This chapter covers AWS Distro for OpenTelemetry (ADOT), a secure, AWS-supported distribution of the OpenTelemetry project. ADOT enables you to collect traces and metrics from your applications and send them to AWS monitoring services like Amazon CloudWatch and AWS X-Ray. On the DVA-C02 exam, ADOT appears primarily under Troubleshooting (Objective 4.1), representing approximately 2-3% of questions. Understanding ADOT is crucial because it is the recommended way to instrument applications for observability on AWS, replacing older SDKs like the X-Ray SDK.
Jump to a section
Imagine you are a developer running a large e-commerce application that ships thousands of packages daily. You need to track every package from pickup to delivery to monitor performance and troubleshoot delays. However, you use multiple couriers: FedEx, UPS, and USPS. Each courier has its own tracking system with different APIs, data formats, and dashboards. This is the situation before OpenTelemetry: each service in your application uses a different tracing or metrics library. Now, AWS Distro for OpenTelemetry (ADOT) is like a universal tracking aggregator. You install a small device (the ADOT Collector) at your shipping hub. This device speaks a single protocol (OpenTelemetry) to your application's instrumented code, collecting trace and metric data. It then transforms and exports this data to any backend you choose—Amazon CloudWatch, AWS X-Ray, or third-party tools—without changing your application code. Just as the aggregator normalizes tracking numbers from different couriers into a single dashboard, ADOT normalizes telemetry from different libraries into a unified format. The collector can also filter, sample, and enrich data before sending it, similar to how the aggregator might combine multiple tracking events for a single package into one timeline. This reduces overhead and complexity, allowing you to focus on analyzing performance rather than integrating disparate monitoring systems.
What is AWS Distro for OpenTelemetry (ADOT)?
AWS Distro for OpenTelemetry (ADOT) is a distribution of the open-source OpenTelemetry project, maintained and supported by AWS. It provides a single set of libraries, agents, and collectors to collect distributed traces and metrics from your applications and send them to AWS monitoring services such as Amazon CloudWatch, AWS X-Ray, and Amazon Managed Service for Prometheus. ADOT is designed to be a drop-in replacement for the AWS X-Ray SDK and other proprietary instrumentation libraries, allowing you to instrument your code once and send telemetry data to multiple backends.
Why ADOT Exists
Before ADOT, developers had to use different SDKs for different monitoring backends. For example, to send traces to AWS X-Ray, you had to use the X-Ray SDK, which was tightly coupled to X-Ray. If you later wanted to send the same traces to a third-party tool like Jaeger or Zipkin, you needed additional instrumentation. OpenTelemetry solves this by providing a vendor-agnostic standard for telemetry data. ADOT is AWS's supported distribution that includes additional components to integrate seamlessly with AWS services, such as the AWS X-Ray exporter and the AWS CloudWatch exporter. The exam tests your understanding that ADOT is the recommended path for new projects and that it can replace the X-Ray SDK.
How ADOT Works Internally
ADOT consists of three main components: the OpenTelemetry API/SDK (instrumentation libraries), the OpenTelemetry Collector (an agent that receives, processes, and exports telemetry data), and AWS-specific exporters and extensions.
#### Instrumentation Libraries
You instrument your application code using OpenTelemetry API/SDKs. These libraries automatically generate traces and metrics from your application without requiring manual code changes. For example, the OpenTelemetry Java SDK can automatically instrument common libraries like HTTP clients, JDBC drivers, and AWS SDK calls. The SDK produces telemetry data in the OpenTelemetry Protocol (OTLP) format.
#### OpenTelemetry Collector
The Collector is a vendor-agnostic agent that can receive telemetry data in multiple formats (including OTLP, Jaeger, Zipkin, and Prometheus), process it (e.g., batch, filter, sample, add attributes), and export it to one or more backends. ADOT provides a pre-built distribution of the Collector with AWS-specific exporters. The Collector can be deployed as a sidecar, a daemonset on Kubernetes, or as a standalone service.
#### AWS Exporters
ADOT includes exporters that convert OTLP data into AWS-native formats: - AWS X-Ray Exporter: Converts OTLP traces into X-Ray segment documents and sends them to the X-Ray API. This allows you to use X-Ray's service maps, traces, and analytics. - AWS CloudWatch Exporter: Converts OTLP metrics into CloudWatch metrics and sends them via the CloudWatch PutMetricData API. - AWS Managed Service for Prometheus Exporter: Converts OTLP metrics into Prometheus remote write format and sends them to Amazon Managed Service for Prometheus.
Key Components, Values, Defaults, and Timers
OpenTelemetry Protocol (OTLP): The default wire format for ADOT. Uses gRPC or HTTP/protobuf. Default port for OTLP gRPC is 4317, for HTTP is 4318.
Batch Processor: The Collector includes a batch processor that buffers telemetry data before exporting. Default batch size is 8192 items, timeout is 200ms. These can be configured to reduce API calls.
Sampling: The Collector supports head-based sampling (decision made at trace start) and tail-based sampling (decision after trace completion). The X-Ray exporter supports sampling rules defined in X-Ray.
AWS X-Ray Segment Format: ADOT maps OpenTelemetry spans to X-Ray segments. Key attributes like aws.region, aws.service, and aws.operation are automatically populated when using AWS SDK instrumentation.
IAM Permissions: The Collector needs permissions to call X-Ray PutTraceSegments, CloudWatch PutMetricData, and other APIs. The recommended approach is to use an IAM role with the appropriate managed policies (e.g., AWSXRayDaemonWriteAccess, CloudWatchAgentServerPolicy).
Configuration and Verification Commands
#### Installing ADOT Collector on Amazon ECS
You can deploy the ADOT Collector as a sidecar container in your ECS task definition. Example task definition snippet:
{
"containerDefinitions": [
{
"name": "adot-collector",
"image": "public.ecr.aws/aws-observability/aws-otel-collector:latest",
"environment": [
{
"name": "AWS_REGION",
"value": "us-east-1"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/adot-collector",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
}
},
{
"name": "my-app",
"image": "my-app:latest",
"environment": [
{
"name": "OTEL_EXPORTER_OTLP_ENDPOINT",
"value": "http://localhost:4317"
}
]
}
]
}#### Configuring the Collector (otel-config.yaml)
The Collector configuration file defines receivers, processors, and exporters. Example:
receivers:
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
http:
endpoint: 0.0.0.0:4318
processors:
batch:
timeout: 200ms
send_batch_size: 8192
exporters:
awsxray:
region: us-east-1
awscloudwatch:
namespace: "MyAppMetrics"
region: us-east-1
service:
pipelines:
traces:
receivers: [otlp]
processors: [batch]
exporters: [awsxray]
metrics:
receivers: [otlp]
processors: [batch]
exporters: [awscloudwatch]#### Verifying ADOT Operation
Check Collector logs for errors (e.g., permission denied, endpoint unreachable).
Use the X-Ray console to see traces appearing.
Use CloudWatch metrics to see custom metrics.
Run the ADOT Collector's health check endpoint: http://localhost:13133 (default).
How ADOT Interacts with Related Technologies
AWS X-Ray: ADOT replaces the X-Ray SDK. Traces sent via ADOT appear in X-Ray service maps and traces. X-Ray sampling rules still apply if configured.
Amazon CloudWatch: ADOT can send metrics to CloudWatch, replacing the CloudWatch agent for custom metrics. However, CloudWatch agent is still needed for infrastructure metrics (CPU, memory).
AWS Lambda: ADOT can instrument Lambda functions using the OpenTelemetry Lambda layer. This allows tracing Lambda invocations and sending metrics to CloudWatch.
Amazon EKS/ECS: ADOT Collector is commonly deployed as a sidecar or daemonset to collect telemetry from containerized applications.
AWS Managed Service for Prometheus: ADOT can export metrics to AMP, allowing you to use PromQL queries.
Exam-Relevant Details
ADOT is the recommended way to instrument applications on AWS for new projects.
ADOT supports both traces and metrics (and logs in preview).
ADOT can export to multiple backends simultaneously (e.g., X-Ray and CloudWatch).
The Collector can be deployed on EC2, ECS, EKS, Lambda, and on-premises.
ADOT is open source but AWS provides support for the distribution.
The OTLP endpoint is typically localhost:4317 for gRPC or localhost:4318 for HTTP.
IAM permissions are required for the Collector to write to AWS services.
ADOT does not require the X-Ray daemon; it communicates directly with the X-Ray API.
Instrument Application with OpenTelemetry SDK
Add the OpenTelemetry SDK and instrumentation libraries to your application. For example, in Java, include the `opentelemetry-javaagent` JAR as a java agent. This automatically instruments common libraries like HTTP clients, JDBC, and AWS SDK calls. The SDK generates spans and metrics in OTLP format. Set the environment variable `OTEL_EXPORTER_OTLP_ENDPOINT` to point to the ADOT Collector (e.g., `http://localhost:4317`). The SDK will export telemetry data to the Collector at this endpoint.
Deploy ADOT Collector as Sidecar or DaemonSet
Deploy the ADOT Collector as a sidecar container alongside your application (e.g., in the same ECS task or Kubernetes pod) or as a DaemonSet on each node. The Collector listens on port 4317 (gRPC) and 4318 (HTTP) for OTLP data. It receives telemetry from your instrumented application. The Collector can be configured to batch, filter, and sample data before exporting. It also enriches spans with AWS-specific metadata like region and service name.
Configure Collector Pipeline with AWS Exporters
Create a Collector configuration file (e.g., `otel-config.yaml`) that defines a pipeline. The pipeline specifies receivers (e.g., OTLP), processors (e.g., batch), and exporters (e.g., `awsxray` for traces, `awscloudwatch` for metrics). The batch processor buffers data to reduce API calls. The AWS X-Ray exporter converts OTLP spans to X-Ray segment documents and sends them via the X-Ray API. The CloudWatch exporter sends metrics to CloudWatch using `PutMetricData`. Ensure the Collector has IAM permissions to call these APIs.
Set IAM Permissions for Collector
Create an IAM role for the Collector with permissions to write to X-Ray and CloudWatch. For X-Ray, attach the `AWSXRayDaemonWriteAccess` managed policy. For CloudWatch, attach `CloudWatchAgentServerPolicy` or a custom policy with `cloudwatch:PutMetricData`. If using Amazon Managed Service for Prometheus, attach `AmazonPrometheusRemoteWriteAccess`. The role is assumed by the Collector via instance profile (EC2), task role (ECS), or service account (EKS).
Verify Telemetry in AWS Monitoring Services
After starting the application and Collector, check the X-Ray console for traces. You should see service maps and trace details. In CloudWatch, navigate to Metrics and look for the namespace you configured (e.g., `MyAppMetrics`). Verify that custom metrics appear. If traces or metrics are missing, check Collector logs for errors (e.g., `PermissionDenied`, `EndpointReached`). Use the Collector's health check endpoint (`http://localhost:13133`) to verify it is running.
Enterprise Scenario 1: Migrating from X-Ray SDK to ADOT
A large e-commerce company has been using the AWS X-Ray SDK for Java to trace requests across their microservices. They want to adopt a vendor-neutral instrumentation approach to also send traces to a self-hosted Jaeger instance for internal analysis. The X-Ray SDK is tightly coupled to X-Ray, making it difficult to export to multiple backends. The team decides to migrate to ADOT. They replace the X-Ray SDK with the OpenTelemetry Java agent and deploy the ADOT Collector as a sidecar in each ECS task. The Collector is configured with two exporters: awsxray and otlp (to send to Jaeger). This allows them to maintain X-Ray integration while adding Jaeger support without changing application code. The migration is seamless because ADOT maps OpenTelemetry spans to X-Ray segments automatically. The team also adds sampling rules in the Collector to reduce trace volume by 90%, saving costs. In production, they run 200 microservices across 500 ECS tasks, with each Collector processing ~10,000 spans/second. They tune the batch processor to send 8192 spans every 200ms to optimize API call costs.
Enterprise Scenario 2: Unified Metrics Collection with ADOT
A financial services company uses CloudWatch for monitoring but also wants to use Prometheus for alerting. They have a mix of Java and Python applications running on Amazon EKS. Previously, they ran the CloudWatch agent and a Prometheus server separately. With ADOT, they deploy the ADOT Collector as a DaemonSet on each EKS node. The Collector is configured to receive OTLP metrics from instrumented applications and also scrape Prometheus endpoints. It then exports metrics to both CloudWatch and Amazon Managed Service for Prometheus (AMP). This reduces operational overhead by having a single agent. The Collector also adds metadata like Kubernetes pod labels to metrics. They configure the batch processor to aggregate metrics every 60 seconds to reduce CloudWatch costs. A common misconfiguration is forgetting to set IAM permissions for AMP remote write, causing metrics to be silently dropped. The team monitors the Collector's internal metrics (exposed on port 8888) to detect export failures.
Scenario 3: Lambda Tracing with ADOT
A serverless application uses AWS Lambda for data processing. The team wants to trace invocations and send custom metrics to CloudWatch. They use the ADOT Lambda layer for Python, which includes the OpenTelemetry Python SDK and the ADOT Collector as a Lambda extension. The layer automatically instruments the Lambda runtime and AWS SDK calls. Traces are sent to X-Ray, and metrics are sent to CloudWatch. The team configures the Collector in the Lambda function's extensions directory. A common pitfall is exceeding the Lambda execution time due to the Collector's overhead; they mitigate this by increasing the Lambda timeout to 30 seconds and using asynchronous export. They also set the OTEL_BSP_SCHEDULE_DELAY environment variable to 1000ms to reduce export frequency.
What DVA-C02 Tests on ADOT
The DVA-C02 exam tests ADOT under Objective 4.1: 'Troubleshoot and debug applications using AWS services and tools.' Specific areas include:
Understanding that ADOT is the recommended replacement for the X-Ray SDK.
Knowing that ADOT supports traces and metrics (logs are in preview).
Understanding the role of the ADOT Collector and its configuration.
Recognizing that ADOT can export to multiple backends, including X-Ray and CloudWatch.
Knowing the default OTLP ports: 4317 (gRPC) and 4318 (HTTP).
Understanding that ADOT does not require the X-Ray daemon.
Common Wrong Answers and Why Candidates Choose Them
'ADOT only works with X-Ray' – Wrong. ADOT can export to CloudWatch, AMP, and third-party backends. Candidates might think ADOT is AWS-only, but it's based on OpenTelemetry, which is vendor-neutral.
'You must use the X-Ray SDK with ADOT' – Wrong. ADOT replaces the X-Ray SDK entirely. Candidates may confuse ADOT as an add-on to X-Ray rather than a replacement.
'ADOT requires the X-Ray daemon to be running' – Wrong. ADOT communicates directly with the X-Ray API via the AWS X-Ray exporter. The daemon is only needed when using the X-Ray SDK.
'ADOT only supports traces, not metrics' – Wrong. ADOT supports both traces and metrics. Candidates may remember that X-Ray only does traces, but ADOT is broader.
Specific Numbers and Terms That Appear on the Exam
Port 4317 (OTLP gRPC) and 4318 (OTLP HTTP).
Batch processor defaults: send_batch_size=8192, timeout=200ms.
IAM policies: AWSXRayDaemonWriteAccess, CloudWatchAgentServerPolicy.
Collector image: public.ecr.aws/aws-observability/aws-otel-collector:latest.
Supported languages: Java, Python, Go, JavaScript, .NET, Ruby, PHP.
Edge Cases and Exceptions
Lambda: ADOT Lambda layer is available but adds overhead; must increase timeout.
Sampling: ADOT supports both head-based and tail-based sampling; X-Ray sampling rules can be applied via the Collector's awsxray exporter.
Multiple exporters: The Collector can export to multiple backends simultaneously; ensure each exporter has proper IAM permissions.
Resource attributes: ADOT automatically adds aws.region, aws.service, aws.operation when using AWS SDK instrumentation.
How to Eliminate Wrong Answers
If a question asks about instrumenting a new application for traces and metrics, choose ADOT over X-Ray SDK.
If a question mentions sending telemetry to multiple backends, ADOT is the correct choice.
If a question asks about the Collector's endpoint, think OTLP on port 4317/4318.
If a question mentions IAM permissions for the Collector, look for PutTraceSegments and PutMetricData actions.
ADOT is the recommended way to instrument applications for observability on AWS, replacing the X-Ray SDK.
ADOT supports traces and metrics (logs in preview) and can export to X-Ray, CloudWatch, and third-party backends.
The ADOT Collector listens on port 4317 (gRPC) and 4318 (HTTP) for OTLP data.
The Collector uses batch processing with default batch size 8192 and timeout 200ms.
ADOT does not require the X-Ray daemon; it uses the AWS X-Ray exporter to communicate directly with the X-Ray API.
IAM permissions required: AWSXRayDaemonWriteAccess for X-Ray, CloudWatchAgentServerPolicy for CloudWatch.
ADOT can be deployed on EC2, ECS, EKS, Lambda, and on-premises.
For Lambda, use the ADOT Lambda layer which includes the SDK and Collector as an extension.
These come up on the exam all the time. Here's how to tell them apart.
AWS Distro for OpenTelemetry (ADOT)
Vendor-neutral, supports multiple backends (X-Ray, CloudWatch, third-party).
Based on OpenTelemetry standard; single instrumentation for traces and metrics.
Recommended for new projects by AWS.
Does not require X-Ray daemon; communicates directly with X-Ray API.
Supports traces, metrics, and logs (preview).
AWS X-Ray SDK
Tightly coupled to AWS X-Ray; only exports to X-Ray.
Separate SDK for traces; metrics require additional libraries (e.g., CloudWatch agent).
Legacy approach; not recommended for new projects.
Requires X-Ray daemon to be running on the host.
Only supports traces; no built-in metrics support.
Mistake
ADOT is only for AWS services and cannot send data to third-party backends.
Correct
ADOT is based on OpenTelemetry, which is vendor-neutral. The Collector can export to any backend that supports OTLP, Jaeger, Zipkin, Prometheus, etc. AWS provides additional exporters for X-Ray, CloudWatch, and AMP, but you can also configure other exporters.
Mistake
ADOT requires the X-Ray daemon to be installed on the host.
Correct
ADOT communicates directly with the X-Ray API via the AWS X-Ray exporter. The X-Ray daemon is only needed when using the X-Ray SDK. ADOT replaces the need for the daemon.
Mistake
ADOT only supports traces, not metrics or logs.
Correct
ADOT supports traces and metrics. Logs are currently in preview. The exam focuses on traces and metrics.
Mistake
ADOT is a proprietary AWS service and not open source.
Correct
ADOT is a distribution of the open-source OpenTelemetry project. AWS contributes to the upstream project and provides a supported distribution with additional AWS-specific components. The core is open source.
Mistake
You must use the X-Ray SDK alongside ADOT for X-Ray traces.
Correct
ADOT replaces the X-Ray SDK. You instrument your application with OpenTelemetry SDKs, and the ADOT Collector exports traces to X-Ray. Using both would be redundant and could cause duplicate traces.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
ADOT is a supported distribution of the open-source OpenTelemetry project by AWS. It provides a single set of libraries and a collector to gather traces and metrics from your applications and send them to AWS monitoring services like X-Ray and CloudWatch, as well as third-party backends. Unlike the X-Ray SDK, which is proprietary and only exports to X-Ray, ADOT is vendor-neutral and can export to multiple backends simultaneously. ADOT is the recommended approach for new projects on AWS. The exam tests that ADOT replaces the X-Ray SDK and does not require the X-Ray daemon.
No, ADOT does not require the X-Ray daemon. The ADOT Collector includes an AWS X-Ray exporter that communicates directly with the X-Ray API using the AWS SDK. This eliminates the need to run the X-Ray daemon as a separate process. The X-Ray daemon is only required when using the older X-Ray SDK. For the exam, remember that ADOT uses the exporter, not the daemon.
The ADOT Collector listens on port 4317 for OTLP gRPC and port 4318 for OTLP HTTP by default. These are the standard OpenTelemetry ports. Your instrumented application sends telemetry data to these endpoints. You can configure different ports in the Collector configuration. On the exam, expect to see 4317 and 4318 as the default ports.
Yes, the ADOT Collector can be configured with multiple exporters. You can define a pipeline that sends traces to the `awsxray` exporter for X-Ray and another exporter (e.g., `otlp` or `jaeger`) for a third-party backend. This allows you to use a single instrumentation to send data to multiple destinations. This is a key advantage over the X-Ray SDK.
The ADOT Collector needs permissions to call the AWS APIs of the backends it exports to. For X-Ray, it needs `xray:PutTraceSegments` and `xray:PutTelemetryRecords` (the `AWSXRayDaemonWriteAccess` managed policy covers these). For CloudWatch, it needs `cloudwatch:PutMetricData` (covered by `CloudWatchAgentServerPolicy`). For Amazon Managed Service for Prometheus, it needs `aps:RemoteWrite`. The Collector should be assigned an IAM role (e.g., instance profile, task role) with these permissions.
To instrument a Lambda function with ADOT, use the ADOT Lambda layer. For Python, the layer ARN is `arn:aws:lambda:<region>:901920570463:layer:aws-otel-python-<version>:1`. The layer includes the OpenTelemetry SDK and the ADOT Collector as a Lambda extension. You need to configure environment variables like `OTEL_EXPORTER_OTLP_ENDPOINT` (pointing to the Collector, which runs on localhost) and `AWS_LAMBDA_EXEC_WRAPPER` to the OpenTelemetry wrapper script. The Collector automatically exports traces and metrics to X-Ray and CloudWatch.
Head-based sampling makes a sampling decision at the start of a trace, based on a probability or rate. Tail-based sampling waits until the trace is complete to decide whether to sample, allowing decisions based on trace properties (e.g., error status). ADOT supports both. The X-Ray exporter supports head-based sampling using X-Ray sampling rules. Tail-based sampling is configured in the Collector using the `tail_sampling` processor. The exam may test that ADOT can use X-Ray sampling rules.
You've just covered AWS Distro for OpenTelemetry — now see how well it sticks with free DVA-C02 practice questions. Full explanations included, no account needed.
Done with this chapter?