/honeyaws

Observability for your AWS load balancers, CloudFront, and more

Primary LanguageGoApache License 2.0Apache-2.0

Honeycomb AWS Bundle Build Status

honeyaws is a collection of programs to send events from your AWS infrastructure into Honeycomb, a service for debugging your software in production.

  • honeyelb - A tool for ingesting Elastic Load Balancer access logs. (docs)
  • honeyalb - A tool for ingesting Application Load Balancer access logs.
  • honeycloudfront - A tool for ingesting CloudFront access logs. (docs)
  • honeycloudtrail - A tool for ingesting CloudTrail logs.

Usage & Examples

Install

To install a tool from the Honeycomb AWS Bundle, go get or go install from the properly directory in cmd/ like so:

$ go get github.com/honeycombio/honeyaws/cmd/honeyelb

For an official build, see the docs for the tool you are interested in (linked above).

Usage

Ensure that IAM credentials are properly provided where you are invoking the tools (e.g., via environment variables) and you have a Honeycomb write key. Additionally, you may need to enable access logs, etc., for whichever service you wish to ingest information from. The S3 bucket where they are kept will be looked up automatically.

Most commands can list the targets for observation (ls), as well as invoke ingest to publish the information (access log lines, etc.) as events to Honeycomb.

For instance, let's take a look at honeyelb.

To list load balancers:

$ honeyelb ls
foo-lb
bar-lb
quux-lb

To ingest LB access logs to Honeycomb by name using ingest, specify the name(s) as an argument:

$ honeyelb --writekey=<writekey> ingest foo-lb
... ingesting ...

To ingest all LBs, use honeyelb ingest without any non-flag arguments.

High Availability

There exists the option to run the Honeycomb AWS binaries in a high availability mode. This is done using DynamoDB for management of processed log files. There are a few things that must be set up before running highavail.

First, a table must be created with the name HoneyAWSAccessLogBuckets with a primary key named S3Object and a sort key named Time. We also require that TTL be enabled (we don't want your table to grow infinitely!) with the attribute name TTL. The TTL for objects is 7 days.

Conveniently, we provide you with a CloudFormation template to do just this!

$ aws cloudformation create-stack --stack-name DynamoDBHoneyAWS \
    --template-body file://cloudformation/dynamoDB.yml

Once this table is created, you can simply add the --highavail flag to honeyelb or honeycloudfront.

$ honeyelb --highavail --writekey=<writekey> ingest foo-lb

Now you can have multiple EC2 instances ingesting logs!

Sampling

Sampling is a great way to send fewer events (thereby keeping more history and reducing costs) while still preserving most relevant information. To set a sample rate while using one of the Honeycomb AWS tools, use the --samplerate flag. While the tools run, this base rate will be automatically adjusted by the Honeycomb AWS tools using dynamic sampling to keep more interesting traffic at a higher rate.

For instance, setting the sample flag to 20 will send 1 out of every 20 requests processed to Honeycomb by default. Fields such as elb_status_code are used to lower this ratio for rarer, but relevant, events such as HTTP 500-level errors.

$ honeyelb --samplerate 20 ...  ingest ...

Contributions

Features, bug fixes and other changes to the Honeycomb AWS Bundle are gladly accepted. Please open issues or a pull request with your change. Remember to add your name to the CONTRIBUTORS file!

All contributions will be released under the Apache License 2.0.