The purpose of this integration solution is to demonstrate how Lyve Cloud bucket metrics can be securely pulled using AWS Lambda and displayed in AWS CloudWatch. The bucket metrics displayed in this solution are: number of objects and bucket size. These metrics are calculated for the buckets that Lyve Cloud credentials can access. Once the metrics are pulled, it can be displayed using AWS CloudWatch dashboards. A sample dashboard is also provided as part of this solution for reference. Please notice this is not a complete integration solution, and it is not intended for production usage.
Before you start, please make sure you have these requirements and information in place:
- Lyve Cloud account
- Access to Lyve Cloud console to create/modify the following services:
- Buckets
- Permissions
- Service Account
- Lyve Cloud access and secret key. These can be obtained from the console by creating a new Service Account with appropriate permissions.
- AWS account
- Access to AWS Management Console with necessary permissions to create/modify the following services:
- IAM
- Lambda
- Secrets Manager
- CloudWatch
- Event Bridge
This repository provides a sample code to show how to configure, schedule and pull metrics from Lyve Cloud into AWS CloudWatch, but it’s not a complete solution.
There are limitations and functionality gaps to handle before this sample code can be used in a production environment:
- The sample code only pulls newly generated metric from Lyve Cloud once every 6 hours (duration can be modified as desired). Please note, historical data for a metric is not pulled into AWS CloudWatch.
- Error capturing and reporting is limited, some failures may not be reported.
Note: Full access permissions are provided for this sample code. However, for using this solution in a production environment the principle of the least privilege model should be applied.
Login to Lyve Cloud console, create a Service Account with appropriate permissions and extract the following:
- Access Key
- Secret key
- Endpoint URL
- Login to AWS Management console and go over to Secrets Manager.
- Click
Store a new secret. - Choose
Other type of secretfor Secret type. - Under Key/value pairs, create key/value pairs for the following:
- Key:
lc_access_key, Value:[Access key from step 1]. - Key:
lc_secret_key, Value:[Secret key from step 1]. - Key:
lc_endpoint_url, Value:[Endpoint URL including https:// from step 1].
- Key:
- Click
Next. - Enter
Secret nameand make a note of it as you will need it during Lambda function creation. Rest of the field, you can leave it as default.
- Click
Next. - No need to set Secret rotation for this sample, so you can leave them to default.
- Click
Next. - Review the summary and Click
Store. - Once created, you will see them under Secrets.
- In the AWS Management Console go over to IAM.
- Under Access Management, Click
Roles. - Click
Create role. - Choose
AWS servicefor Trusted entity type. - Choose
Lambdafor Use case.
- Click
Next. - Choose the following
Permissions policies.AWSLambdaBasicExecutionRoleCloudWatchFullAccessSecretsManagerReadWrite
- Click
Next. - Enter
Role name, verify permissions and ClickCreate role.
- Make a note of the Role name as you will need it during Lambda creation.
- In the AWS Management console go over to Lambda.
- Click
Create function. - Choose option
Author from scratch. - Enter
Function nameand choosePython 3.9for Runtime.
- Choose
Use an existing roleand pick the role created earlier from the drop-down list.
- Click
Create function. - Open the Lambda function.
- Copy and Paste the contents of lambda_function.py into the Code source section.
- Click
Deploy.
- Ensure the Handler is set
lambda_function.lambda_handler.
- Go over to the tab
Configuration. - Edit
General configurationand set Timeout to at least 10 seconds, Memory and Ephemeral storage to 3008MB.
- Edit
Environment variablesto add the following Key/Value pairs.- Key:
REGION, Value:us-west-1. - Key:
SECRET_KEY, Value:LyveCloudKeys– Secret name created earlier.
- Key:
- Go over to the tab
Test. - Click
Testafter creating a new event using default Event JSON.
- Click
Test.
- If
Testreturns error, expand Details or checklogsto see the errors.
- In the AWS Management console go over to Amazon Event Bridge.
- Click
RulesunderEvents. - Click
Create rule. - Enter a name and choose
Scheduleunder Rule detail.
- Click
Next. - Choose your desired Schedule pattern.
- Click
Next - Choose
AWS ServiceLambda functionand the Function created earlier as Target 1.
- Click
Next. - Click
Next– Tags. - Under
Review and createclickCreate rule. - Once successfully created, it should show under Rules as follows:
- In the AWS Management console go over to CloudWatch.
Important: Make sure the region you are on is the desired one. - Select
Dashboards. - Click
Create dashboard. - Enter a name and click
Create dashboard.
- A popup (Add widget) will appear, choose your desired widget.
- On next popup screen, Choose
Metrics.
- Choose
LyveCloudBucketSizesfrom the Custom namespaces.
- Choose desired metrics and click
Create widget.
- Add more widgets if you desire and click
Save dashboard.
- Once successfully saved, you should see it under Custom dashboards as follows:
A sample CloudWatch dashboard for illustration:
Given below is the overall architecture diagram of this solution:
- April 12, 2022: Siva Gurunathan (siva.gurunathan@seagate.com) on Windows
- April 13, 2022: Bari Arviv (bari.arviv@seagate.com) on MacOS
This section will describe the representation of each of the folders or files in the structure.
.
├── README.md
├── cloudwatch-dashboards
│ └── sample-dashboard.json
│ └── sample-dashboard-2.json
├── images
│ └── <Collection of .png files>
└── code
└── lambda_function.py
This folder contains samples of dashboards that can be imported to CloudWatch.
Contains images for the documentation.
This folder contains the lambda functions that are used to pull lyve cloud bucket metrics.