Overview:
This page has the detailed steps involved to enable AWS API Gateway monitoring.
Prerequisites:
- Enabled detailed logging for API Gateway (Full Request and Response Logs). We need this enabled for the REST API Gateways to mirror all the details. Otherwise, we won’t be able to use most of the traceable platform features like API catalog, etc.
- Enable access logs with the below JSON arguments and enable to the same log group:
{
"requestId":"$context.requestId",
"ip":"$context.identity.sourceIp",
"httpMethod":"$context.httpMethod",
"path":"$context.path",
"status":"$context.status",
"responseLength":"$context.responseLength",
"domainName":"$context.domainName"
}
Flow Diagram:
Installation:
This terraform template creates AWS resources to enable traffic mirroring for an AWS API Gateway. It creates an EC2 instance where Traceable and logstash services are running. We fetch Cloudwatch logs every 5 minutes, parse the data, and send to Traceable UI.
Before You Begin
- Keep Traceable's access token handy. We can copy the access token by logging into your Traceable platform and then navigating to Administration → Account → Agent Token.
-
Make sure that Terraform is already installed. For more information on installing Terraform, see Download Terraform.
-
Configure AWS in the shell you’re using and verify that the region is set correctly. Refer Configure AWS for more.
List of created AWS Resources
The following resources will be created during this deployment. Make sure that the IAM user configured on the CLI has sufficient permissions to create these resources.
- EC2 Instance
- Security Group
- Instance Profile
- IAM policy and IAM role (if role_name is not provided.)
Proceed to the installation phase now.
Installation Steps
Step 1: Download
Enter the following command to download the AWS API Gateway traffic mirroring tarball:
curl -O https://downloads.traceable.ai/install/aws-api-gateway/terraform/latest/aws-api-gateway-tf.tar.gz
Untar the tarball and change directory using below commands:
tar xvzf traffic-mirroring-aws-api-gateway.tar.gz
cd traffic-mirroring-aws-api-gateway/
Step 2: Configure terraform variables
The following tables describe the various terraform variables.
Name |
Type |
Default value |
Description |
|
|
|
See the next section |
|
|
|
Subnet ID where Traceable Instance will be created. |
|
|
|
SSH key name that should be attached to Traceable EC2 instance. |
|
|
|
Instance type name of Traceable instance. |
|
|
|
Traceable Platform token. |
|
|
|
Environment under which mirrored traffic will be seen on the Traceable platform. |
|
|
|
Service name for mirrored traffic. |
|
|
|
Traceable API endpoint. |
|
|
|
Additional tags to be applied on all the Traceable resources. |
api_gateways
The api_gateways
objects has the following values:
Name |
Type |
Default value |
Description |
|
|
|
Action to be taken on the
|
|
|
|
List of API IDs to consider for the above
|
By default, the above variable is configured to monitor all API Gateways.
Example usage
The following configuration will monitor preprod
stage of the API Gateway with ID=a78dyas7al
and all stages of API Gateway with ID=fgd77s90sa
.
Sample example terraform.tfvars file looks like this:
api_gateways = {
action = "include"
value = ["a78dyas7al/preprod", "fgd77s90sa"]
}
subnet_id = "subnet-1234abc"
key_name = "my-key-pair"
traceable_refresh_token = "my-token"
traceable_environment = "my-env"
traceable_service_name = "my-service-name"
tags = {
"TAG1" = "VALUE1"
"TAG2:GLOBAL" = "VALUE2"
}
Step 3: Install
Run the following to apply the terraform changes:
-
terraform init
-
terraform apply
Verification
Once these steps are executed successfully, we should be able to see the traces on the Traceable Platform.
For any further issues, please contact the traceable support team.
Uninstall
To uninstall the Traceable AWS API Gateway monitoring, we need to delete the installation using the command:
-
terraform destroy