers:
+      Authorization: Bearer ${secretsmanager:${env:CX_SECRET}}
+      CX-Application-Name: ${env:CX_APPLICATION}
+      CX-Subsystem-Name: ${env:CX_SUBSYSTEM}
+
+service:
+  pipelines:
+    traces:
+      receivers: [otlp]
+      processors: [batch, decouple]
+      exporters: [otlp/coralogix]
+    metrics:
+      receivers: [otlp]
+      processors: [batch, decouple]
+      exporters: [otlp/coralogix_metrics]
+    logs:
+      receivers: [otlp, telemetryapi]
+      processors: [batch, decouple]
+      exporters: [otlp/coralogix_logs]
+  telemetry:
+    metrics:
+      address: localhost:8888
