The purpose of aws-dx-monitor is enabling customers to monitor AWS Direct Connect runtime configuration items with Amazon CloudWatch. The system is driven by Amazon CloudWatch Events and AWS Lambda.
- Recommend to check the
Makefile
to confirm defaults and phases before deploying - Assume valid AWS ENVs for target account:
$ git clone https://github.com/Versent/aws-dx-monitor
cd aws-dx-monitor
make
The following diagram expresses the high level system execution architecture.
- CloudWatch Events schedules and invokes the Lambda function at five minute intervals.
- The Lambda function interrogates the AWS Direct Connect service through Describe API calls for every configuration type that makes sense for its operational scope (for example, if you are a Service Provider, you may wish to describe the Interconnects). AWS Direct Connect responds with the JSON payloads for each Describe call.
- After the Lambda function extracts the status from a given configuration item, it puts the data to a CloudWatch Custom Metric. Each configuration item type should have its own dimension in order to easily identify what is being monitored.
- Once the data has been settled in the custom CloudWatch metric, you can set alarms for it. See the section on Status Levels for information on configuration item status levels.
- Alarms may be triggered to notify an operator or administrator of a monitored status threshold.
The installation process is done via makefile. The old manual steps are preserved for posterity:
On the system where you will be building the AWS Lambda package, you will need the following:
- git
- python 2.7
Clone this repository.
$ git clone https://github.com/awslabs/aws-dx-monitor
Build the aws-dx-monitor package. The script downloads the Enum
backport for Python 2.7 and will bundle it as part of the resulting package.
$ cd aws-dx-monitor
$ pip install enum34 -t .
$ python package.py
Deploy the AWS Lambda function. The function must be deployed to every region where you have AWS Direct Connect connections.
- Login to the AWS Console.
- Select Services > Lambda
- Click Create a Lambda Function
- In Select Blueprint, click Skip
- In Configure triggers:
- Click the empty box, and select CloudWatch Events - Schedule.
- For Rule name, enter aws-dx-monitor.
- For Rule description, enter Monitor Direct Connect status
- For Schedule expression, select rate(5 minutes) (or 1 minute if you desire)
- Click the Enable trigger checkbox.
- Click the Next button.
- In Configure function:
- For Name, enter aws-dx-monitor
- For Description, enter Monitor Direct Connect status
- For Runtime, select Python 2.7
- For Code entry type, select Upload a .ZIP file
- For Function package, click the Upload button, and select the package you built in the previous section named
aws-dx-monitor.zip
. - For Hander, ensure the value is
aws-dx-monitor.lambda_handler
. - For Role, select Create a custom role.
- For IAM Role, select Create a new IAM Role.
- For Role Name, enter aws-dx-monitor-role
- Expand View Policy Document and click the Edit link. When the Edit Policy dialog appears, click OK.
- Enter the policy defined in the section Lambda Execution Policy. Review the policy prior to using.
- Click Allow.
- Click the Next button.
- Click Create Function.
Once the scheduled event begins sending data to Amazon CloudWatch, you can begin setting alarms. The custom metric will be found in CloudWatch > Metrics under the name AWSx/DirectConnect. For more information, see Creating Amazon CloudWatch Alarms.
You may wish to alarm on these levels:
Config Item | Level |
---|---|
Connection | >= 5 |
Interconnect | >= 4 |
Connections on Interconnect | >= 5 |
Virtual Interface | >= 5 |
Virtual Gateway | >= 3 |
See the following sections for status levels on:
- Connections
- Interconnects
- Connections on Interconnects
- Virtual Interfaces
- Virtual Gateways
Name | API Status Value | Numeric Value |
---|---|---|
Ordering | ordering | 1 |
Requested | requested | 2 |
Pending | pending | 3 |
Available | available | 4 |
Down | down | 5 |
Deleting | deleting | 6 |
Deleted | deleted | 7 |
Rejected | rejected | 8 |
Name | API Status Value | Numeric Value |
---|---|---|
Requested | requested | 1 |
Pending | pending | 2 |
Available | available | 3 |
Down | down | 4 |
Deleting | deleting | 5 |
Deleted | deleted | 6 |
Name | API Status Value | Numeric Value |
---|---|---|
Ordering | ordering | 1 |
Requested | requested | 2 |
Pending | pending | 3 |
Available | available | 4 |
Down | down | 5 |
Deleted | deleted | 6 |
Rejected | rejected | 7 |
Name | API Status Value | Numeric Value |
---|---|---|
Confirming | confirming | 1 |
Verifying | verifying | 2 |
Pending | pending | 3 |
Available | available | 4 |
Down | down | 5 |
Deleting | deleting | 6 |
Deleted | deleted | 7 |
Rejected | rejected | 8 |
Name | API Status Value | Numeric Value |
---|---|---|
Pending | pending | 1 |
Available | available | 2 |
Deleting | deleting | 3 |
Deleted | deleted | 4 |
This policy allows:
- Read-only access to AWS Direct Connect
- PutMetricData access to Amazon CloudWatch
- Log write access to CloudWatch Logs for Lambda logging.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"directconnect:DescribeConnections",
"directconnect:DescribeConnectionsOnInterconnect",
"directconnect:DescribeInterconnects",
"directconnect:DescribeVirtualGateways",
"directconnect:DescribeVirtualInterfaces"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}