This adapter transfers the statistics from the Exasol database to AWS CloudWatch metrics. This adapter runs independently of the Exasol database in an AWS Lambda function.
The CloudWatch adapter accesses your Exasol database via its SQL interface. For that it needs credentials. We recommend creating a dedicated user for that purpose:
CREATE USER CLOUDWATCH_ADAPTER IDENTIFIED BY "<PASSWORD>";
GRANT CREATE SESSION TO CLOUDWATCH_ADAPTER;
Don't forget to use a strong, randomly generated password instead of <PASSWORD>
.
Create a new secret in the AWS Secrets Manager with the following values:
host
: VPC internal ip address of your Exasol databaseport
: Exasol JDBC port (default: 8563)username
: Name of an Exasol user account withCREATE SESSION
privilegespassword
: Password for the accountcertificateFingerprint
: Fingerprint of the database's TLS certificate. This is only required if Exasol uses a self-signed certificate.
The CloudWatch adapter must run in the same AWS VPC that the Exasol database runs. By that it can access the Exasol database using a internal IP address.
From within the VPC it can however not access the default Endpoints for AWS CloudWatch and SecretsManager.
To add them, go to the AWS VPC Console / Endpoints. There create endpoints for the following AWS services:
com.amazonaws.<REGION>.monitoring
com.amazonaws.<REGION>.secretsmanager
Make sure that you select the VPC, Subnet and Security group of your Exasol database.
It is important to enable DNS for the endpoint. If it's not possible, you might have to enable DNS in your VPC.
- Open the AWS Lambda Console
- Click "Create Function"
- Select "Browse serverless application repository"
- Search for "ExasolCloudWatchAdapter"
- Fill out the application settings
-
ExasolDeploymentName
: A name describing the Exasol installation you want to monitor. The adapter adds this name as a dimension to the metrics in Cloudwatch. This will help you to distinguish the data if you monitor more than one Exasol deployment. -
ExasolConnectionSecretArn
: ARN of Secrets Manager secret you created in a previous step. -
Metrics
: A comma-separated list of metrics. If empty, the adapter reports all metrics. List of supported metrics. -
SubnetId
: ID of the VPC subnet of the Exasol database. -
SecurityGroup
: ID of the security group of the Exasol database.
-
- Click on "Deploy"
Now the adapter should transmit the metrics to CloudWatch. To visualize them you have to create a CloudWatch dashboard. You could start from scratch and build your own dashboard. We, however, recommend you to start with our example dashboard. This comes with lots of preconfigured widgets, designed by the best practices of our monitoring experts.
If the adapter does not work properly, first check its log output. For that go to the AWS Management Console / Lambda
, select the Lambda function of the adapter, and click on Monitoring
. There click on View logs in CloudWatch
and scan the log files for error messages.
- In case your Exasol database uses a timezone with time-shift as
DBTIMEZONE
, this adapter will not report the hour when the time is shifted back, since Exasol stores the statistics entries in theDBTIMEZONE
and by that, the log entries are ambiguous in that hour (see #2). - Due to a bug in SAM we can not publish the app with a retry count set to 0. This can lead to duplicate reported data if the Lambda fails after reporting some points and EventBridge triggers it again (see #21).
The design of this adapter ensures that points are never written twice, which would lead to wrong statistics. It does, however not assure that all points are written. In case of temporary errors with the Exasol database or the CloudWatch API, it can occur that data points are missing.