EC2 process issues detection and alerting

By

Process issues detection on EC2 instances 

Graphical user interface Description automatically generated 

 

This stack would deploy the following resources in target AWS account 

  • AWS SSM documents – These documents are used to configure CloudWatch agent on Linux and Windows hosts 

  • Lambda function, IAM role for the lambda function and CloudWatch log group 

  • CloudWatch alarms for each process that need to be monitored 

  • SNS topics/subscriptions  

 

Usage 

Prerequisites - make sure the target instance/s are managed through aws ssm and has an IAM role with a policy which capable of writing metrics data to CloudWatch and read files from config data s3 bucket (CloudWatchAgentAdminPolicy, CloudWatchLogsFullAccess, AmazonS3ReadOnlyAccess) 


Note that this solution does not require for you to have SSH/RDP keys/credentials to deploy the configurations. 


Navigate to the configs directory and modify the config.json file in the linux/windows directories based on the OS/platform of the target instance. 

This CloudWatch agent configuration file is a JSON file with two sections: agent and metrics. 

The agent section includes fields for the overall configuration of the agent.  

The metrics section specifies the custom metrics for collection and publishing to CloudWatch.  

To add a new process to be monitored, add a new stanza under procstat object. The region information will get appended to the configuration file automatically upon running the deployment script. 

 

Configuration file for linux instances 

Provide the pid file name of the process you want to monitor in the configuration file. 

{ 

    "agent": { 

        "run_as_user": "cwagent", 

        "region": "us-east-1" 

    }, 

    "metrics": { 

        "namespace": "procstatpoc", 

        "metrics_collected": { 

            "procstat": [ 

                { 

                    "pid_file": "/var/run/nginx.pid", 

                    "measurement": [ 

                        "cpu_usage", 

                        "memory_rss" 

                    ] 

                } 

            ] 

        } 

    } 

} 

 

Configuration file for windows instances 

Provide the exe file name of the process you want to monitor in the configuration file. 

{ 

    "agent": { 

        "run_as_user": "cwagent", 

        "region": "us-east-1" 

    }, 

    "metrics": { 

        "namespace": "procstatpoc", 

        "metrics_collected": { 

            "procstat": [ 

                { 

                    "exe": "java", 

                    "measurement": [ 

                        "cpu_usage", 

                        "memory_rss" 

                    ] 

                }

            ] 

        } 

    } 

} 

 

To deploy the changes, run the deploy.sh script. It requires to provide the target account id, region, instance id and platform type of the instance. 

This will deploy/update the resources mentioned above as needed and configure the CloudWatch agent according to the provided configuration files. 

The metric data can be found under the procstatpoc custom namespace in CloudWatch metrics, which get created once the agent configuration get completed. 

If a configured process failed, an email notification will get send to the target audience

Comments

Post a Comment

Popular posts from this blog

Cross Site Request Forgery attacks mitigation

By
Image
Secure Software Systems Author - Viraj Dissanayake Ø Introduction              This article will be focusing on the understanding of the CSRF and the implementation of the mitigating these kind of attacks. Ø Cross site request forgery              Before moving on to the Overview of CSRF attacks, make sure to have a clear idea of these terms Ø Web applications             Web applications are the main target of CSRF attacks             Web applications are services which exposed by organizations on the internet             Most of the web applications rely on three components §   The client – throughout this article we consider the browser as the client §   The web server – forward the client requests to the application server §   The backend – a database Ø Client side HTTP methods(GET/POST)              GET – The most common request sent by the browser to request for content. All the parameters are send in query parameter        
Read more

Splunk ES CI/CD pipeline

By
Image
Splunk Cloud CI/CD pipeline - GitOps   Dev stage     Workflow   When the co nfigurations get pushed to a feature branch or to the dev branch , the Jenkins pipeline get triggered . This would send a notification to the developer in the MS Teams channel acknowledging that the build process has been started.   The pipeline will execute the stages relevant to dev changeset. this includes running validations and generating changelogs .   The generated reports get send to the developer via MS Teams channel.   The changelog report includes the details about the changes that would take effect on Splunk staging environment (When changes get committed to staging branch).     W hen you push configurations to feature/dev branch Pipeline runs to execute terraform plan, but nothing is applied to any environment.   ( e . g : I f the developer places/remove s the Splunk app he’s developed from the Splunkapps /deployer-apps directory and pushes the changes in to a feature branch it will
Read more