Grafana 系列-统一展示-4-AWS Cloudwatch 数据源
Posted east4ming
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Grafana 系列-统一展示-4-AWS Cloudwatch 数据源相关的知识,希望对你有一定的参考价值。
系列文章
AWS Cloudwatch 数据源
对于 AWS Cloudwatch, 主要在于 3 种不同的认证方式:
- AWS SDK Default
- IAM Role
- AK&SK
- Credentials file
现在推荐的是使用 IAM Role 的认证方式,避免了密钥泄露的风险。
但是特别要注意的是,要读取 CloudWatch 指标和 EC2 标签 (tags)、实例、区域和告警,你必须通过 IAM 授予 Grafana 权限。你可以将这些权限附加到你在 AWS 认证中配置的 IAM role 或 IAM 用户。
IAM policy 示例如下:
Metrics-only:
"Version": "2012-10-17",
"Statement": [
"Sid": "AllowReadingMetricsFromCloudWatch",
"Effect": "Allow",
"Action": [
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricData",
"cloudwatch:GetInsightRuleReport"
],
"Resource": "*"
,
"Sid": "AllowReadingTagsInstancesRegionsFromEC2",
"Effect": "Allow",
"Action": ["ec2:DescribeTags", "ec2:DescribeInstances", "ec2:DescribeRegions"],
"Resource": "*"
,
"Sid": "AllowReadingResourcesForTags",
"Effect": "Allow",
"Action": "tag:GetResources",
"Resource": "*"
]
Logs-only:
"Version": "2012-10-17",
"Statement": [
"Sid": "AllowReadingLogsFromCloudWatch",
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups",
"logs:GetLogGroupFields",
"logs:StartQuery",
"logs:StopQuery",
"logs:GetQueryResults",
"logs:GetLogEvents"
],
"Resource": "*"
,
"Sid": "AllowReadingTagsInstancesRegionsFromEC2",
"Effect": "Allow",
"Action": ["ec2:DescribeTags", "ec2:DescribeInstances", "ec2:DescribeRegions"],
"Resource": "*"
,
"Sid": "AllowReadingResourcesForTags",
"Effect": "Allow",
"Action": "tag:GetResources",
"Resource": "*"
]
Metrics and Logs:
"Version": "2012-10-17",
"Statement": [
"Sid": "AllowReadingMetricsFromCloudWatch",
"Effect": "Allow",
"Action": [
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricData",
"cloudwatch:GetInsightRuleReport"
],
"Resource": "*"
,
"Sid": "AllowReadingLogsFromCloudWatch",
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups",
"logs:GetLogGroupFields",
"logs:StartQuery",
"logs:StopQuery",
"logs:GetQueryResults",
"logs:GetLogEvents"
],
"Resource": "*"
,
"Sid": "AllowReadingTagsInstancesRegionsFromEC2",
"Effect": "Allow",
"Action": ["ec2:DescribeTags", "ec2:DescribeInstances", "ec2:DescribeRegions"],
"Resource": "*"
,
"Sid": "AllowReadingResourcesForTags",
"Effect": "Allow",
"Action": "tag:GetResources",
"Resource": "*"
]
跨账号可观测性:
"Version": "2012-10-17",
"Statement": [
"Action": ["oam:ListSinks", "oam:ListAttachedLinks"],
"Effect": "Allow",
"Resource": "*"
]
AWS Cloudwatch 数据源配置示例
几种认证方式的 AWS CLoudwatch 配置示例如下:
AWS SDK(default):
apiVersion: 1
datasources:
- name: CloudWatch
type: cloudwatch
jsonData:
authType: default
defaultRegion: eu-west-2
使用 Credentials 配置文件:
apiVersion: 1
datasources:
- name: CloudWatch
type: cloudwatch
jsonData:
authType: credentials
defaultRegion: eu-west-2
customMetricsNamespaces: \'CWAgent,CustomNameSpace\'
profile: secondary
使用 AK&SK:
apiVersion: 1
datasources:
- name: CloudWatch
type: cloudwatch
jsonData:
authType: keys
defaultRegion: eu-west-2
secureJsonData:
accessKey: \'<your access key>\'
secretKey: \'<your secret key>\'
使用 AWS SDK Default 和 IAM Role 的 ARM 来 Assume:
apiVersion: 1
datasources:
- name: CloudWatch
type: cloudwatch
jsonData:
authType: default
assumeRoleArn: arn:aws:iam::123456789012:root
defaultRegion: eu-west-2
Cloudwatch 自带仪表板
Cloudwatch 自带的几个仪表板都不太好用,建议使用 monitoringartist/grafana-aws-cloudwatch-dashboards 替代。
创建告警的查询
告警需要返回 numeric 数据的查询,而 CloudWatch Logs 支持这种查询。例如,你可以通过使用 stats
命令来启用告警。
这也是一个有效的查询,用于对包括文本 "Exception" 的消息发出告警:
filter @message like /Exception/
| stats count(*) as exceptionCount by bin(1h)
| sort exceptionCount desc
跨账户的可观察性
CloudWatch 插件使您能够跨区域账户监控应用程序并排除故障。利用跨账户的可观察性,你可以无缝地搜索、可视化和分析指标和日志,而不必担心账户的界限。
要使用这个功能,请在 AWS 控制台的 Cloudwatch 设置下,配置一个 monitoring 和 source 账户,然后按照上文所述添加必要的 IAM 权限。
AWS系列-S3实现文件服务页面展示
最近由于业务需求,对于备份的数据存放到S3上面,并需要页面展示。而且还能下载。
把这个桶里面的对象,都在某个静态页面展示。并且 我可以把这个对象下载下来。
首页内容就是 桶里面的对象。
并且可以随时查看。我在ec2同步到s3后,这个页面也能实时更新到最新的。
解决方法:
把index.html放入公共S3存储桶的根目录即可。
此链接是原作者写的代码,非常感谢作者!
https://github.com/nolanlawson/pretty-s3-index-html
效果图:
以上是关于Grafana 系列-统一展示-4-AWS Cloudwatch 数据源的主要内容,如果未能解决你的问题,请参考以下文章
Grafana 系列-统一展示-5-AWS Cloudwatch 仪表板