Integrate AWS Lambda Telemetry API
Feature Availability
This feature is currently available only to SaaS users and is provided as Preview. It is still being actively worked on and is subject to significant change in the upcoming releases.This feature is an extension to the existing AWS Lambda monitoring capabilities via the AWS CloudWatch Metric Streams.
List of Metrics
Sysdig Lambda Extension collects the following metrics. The metrics are measured in milliseconds.
Metrics | Description |
---|---|
aws_lambda_invocations | The number of times the function code is invoked. This count includes both successful invocations and invocations that resulted in a function error. |
aws_lambda_duration | The amount of time the function code spends processing an event. |
aws_lambda_error | The number of invocations that result in a function error. These errors include the exceptions that the code throws and the exceptions that the Lambda runtime throws. |
aws_lambda_postruntime_extensions_duration | The cumulative amount of time that the runtime spends running code for extensions after the function code has been completed. |
List of Labels
Sysdig enriches the Lambda metrics with the following labels:
Label | Description |
---|---|
cloud_provider_account_id | The unique ID associated with your AWS account. |
cloud_provider_name | The source of the metrics. In this case, AWS. |
cloud_provider_region_name | The region associated with your AWS account. |
extention_id | The unique identifier of the Sysdig Lambda Extension. |
function_name | The name of the Lambda function you monitor. |
ingest_source | The method by which you are collecting the metrics. In this case, the value is lambda exporter. |
Configure the Lambda Function
To configure the Lambda function, add the Sysdig Lambda Extension as a layer to your Lambda function, set the Sysdig-specific environment variables, and then run the function.
Publish the Extension
- Download Sysdig Monitor Lambda Extension.
- Log in to your AWS account.
- Publish the extension. You can use either the AWS UI or CLI.
AWS Console
Navigate to Lambda > Layers.
On the Layers page, click Create Layer.
Under Layer configuration, specify the following:
- Name: Specify a unique name for your Sysdig Lambda Extension.
- Description: Optionally, give a description that can help you identify the extension.
Select Upload a .zip file.
Upload the Sysdig Lambda Extension zip file.
Optionally, you can enter other configuration information as described in Creating Layers
Click Create.
AWS CLI
Run the following command:
aws lambda publish-layer-version --layer-name "sysdig-monitor-lambda-extension-v1" --region <your-region> --zip-file "fileb://<path-to-sysdig-monitor-lambda-extension.zip>"
Replace the following:
<your-region>
with the Amazon region where you are running your AWS Lambda function<path-to-sysdig-monitor-lambda-extension-v1.zip>
with the path to thesysdig-monitor-lambda-extension-v1.zip
file.
You should see output similar to the following:
{ "Content": { "Location": "https://awslambda-us-east-2-layers.s3.us-east-2.amazonaws.com/snapshots/059797578166/sysdig-lambda-extension-....", "CodeSha256": "gLJlfhvhm28Xp+21aFf+sthrio8XzjPWHwB+mSbUGs4+", "CodeSize": 4202227 }, "LayerArn": "arn:aws:lambda:us-east-2:059797578166:layer:sysdig-monitor-lambda-extension-v1", "LayerVersionArn": "arn:aws:lambda:us-east-2:059797578166:layer:sysdig-monitor-lambda-extension-v1:3", "Description": "", "CreatedDate": "2022-10-31T19:12:33.965+0000", "Version": 4 }
Copy the ARN value. Specify the ARN while adding the extension as a layer to your Lambda function.
In this example,
arn:aws:lambda:us-east-2:059797578166:layer:sysdig-lambda-extension
Add the Layer
This section assumes that you have already created the Lambda function that you want to monitor.
- Log in to your AWS account.
- On the Lambda function page, select the function you want to monitor.
- On the Function overview page, click Add a layer.
- Click Specify an ARN and paste the ARN you copied earlier.
- Optionally, verify the specified ARN is correct.
- Click Add.
Add Environment Variables
From the Lambda function page, select your Lambda function.
On the function page, click Configuration.
Select Environment variables and specify the following:
- SYSDIG_API_TOKEN: The Sysdig Monitor API associated with your Sysdig account.
- SYSDIG_API_TOKEN_ENCRYPTED: If you want the Sysdig API token to be encrypted in transit, set this option to TRUE. See Encrypt Sysdig API Token for more information.
- SYSDIG_SITE The Collector URL associated with your Sysdig region.
Click Save.
Encrypt Sysdig API Token
If you want the Sysdig API Token to be encrypted prior to sending it to your Lambda function, you can do so by using the Encryption configuration option. Encrypted Sysdig API token will be obscured in the Lambda console and API output, even for the users who have permission to use the key. In your code, the encrypted value will be retrieved from the environment and will be decrypted by using the AWS KMS API.
On the Functions page of the Lambda console, click your function.
Choose Configuration, then select Environment variables from the left navigation bar.
In the Environment variables section, click Edit.
Expand Encryption configuration.
Under Encryption in transit, select Enable helpers for encryption in transit.
Select Encrypt next to the SYSDIG_API_TOKEN environment variable.
Under AWS KMS key to encrypt in transit, select a customer-managed key that you have created.
Copy the Execution role policy in JSON format.
You need the JSON snippet while setting the permissions.
Select Save.
Set up permissions. Because you are enabling the client-side encryption for securing the Sysdig API token in transit, your function needs permission to call the
kms:Decrypt
API operation.- From your function page, select Configuration, and then click Permissions.
- Click the Role name.
- On the role’s page, click Add permissions > Create inline policy.
- Click JSON and paste the JSON snippet you copied earlier.
- Click Review Policy
For more information, see Securing environment variables.
Run the Function
On the function page, run your function a few times by clicking Test. When you run it for the first time, you will be asked to specify a name.
Verify the Connection
Log in to Sysdig Monitor.
Open Explore > Metrics Explorer.
Select Entire Infrastructure on the scope tree.
Search for one of the metrics listed above. For example,
If you can view the list of lambda metrics, the connection is live.aws_lambda_invocations
.You can continue with building dashboards, creating alerts, and exploring with Advisor.
Upgrade Sysdig Monitor Lambda Extension
To upgrade Sysdig Lambda Extension, you need to first download the latest one, create a new version of the layer that you have already created, then attach it to your function.
Create a new version of the layer.
- Navigate to Lambda > Layers.
- On the Layers page, select your layer, then click Create Version.
- Under Layer version configuration, specify the following:
- Name: Specify a unique name for your Sysdig Lambda Extension.
- Description: Optionally, give a description that can help you identify the extension.
- Select Upload a .zip file.
- Upload the new Sysdig Lambda Extension zip file.
- Optionally, you can enter other configuration information as described in Creating Layers
- Click Create.
Attach the new version to your function.
- On the Lambda function page, select your function.
- On the bottom of the page under Layer, Click Edit.
- On the Edit layers page, select the version you want to use.
- Click Save.
Compare AWS Metric Streams and AWS Telemetry APIs
Metric Streams | Telemetry APIs |
---|---|
Ingests metrics into Sysdig from a Firehose connection. | Processes metrics from Lambda events that are generated in Lambda execution environments in real time. |
Collects a larger volume of metrics every 1 minute. | Collects specific Lambda metrics every 10 seconds. |
Consuming all the Lambda metrics might incur a higher cost. | Collecting specific Lambda metrics keeps the cost lower. |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.