This solution provides the ability to export LUN metrics from an FSx for ONTAP file system into Amazon CloudWatch. It exports the Latency, IOPS, and Throughput metrics for a single file system. The solution is based on a CloudFormation template that you need to deploy for each file system. The template creates the following resources:
- Lambda - The service that monitors the file system and collects the metrics.
- Scheduler - The Amazon EventBridge scheduler that triggers the Lambda collection every minute.
- Dashboard - The Amazon CloudWatch dashboard that shows 10 widgets. There are 9 widgets per metric (Latency, IOPS, Throughput - Read, Write, and Total) and 1 widget that shows the top 5 LUNs with the highest throughput.
- Lambda Role - The IAM role that allows the Lambda service to run.
- Scheduler Role - The IAM role that allows the scheduler to trigger the Lambda service.
- SecretManager endpoint (optional) - Because the Lambda service runs inside the VPC, by default it will not have outgoing connectivity, so it needs to have a VPC endpoint to the SecretManager service. You can decide either to create it with CloudFormation or without CloudFormation.
- CloudWatch endpoint (optional) - Because the Lambda service runs inside the VPC, by default it will not have outgoing connectivity, so it needs to have a VPC endpoint to the CloudWatch service. You can decide either to create it with CloudFormation or without CloudFormation.
- SecretManager secret (optional) - In order to send the file system ONTAP REST APIs commands, the Lambda service needs the ONTAP credentials. The Lambda is designed to take the password from a secret. You can either provide an existing ARN with a key name, or to mark that the CloudFormation template will generate a secret.
- You must have an AWS Account with the necessary permissions to create and manage resources.
In order to use the solution, you will need to run the CloudFormation template in your AWS account.
The CloudFormation parameters are:
- FileSystemId (Mandatory) - The ID of the FSx for ONTAP file system.
- Subnet IDs - The subnet IDs on which the Lambda service will run - the subnets need to have connectivity to the file system.
- Security Group IDs (Mandatory) - The SecurityGroup IDs with which the Lambda service will be associated when running - they need to provide connectivity to the file system.
- VPC ID (Mandatory) - The VPC on which the Lambda service will run.
- Create Secret Manager Endpoint (Not mandatory) - A flag if you plan to create the SecretManager VPC endpoint inside the VPC.
- Create CloudWatch Endpoint (Not mandatory) - A flag if you plan to create the CloudWatch VPC endpoint inside the VPC.
- Create Secret for the password - A flag if you plan to create the SecretManager secret. If this is marked as true, the parameter FSX admin password is mandatory.
- FSX admin password - The fsxadmin password. This parameter is mandatory if you decide to create the SecretManager secret.
- Secret Manager FSX admin password ARN - In case the user has already created a secret for the Lambda service and didn't mark to create the secret ARN, this parameter is mandatory.
- Secret Manager FSX admin password key - The key of the fsxadmin secret password. If the user didn't mark to create secret ARN, this parameter is mandatory.
This repository is maintained by the contributors listed on GitHub.
Licensed under the Apache License, Version 2.0 (the "License").
You may obtain a copy of the License at apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" basis, without WARRANTIES or conditions of any kind, either express or implied.
See the License for the specific language governing permissions and limitations under the License.