From e9d3708cfcf20230fe8af634a65e8953fcae96f7 Mon Sep 17 00:00:00 2001 From: bmorelli25 Date: Mon, 3 Oct 2022 16:49:21 -0700 Subject: [PATCH] docs: fix layout in new book --- docs/monitoring-aws-lambda.asciidoc | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/docs/monitoring-aws-lambda.asciidoc b/docs/monitoring-aws-lambda.asciidoc index 4b9d915b..9615a4da 100644 --- a/docs/monitoring-aws-lambda.asciidoc +++ b/docs/monitoring-aws-lambda.asciidoc @@ -33,9 +33,11 @@ By using an AWS Lambda extension, Elastic APM agents can send data to a local La As described in <>, using Elastic APM with AWS Lambda requires adding both the Elastic APM AWS Lambda extension and a corresponding Elastic APM agent to the Lambda runtime. These components may introduce a small overhead on the size of your function's deployment package as well as the execution duration of your function's invocations. +[float] === Impact on the deployment package size These components contribute a little to the uncompressed deployment package size of your Lambda function. Overall, the impact of using Elastic APM on the uncompressed deployment package size of your Lambda function is less than 30MB. +[float] === Performance impact An advantage of the Elastic APM AWS Lambda extension architecture is that APM data dispatching is decoupled from your function's request processing. The Elastic APM AWS Lambda extension flushes APM data to the Elastic backend _after_ your function responds to the client's request. Thus, it does not affect the latency of the client's request. @@ -65,26 +67,32 @@ The configuration options for the APM agents are documented in the corresponding The following configuration options are particularly relevant for the {apm-lambda-ext}: +[float] [[aws-lambda-extension]] === `ELASTIC_APM_LAMBDA_APM_SERVER` This required config option controls where the {apm-lambda-ext} will ship data. This should be the URL of the final APM Server destination for your telemetry. +[float] === `ELASTIC_APM_LAMBDA_AGENT_DATA_BUFFER_SIZE` The size of the buffer that stores APM agent data to be forwarded to the APM server. The _default_ is `100`. +[float] [[aws-lambda-config-authentication-keys]] === `ELASTIC_APM_SECRET_TOKEN` or `ELASTIC_APM_API_KEY` One of these (or, alternatively, the corresponding settings for the AWS Secrets Manager IDs) needs to be set as the authentication method that the {apm-lambda-ext} uses when sending data to the URL configured via `ELASTIC_APM_LAMBDA_APM_SERVER`. Alternatively, you can store your APM Server credentials <> and use the <> config options, instead. Sending data to the APM Server if none of these options is set is possible, but your APM agent must be allowed to send data to your APM server in https://www.elastic.co/guide/en/apm/guide/current/configuration-anonymous.html[anonymous mode]. +[float] [[aws-lambda-config-secrets-manager-options]] === `ELASTIC_APM_SECRETS_MANAGER_SECRET_TOKEN_ID` or `ELASTIC_APM_SECRETS_MANAGER_API_KEY_ID` Instead of specifying the <> as plain text in your Lambda environment variables, you can <> to securely store your APM authetication keys. The `ELASTIC_APM_SECRETS_MANAGER_API_KEY_ID` or `ELASTIC_APM_SECRETS_MANAGER_SECRET_TOKEN_ID` config options allow you to specify the Secrets Manager's secret id of the stored APM API key or APM secret token, respectively, to be used by the {apm-lambda-ext} for authentication. `ELASTIC_APM_SECRETS_MANAGER_SECRET_TOKEN_ID` takes precedence over <>, and `ELASTIC_APM_SECRETS_MANAGER_API_KEY_ID` over <>, respectively. +[float] === `ELASTIC_APM_SERVICE_NAME` The configured name of your application or service. The APM agent will use this value when reporting data to the APM Server. If unset, the APM agent will automatically set the value based on the Lambda function name. Use this config option if you want to group multiple Lambda functions under a single service entity in APM. +[float] [[aws-lambda-config-data-receiver-timeout-seconds]] === `ELASTIC_APM_DATA_RECEIVER_TIMEOUT_SECONDS` @@ -92,6 +100,7 @@ deprecated::[1.2.0,Replaced by `ELASTIC_APM_DATA_RECEIVER_TIMEOUT`. See <> for authentication of the {apm-lambda-ext}, the corresponding keys are specified in plain text in the environment variables of your Lambda function. If you prefer to securely store the authentication keys, you can use the AWS Secrets Manager and let the extension retrieve the actual keys from the AWS Secrets Manager. Follow the instructions below to set up the AWS Secrets Manager with the extension. +[float] [[aws-lambda-secrets-manager-create-secret]] === Step 1: Create a secret in the AWS Secrets Manager. https://docs.aws.amazon.com/secretsmanager/latest/userguide/create_secret.html[Create a secret in the AWS Secrets Manager] for the {apm-guide-ref}/secret-token.html[APM Secret Token] or the {apm-guide-ref}/api-key.html[APM API key], depending on which one you prefer to use. Make sure to create the secret as a *Plaintext* typed secret and ensure it is created *in the same AWS region* as your target Lambda function that will use the secret. @@ -148,12 +163,14 @@ include::./secrets-manager/create-secret-widget.asciidoc[] Remember your chosen secret name. You will use the secret name as the value for the config options <> when configuring your {apm-lambda-ext}. +[float] [[aws-lambda-secrets-manager-permissions]] === Step 2: Add permissions to your AWS Lambda function For your Lambda function to be able to retrieve the authentication key from the AWS Secrets Manager, you need to provide the following permissions to your Lambda function. include::./secrets-manager/add-permissions-widget.asciidoc[] +[float] === Step 3: Configure the {apm-lambda-ext} Finally, you will need to configure the {apm-lambda-ext} to use the secret from the Secrets Manager _instead of_ the value provided through <>.