Guardian API Metrics Collector

With the latest release of the Guardian Bearse feature it now adds support for the new stackset ‘apimetrics’. This stackset provides the resources to scrape prometheus API endpoints for metric data and correspondingly create associated cloudwatch metrics.

Setup

In order to configure the api metrics stackset for deployment, the user must provide the appropriate parameters aswell as a config for each lambda function to deploy. A detailed overview of the parameters and config payloads is described here

Payload Example

The following example details a payload that will deploy two api metric lambda functions one within a VPC and one without.

• Stack Instance Payload:

{
"name": "apimetrics",
	"stack_instances": [
	{
		"accounts": 
		[
			"123456789123"
		],
		"parameters": 
		[
			{
			"key": "PollingRate",
			"value": "5"
			}
		],
		"regions": 
		[
			"ap-southeast-2"
		]
	}
],
"config": {
	"collectors": [
	{
		"namespace": "TestConfigNamespace",
		"endpoint" : "https://someendpoint.com",
		"account_id": "123456789123"
	},
	{
		"namespace": "TestConfigVPC",
		"endpoint" : "https://anotherendpoint.com",
		"account_id": "123456789123",
		"exclude_metrics": "somemetric,anothermetric",
		"security_group_ids": ["sg-123456789123"],
		"subnet_ids": ["subnet-123456789123"]	
	}
]
}

Config

The main points of the above payload is the “config”, this is where the parameters used to define endpoints, namespaces and VPC details are specified. The config contains a list called “collectors”, each set of parameters in this list is associated with its own api metric lambda function. This allows us to deploy multiple lambda functions with various configurations within the same stack.

A more detailed explanation about config parameters can be found here

Deployment Example

1. Using the same payload as above we deploy the stack ensuring the correct accounts and endpoints are set. Observe that two stacksets are created for guardian and apimetrics.

   

2. Observe that since our config had two sets of parameters defined in the “collectors” array. Two lambdas have been generated.

   

3. Furthermore, observe that the lambda function with ‘security_groups_ids’ & ‘subnet_ids’ defined in its config has been deployed into the corresponding VPC.

   

4. Finally, we can observe in Cloudwatch Metrics that under the namespaces defined in our config, we are able to see the data from the created metrics based upon the data scraped from the defined endpoints.