AWS Cloudformation 启用 Performance Insights

Posted 2023-03-04

【中文标题】AWS Cloudformation 启用 Performance Insights

【英文标题】：AWS Cloudformation to enable Performance Insights

【发布时间】：2018-08-01 17:33:20

【问题描述】：

有谁知道CloudFormation 是否可以启用Performance Insights（适用于AWS Aurora）？ 它在Terraform 和performance_insights_enabled 中可用，但我在CloudFormation 中找不到等效项。

谢谢

【问题讨论】：

在撰写本文时，EnablePerformanceInsights 似乎不是AWS::RDS::DBInstance 中的一个选项，尽管它是 RDS CreateDBInstance API 调用中的一个元素，很可能是 terraform用途。根据之前的经验，我认为这很可能是因为 Performance Insights 仍处于预览阶段。

根据这篇文章：forums.aws.amazon.com/thread.jspa?threadID=266423&tstart=0，目前（2018 年 3 月 8 日）无法启用 Performance Insights。

【参考方案1】：

现已支持通过 CloudFormation 启用 Performance Insights：https://aws.amazon.com/about-aws/whats-new/2018/11/aws-cloudformation-coverage-updates-for-amazon-secrets-manager--/

【讨论】：

这是边界线link-only answer。您应该在此处扩展您的答案以包含尽可能多的信息，并使用该链接仅供参考。

我准确地回答了所提出的问题，并提供了官方确认的链接。

【参考方案2】：

目前无法使用原生 CFN，但由于您可以在 CFN 模板中执行自定义 Lambda 代码（即Type: 'Custom::EnablePerformanceInsights'），因此您可以在模板中执行以下操作：

  EnablePerformanceInsights:
    Type: 'Custom::EnablePerformanceInsights'
    Properties:
      ServiceToken: !Sub 'arn:aws:lambda:$AWS::Region:$AWS::AccountId:function:enable-performance-insights-$LambdaStackGuid'
      DBInstanceId: !Ref 'RDSInstance'
      PerformanceInsightsKMSKeyId: !Ref 'DefaultKMSKeyArn'
      PerformanceInsightsRetentionPeriod: 7

您的职能和角色定义可能是：

  ModifyRDSInstanceLambdaRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - 'lambda.amazonaws.com'
          Action:
          - 'sts:AssumeRole'
      Path: '/'
      Policies:
      - PolicyName: 'AmazonLambdaServicePolicy'
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
            - 'logs:CreateLogGroup'
            - 'logs:CreateLogStream'
            - 'logs:PutLogEvents'
            - 'rds:*'
            - 'kms:*'
            Resource: '*'

  EnablePerformanceInsightsLambda:
    Type: 'AWS::Lambda::Function'
    Properties:
      FunctionName: !Join [ '-', [ 'enable-performance-insights', !Select [ 2, !Split [ '/', !Ref 'AWS::StackId' ]]]]
      Handler: 'enable-performance-insights.lambda_handler'
      Code:
        S3Bucket: !Ref 'S3Bucket'
        S3Key: !Sub 'lambda-functions/enable-performance-insights.zip'
      Runtime: python2.7
      Role: !Ref 'ModifyRDSInstanceLambdaRole'
      Description: 'Enable RDS Performance Insights.'
      Timeout: 300

函数代码会导入boto3来处理AWS API：

import cfnresponse # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html
import boto3
import os
from retrying import retry
from uuid import uuid4


resource_id = str(uuid4())
region = os.getenv('AWS_REGION')
profile = os.getenv('AWS_PROFILE')

if profile:
    session = boto3.session.Session(profile_name=profile)
    boto3.setup_default_session(profile_name=profile)

client = boto3.client('rds', region_name=region)


@retry(wait_exponential_multiplier=1000, wait_exponential_max=10000, stop_max_delay=300000)
def enable_performance_insights(DBInstanceId=None, PerformanceInsightsKMSKeyId=None, PerformanceInsightsRetentionPeriod=None):
    response = client.modify_db_instance(
        DBInstanceIdentifier=DBInstanceId,
        EnablePerformanceInsights=True,
        PerformanceInsightsKMSKeyId=PerformanceInsightsKMSKeyId,
        PerformanceInsightsRetentionPeriod=int(PerformanceInsightsRetentionPeriod),
        ApplyImmediately=True
    )
    assert response
    return response


@retry(wait_exponential_multiplier=1000, wait_exponential_max=10000, stop_max_delay=300000)
def disable_performance_insights(DBInstanceId=None):
    response = client.modify_db_instance(
        DBInstanceIdentifier=DBInstanceId,
        EnablePerformanceInsights=False,
        ApplyImmediately=True
    )
    assert response
    return response


def lambda_handler(event, context):
    print(event, context, boto3.__version__)

    try:
        DBInstanceIds = event['ResourceProperties']['DBInstanceId'].split(',')
    except:
        DBInstanceIds = []

    PerformanceInsightsKMSKeyId = event['ResourceProperties']['PerformanceInsightsKMSKeyId']
    PerformanceInsightsRetentionPeriod = event['ResourceProperties']['PerformanceInsightsRetentionPeriod']

    try:
        ResourceId = event['PhysicalResourceId']
    except:
        ResourceId = resource_id

    responseData = 

    if event['RequestType'] == 'Delete':
        try:
            for DBInstanceId in DBInstanceIds:
                response = disable_performance_insights(DBInstanceId=DBInstanceId)
                print(response)
        except Exception as e:
            print(e)

        cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, physicalResourceId=ResourceId)
        return

    try:
        for DBInstanceId in DBInstanceIds:
            response = enable_performance_insights(
                DBInstanceId=DBInstanceId,
                PerformanceInsightsKMSKeyId=PerformanceInsightsKMSKeyId,
                PerformanceInsightsRetentionPeriod=PerformanceInsightsRetentionPeriod
            )
            print(response)
    except Exception as e:
        print(e)

    cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, physicalResourceId=ResourceId)

（从工作堆栈复制/编辑）

【讨论】：

使用 generic-custom-resource-provider 的示例：github.com/ab77/cfn-generic-custom-resource#modify-db-instance