Overview:
This page will detail the steps needed to enable AWS API Gateway monitoring.
Prerequisites:
- Enabled detailed logging for API Gateway (Full Request and Response Logs)
- Enable access logs with the below json arguments and enable to the same log group:
{"requestId":"$context.requestId",
"ip":"$context.identity.sourceIp",
"caller":"$context.identity.caller",
"user":"$context.identity.user",
"requestTime":"$context.requestTime",
"httpMethod":"$context.httpMethod",
"path":"$context.path",
"status":"$context.status",
"protocol":"$context.protocol",
"responseLength":"$context.responseLength",
"domainName":"$context.domainName"}
Flow Diagram:
Installation:
This terraform template creates AWS resources to enable traffic mirroring for an AWS API Gateway. It creates an EC2 instance where Traceable and logstash services are running. We fetch cloudwatch logs every 5 minutes, parse the data, and send to Traceable UI.
Before You Begin
- Make sure you have the API Gateway Monitoring terraform tarball needed for this installation. For fetch this tar file, please contact the traceable support team.
- Keep your traceable platform agent (TPA) token handy.
- Make sure to configure AWS from the terminal. Follow AWS doc for help.
List of created AWS Resources
The following resources will be created during this deployment. Make sure that the IAM user configured on the CLI has sufficient permissions to create these resources.
- EC2 Instance
- Security Group
- Instance Profile
- IAM policy and IAM role (if role_name is not provided.)
Proceed to the seinstallation phase now.
Installation Steps
Step 1
Untar the tarball as follows:
-
tar xvf traceable-aws-api-gateway.tar.gz -
cd traceable-aws-api-gateway
Step 2
Create a file terraform.tfvars to provide input as explained below:
|
name |
type |
default |
description |
|
uid |
string |
Unique identifier for this deployment. |
|
|
log_group_name |
string |
Cloudwatch log group name. |
|
|
region |
string |
Cloudwatch log group region. |
|
|
subnet_id |
string |
Subnet ID where Traceable Instance will be created. |
|
|
key_name |
string |
<empty> |
Key name for ssh into the Traceable instance. |
|
instance_type |
string |
m4.xlarge |
Type of Traceable instance. |
|
role_name |
string |
<empty> |
IAM role name to use for Traceable instance. |
|
traceable_refresh_token |
string |
Traceable Platform token. |
|
|
traceable_environment |
string |
traffic-mirroring |
Environment under which mirrored traffic will be seen on the Traceable platform. |
|
traceable_service_name |
string |
traffic-mirroring-service |
Service name for mirrored traffic. |
|
traceable_api_endpoint |
string |
api.traceable.ai |
Traceable endpoint. |
|
service_version |
string |
1.25.1 |
Traceable version. |
|
tags |
map |
Map of tags. |
Sample example terraform.tfvars file looks like this:
uid = "abcdef"
log_group_name = "API-Gateway-Execution-Logs_<<DELETED>>"
region = "us-east-1"
subnet_id = "subnet-<<DELETED>>"
key_name = "my-key-pair"
traceable_refresh_token = "my-token"
traceable_environment = "use1-dev"
traceable_service_name = "my-service-name"
tags = {
key1 = "value1"
key2 = "value2"
}
Step 3
Run the following to apply the terraform changes:
-
terraform init -
terraform apply
Verification
Once these steps are executed successfully, we should be able to see the traces on the Traceable Platform.
For any further issues, please contact the traceable support team.
Uninstall
To uninstall the Traceable AWS API Gateway monitoring, we need to delete the installation using the command:
-
terraform destroy