/cloudwatch-adapter

Makes Exasol database monitoring data available in AWS CloudWatch

Primary LanguageJavaMIT LicenseMIT

Exasol – AWS Cloudwatch Adapter

Build Status

Quality Gate Status

Security Rating Reliability Rating Maintainability Rating Technical Debt

Code Smells Coverage Duplicated Lines (%) Lines of Code

This adapter transfers the statistics from the Exasol database to AWS CloudWatch metrics. This adapter runs independently of the Exasol database in an AWS Lambda function.

Setup

Create an Exasol User

The CloudWatch adapter accesses your Exasol database via its SQL interface. For that it needs credentials. We recommend creating a dedicated user for that purpose:

CREATE USER CLOUDWATCH_ADAPTER IDENTIFIED BY "<PASSWORD>";

GRANT CREATE SESSION TO CLOUDWATCH_ADAPTER;

Don't forget to use a strong, randomly generated password instead of <PASSWORD>.

Store Credentials in AWS Secrets Manager

Create a new secret in the AWS Secrets Manager with the following values:

  • host: VPC internal ip address of your Exasol database
  • port: Exasol JDBC port (default: 8563)
  • username: Name of an Exasol user account with CREATE SESSION privileges
  • password: Password for the account
  • certificateFingerprint: Fingerprint of the database's TLS certificate. This is only required if Exasol uses a self-signed certificate.

VPC Setup

The CloudWatch adapter must run in the same AWS VPC that the Exasol database runs. By that it can access the Exasol database using a internal IP address.

From within the VPC it can however not access the default Endpoints for AWS CloudWatch and SecretsManager.

To add them, go to the AWS VPC Console / Endpoints. There create endpoints for the following AWS services:

  • com.amazonaws.<REGION>.monitoring
  • com.amazonaws.<REGION>.secretsmanager

Make sure that you select the VPC, Subnet and Security group of your Exasol database.

It is important to enable DNS for the endpoint. If it's not possible, you might have to enable DNS in your VPC.

Setup CloudWatch Adapter

  • Open the AWS Lambda Console
  • Click "Create Function"
  • Select "Browse serverless application repository"
  • Search for "ExasolCloudWatchAdapter"
  • Fill out the application settings
    • ExasolDeploymentName: A name describing the Exasol installation you want to monitor. The adapter adds this name as a dimension to the metrics in Cloudwatch. This will help you to distinguish the data if you monitor more than one Exasol deployment.

    • ExasolConnectionSecretArn: ARN of Secrets Manager secret you created in a previous step.

    • Metrics: A comma-separated list of metrics. If empty, the adapter reports all metrics. List of supported metrics.

    • SubnetId: ID of the VPC subnet of the Exasol database.

    • SecurityGroup: ID of the security group of the Exasol database.

  • Click on "Deploy"

Create a Dashboard

Now the adapter should transmit the metrics to CloudWatch. To visualize them you have to create a CloudWatch dashboard. You could start from scratch and build your own dashboard. We, however, recommend you to start with our example dashboard. This comes with lots of preconfigured widgets, designed by the best practices of our monitoring experts.

Troubleshooting

If the adapter does not work properly, first check its log output. For that go to the AWS Management Console / Lambda, select the Lambda function of the adapter, and click on Monitoring. There click on View logs in CloudWatch and scan the log files for error messages.

Known Bugs

  • In case your Exasol database uses a timezone with time-shift as DBTIMEZONE, this adapter will not report the hour when the time is shifted back, since Exasol stores the statistics entries in the DBTIMEZONE and by that, the log entries are ambiguous in that hour (see #2).
  • Due to a bug in SAM we can not publish the app with a retry count set to 0. This can lead to duplicate reported data if the Lambda fails after reporting some points and EventBridge triggers it again (see #21).

Additional Information

The design of this adapter ensures that points are never written twice, which would lead to wrong statistics. It does, however not assure that all points are written. In case of temporary errors with the Exasol database or the CloudWatch API, it can occur that data points are missing.