INSTALL.md

Setting up permissions in the AWS account

Creating an AWS IAM policy

The exporter needs permissions to access the resources from the AWS account.

First, create an AWS IAM policy on your AWS infrastructure. The policy should allow the account to read CloudWatch metrics and get resources by tags. An example AWS IAM configuration is given below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "CloudWatchExporterPolicy",
            "Effect": "Allow",
            "Action": [
                "tag:GetResources",
                "cloudwatch:ListTagsForResource",
                "cloudwatch:GetMetricStatistics",
                "cloudwatch:GetMetricData",
                "cloudwatch:ListMetrics"
            ],
            "Resource": "*"
        }
    ]
}

Creating the credentials for the exporter

Create a $HOME/.aws/credentials file as follows. Substitute the values with your key and password:

# CREDENTIALS FOR AWS ACCOUNT
aws_region = us-east-1
aws_access_key_id = AYYYYYZZZZZZ3BLXXXXX
aws_secret_access_key = bXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Configuring the resources to monitor

The YACE exporter uses an API call that filters the resources by tags. Therefore, if you want to monitor a resource, ensure that it has at least one tag associated with it. A resource without a tag will not be scraped.

Installing the exporter

To install the exporter follow this steps:

1. Download the lambda-deploy.yaml file.
2. Change the following line in the ConfigMap with the AWS region where the resources to monitor are located:

region: us-east-1

3. Run following command and copy the content:

cat ~/.aws/credentials | base64

4. Replace the content of the credentials field of the secret yace-lambda-credentials with the one that you have copied.
5. Apply the deployment:

kubectl apply -f lambda-deploy.yaml

6. Ensure that the exporter is working checking that the pods are running:

kubectl -n yace get pods