Stan's Corner

 View Only

Observing AWS Lambda easily with Instana

By Aneetta Thomas posted Thu December 29, 2022 03:02 AM

  

Co-authors: @Sreehari R Chandran

What is
AWS Lambda?

AWS Lambda is an event-driven, server-less computing platform provided by Amazon as a part of Amazon Web Services. It is a computing service that runs code in response to events and automatically manages the computing resources required by that code. To know more about how to create lambda functions in AWS, click here.

Why monitor
AWS Lambda with Instana?

Lambda automatically tracks utilisation and performance metrics for your functions. Monitoring this data can help you optimise your functions and manage costs. AWS Lambda Functions are often used as a part of a larger system,This comes with the challenge, that services in AWS can be traced with AWS X-Ray. On the other hand services outside of AWS are not part of the X-Ray traces and require an additional Distributed Tracing solution.The result, fragmented, independent traces and the loss of understanding of the full request flow.

Instana extension offers modification-free, low latency tracing of Lambda server less functions backed by our real time Enterprise Observability platform. This work improves upon our existing AWS Lambda tracing to greatly decrease the latency for short lived functions.

Monitoring Lambda by using Instana

Instana monitors AWS Lambda by using a set of per-language Lambda Layers. Instana has proved to be a very efficient mechanism to deliver instrumentation. Layers offer a simple, two-step monitoring process, which can be accomplished without making any code changes. To monitor a Lambda function with Instana, you only need to:

1.    Add the layer to the target function.

2.    Set the appropriate environment variables.

Note: Make sure that you have an Instana AWS Sensor running in your AWS region.

Setting up the Instana AWS Sensor

The AWS Agent monitors lots of different AWS technologies in one single package. For the full list, refer to the supported AWS Services list.

Note: You are advised to run the Instana’s AWS sensor on a dedicated EC2, "Current Generation General Purpose" Linux Virtual Machine. The m4.large instances, for example, are perfectly suited to the task. Use the following as "User Data" when you spin up the dedicated EC2 Virtual Machine. Know more about installation click here.

Setting up IAM  permissions for the AWS sensor

1. On the Home page of AWS console, select the IAM option.

2. Select Roles from the pop-up window to create new role.


3. Choose the create role button, and add a custom trust policy in the pop-up window.

The IAM role that contains the permissions above needs to be able to perform the "AssumeRole" action, so, make sure to edit the "Trust Relationship" as follows:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}


4. Click next, and then create a new policy.


The AWS Agent needs the following IAM permissions:


{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "elasticbeanstalk:DescribeEnvironments",
        "elasticbeanstalk:ListTagsForResource",
        "elasticbeanstalk:DescribeInstancesHealth",
        "dynamodb:ListTables",
        "dynamodb:DescribeTable",
        "dynamodb:ListTagsOfResource",
        "rds:DescribeDBInstances",
        "rds:DescribeEvents",
        "rds:ListTagsForResource",
        "sqs:ListQueues",
        "sqs:GetQueueAttributes",
        "sqs:ListQueueTags",
        "elasticache:ListTagsForResource",
        "elasticache:DescribeCacheClusters",
        "elasticache:DescribeEvents",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeTags",
        "elasticmapreduce:ListClusters",
        "elasticmapreduce:DescribeCluster",
        "es:ListDomainNames",
        "es:DescribeElasticsearchDomain",
        "es:ListTags",
        "ec2:DescribeInstances",
        "ec2:DescribeTags",
        "ec2:DescribeVolumes",
        "kafka:ListClusters",
        "kafka:ListNodes",
        "kafka:ListTagsForResource",
        "kafka:DescribeCluster",
        "kinesis:ListStreams",
        "kinesis:DescribeStream",
        "kinesis:ListTagsForStream",
        "lambda:ListTags",
        "lambda:ListFunctions",
        "lambda:ListVersionsByFunction",
        "lambda:ListEventSourceMappings",
        "lambda:GetFunctionConfiguration",
        "mq:ListBrokers",
        "mq:DescribeBroker",
        "s3:GetBucketTagging",
        "s3:ListAllMyBuckets",
        "s3:GetBucketLocation",
        "xray:BatchGetTraces",
        "xray:GetTraceSummaries",
        "tag:GetResources"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": [
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:GetMetricData",
        "cloudwatch:ListMetrics"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

Creating an EC2 instance for hosting AWS sensor

1. Open EC2 from the AWS console Home.


2. Launch an instance, but make sure that the instance is created in the same region as the Lambda functions and the image is the same as that of Lambda architecture. 

3. Choose the created IAM instance profile from the drop-down list .

4. Enter the following command in the user data, which will automatically install and run AWS sensor and launch instance.


#!/bin/bash
curl -o setup_agent.sh https://setup.instana.io/agent
chmod 700 ./setup_agent.sh
sudo ./setup_agent.sh -y -a invalid_key -d 2Zykc2m_RiKJnVE-TNNdrA -m aws -t dynamic -e ingress-pink-saas. instana.rocks:443 -s


Lambda setup at Instana

After AWS sensor is set up, monitoring a Lambda function is a two-step process.

  1. Add the layer to the target function.
  2. Set the appropriate environment variables as documented in the installation page.

This can be done either by using the AWS command line or through the user interface, depending on the language that is used to define the function. For Java, you can use either one.

Methods

  • Using command line
    a. Open Instana UI, click More(…) > Agents > Installing Instana Agents > AWS(As Platform) > AWS Lambda(As Technology).

                    

            b. After you select the appropriate region and select the lambda function name from the drop-down list, copy the commands from shell script.

            c. Then, open the AWS command-line interface in the same region as the lambda function is created, and paste the command there.

 This will create a layer in the target lambda function with an ARN (Amazon Recourse Names) and set the appropriate environment variables.

  •  Using the UI
    a. Open Instana UI, click More (…) > Agents > Installing Instana Agents > AWS(As Platform) > AWS Lambda(As Technology).
    b. Choose the region where lambda function is already created.

            c. Add the layer to the target function.

Open the Target Lambda function, scroll down, select the layers, and click add layers.


           d. Specify the ARN, paste the ARN from Instana on the box, and save the layer by clicking Add.

          e. Set the appropriate Environment variables.

Open the Target lambda function, and click Configuration.


Select environment variables from the left side, and add environmental variables by clicking edit.

Add the following environment variables:
You can also obtain the correct values for these environment variables by going to your Instana installation, click More > Agents > Installing Instana Agents > Platform: "AWS" > Technology: "AWS Lambda".

This will create a layer in the target lambda function with an ARN (Amazon Recourse Names ) and set the appropriate environment variables. Now you can see the performance of Lambda functions on Instana UI.

What to do next

When you log in to our Instana UI, you can see many regions there. Choose your corresponding region that the AWS Lambda function is running, and then see the dashboard of it. You can see the instances that are running on that region like AWS data bases, AWS lambda functions and AWS s3 buckets and so on.

If a new service is started, Instana AutoTrace will instrument the service on the fly and start reporting traces to the Instana backend. Discovery is fully automatic and continuous. If you want to know more about collected Lambda configurations, metrics and so on, see the following topics:

Every service change will be recorded into Instana’s Dynamic Graph backend model. When the service function is deployed to AWS Lambda, Instana AutoTrace will automatically instrument the application and start reporting to your Instana account. So, Lambda function is being monitored successfully in Instana backend, and you can see the metrics correctly.

For more information about Instana and its monitoring capabilities, refer to this document.

 

 




                    

    ​​​​

    Permalink