The purpose of aws-dx-monitor is enabling customers to monitor AWS Direct Connect runtime configuration items with Amazon CloudWatch. The system is driven by Amazon CloudWatch Events and AWS Lambda.
The following diagram expresses the high level system execution architecture.
- CloudWatch Events schedules and invokes the Lambda function at five minute intervals.
- The Lambda function interrogates the AWS Direct Connect service through Describe API calls for every configuration type that makes sense for its operational scope (for example, if you are a Service Provider, you may wish to describe the Interconnects). AWS Direct Connect responds with the JSON payloads for each Describe call.
- After the Lambda function extracts the status from a given configuration item, it puts the data to a CloudWatch Custom Metric. Each configuration item type should have its own dimension in order to easily identify what is being monitored.
- Once the data has been settled in the custom CloudWatch metric, you can set alarms for it. See the section on Status Levels for information on configuration item status levels.
- Alarms may be triggered to notify an operator or administrator of a monitored status threshold.
Use the following steps to build and deploy the system. It is strongly suggested that you review the security policies prior to deploying to your environment.
On the system where you will be building the AWS Lambda package, you will need the following:
- git
- python 2.7
Clone this repository.
$ git clone https://github.com/awslabs/aws-dx-monitorBuild the aws-dx-monitor package. The script downloads the Enum backport for Python 2.7 and will bundle it as part of the resulting package.
$ cd aws-dx-monitor
$ pip install enum34 -t .
$ python package.pyDeploy the AWS Lambda function. The function must be deployed to every region where you have AWS Direct Connect connections.
- Login to the AWS Console.
- Select Services > Lambda
- Click Create a Lambda Function
- In Select Blueprint, click Skip
- In Configure triggers:
- Click the empty box, and select CloudWatch Events - Schedule.
- For Rule name, enter aws-dx-monitor.
- For Rule description, enter Monitor Direct Connect status
- For Schedule expression, select rate(5 minutes) (or 1 minute if you desire)
- Click the Enable trigger checkbox.
- Click the Next button.
- In Configure function:
- For Name, enter aws-dx-monitor
- For Description, enter Monitor Direct Connect status
- For Runtime, select Python 2.7
- For Code entry type, select Upload a .ZIP file
- For Function package, click the Upload button, and select the package you built in the previous section named
aws-dx-monitor.zip. - For Hander, ensure the value is
aws-dx-monitor.lambda_handler. - For Role, select Create a custom role.
- For IAM Role, select Create a new IAM Role.
- For Role Name, enter aws-dx-monitor-role
- Expand View Policy Document and click the Edit link. When the Edit Policy dialog appears, click OK.
- Enter the policy defined in the section Lambda Execution Policy. Review the policy prior to using.
- Click Allow.
- Click the Next button.
- Click Create Function.
Once the scheduled event begins sending data to Amazon CloudWatch, you can begin setting alarms. The custom metric will be found in CloudWatch > Metrics under the name AWSx/DirectConnect. For more information, see Creating Amazon CloudWatch Alarms.
You may wish to alarm on these levels:
| Config Item | Level |
|---|---|
| Connection | >= 5 |
| Interconnect | >= 4 |
| Connections on Interconnect | >= 5 |
| Virtual Interface | >= 5 |
| Virtual Gateway | >= 3 |
See the following sections for status levels on:
- Connections
- Interconnects
- Connections on Interconnects
- Virtual Interfaces
- Virtual Gateways
| Name | API Status Value | Numeric Value |
|---|---|---|
| Ordering | ordering | 1 |
| Requested | requested | 2 |
| Pending | pending | 3 |
| Available | available | 4 |
| Down | down | 5 |
| Deleting | deleting | 6 |
| Deleted | deleted | 7 |
| Rejected | rejected | 8 |
| Name | API Status Value | Numeric Value |
|---|---|---|
| Requested | requested | 1 |
| Pending | pending | 2 |
| Available | available | 3 |
| Down | down | 4 |
| Deleting | deleting | 5 |
| Deleted | deleted | 6 |
| Name | API Status Value | Numeric Value |
|---|---|---|
| Ordering | ordering | 1 |
| Requested | requested | 2 |
| Pending | pending | 3 |
| Available | available | 4 |
| Down | down | 5 |
| Deleted | deleted | 6 |
| Rejected | rejected | 7 |
| Name | API Status Value | Numeric Value |
|---|---|---|
| Confirming | confirming | 1 |
| Verifying | verifying | 2 |
| Pending | pending | 3 |
| Available | available | 4 |
| Down | down | 5 |
| Deleting | deleting | 6 |
| Deleted | deleted | 7 |
| Rejected | rejected | 8 |
| Name | API Status Value | Numeric Value |
|---|---|---|
| Pending | pending | 1 |
| Available | available | 2 |
| Deleting | deleting | 3 |
| Deleted | deleted | 4 |
This policy allows:
- Read-only access to AWS Direct Connect
- PutMetricData access to Amazon CloudWatch
- Log write access to CloudWatch Logs for Lambda logging.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"directconnect:DescribeConnections",
"directconnect:DescribeConnectionsOnInterconnect",
"directconnect:DescribeInterconnects",
"directconnect:DescribeVirtualGateways",
"directconnect:DescribeVirtualInterfaces"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent