ZenPacks

This ZenPack provides support for monitoring Amazon Web Services.

Releases

Version 4.0.2 - Download
Release on 2018/8/15
Requires PythonCollector ZenPack, ZenPackLib ZenPack (>=2.0.5)
Compatible with Zenoss 4.2 - 6.2 and Zenoss Cloud
Version 4.0.1 - Download
Release on 2018/2/13
Requires PythonCollector ZenPack, ZenPackLib ZenPack (>=2.0.5)
Compatible with Zenoss Core 4.2.x, Zenoss Core 5.0.x, Zenoss Core 5.1.x, Zenoss Core 5.2.x, Zenoss Resource Manager 4.2.x, Zenoss Resource Manager 5.0.x, Zenoss Resource Manager 5.1.x, Zenoss Resource Manager 5.2.x, Zenoss Resource Manager 5.3.x
Version 4.0.0 - Download
Release on 2017/10/23
Requires PythonCollector ZenPack, ZenPackLib ZenPack (>=2.0.5)
Compatible with Zenoss Core 4.2.x, Zenoss Core 5.0.x, Zenoss Core 5.1.x, Zenoss Core 5.2.x, Zenoss Resource Manager 4.2.x, Zenoss Resource Manager 5.0.x, Zenoss Resource Manager 5.1.x, Zenoss Resource Manager 5.2.x, Zenoss Resource Manager 5.3.x
Version 3.0.1 - Download
Release on 2017/08/03
Requires PythonCollector ZenPack, ZenPackLib ZenPack (>=2.0.5)
Compatible with Zenoss Core 4.2.x, Zenoss Core 5.0.x, Zenoss Core 5.1.x, Zenoss Core 5.2.x, Zenoss Resource Manager 4.2.x, Zenoss Resource Manager 5.0.x, Zenoss Resource Manager 5.1.x, Zenoss Resource Manager 5.2.x, Zenoss Resource Manager 5.3.x
Version 3.0.0 - Download
Release on 2017/05/22
Requires PythonCollector ZenPack, ZenPackLib ZenPack (>=2.0.5)
Compatible with Zenoss Core 4.2.x, Zenoss Core 5.0.x, Zenoss Core 5.1.x, Zenoss Core 5.2.x, Zenoss Resource Manager 4.2.x, Zenoss Resource Manager 5.0.x, Zenoss Resource Manager 5.1.x, Zenoss Resource Manager 5.2.x, Zenoss Resource Manager 5.3.x

Background

This ZenPack provides support for monitoring Amazon Web Services (AWS). Monitoring for the following EC2, VPC, RDS, CloudFormation and S3 entities is provided through a combination of the AWS EC2, RDS, CloudFormation and CloudWatch APIs.

This ZenPack supersedes the older ZenAWS (ZenPacks.zenoss.ZenAWS) ZenPack that was installed by default on versions of Zenoss prior to 4.2.4. Please remove ZenAWS before installing this ZenPack. This will remove the /EC2 device class and the EC2Manager device within. After installing this ZenPack, you will be able to add a new EC2 Account with much greater functionality.

Features

The features added by this ZenPack can be summarized as follows. They are each detailed further below.

  • Discovery of EC2, VPC, RDS, CloudFormation and S3 entities.
  • Monitoring of CloudWatch metrics.
  • Monitoring of Region, S3Bucket and Subnet components.
  • Event management and monitoring.
  • Optional auto-discovery and monitoring of instance guest operating systems.
  • Optional service impact with addition of Zenoss Service Dynamics product.
  • Monitoring of estimated charges for Amazon services
  • Expense Analysis broken down by tag filters and service

Discovery

The following entities will be automatically discovered through an account name, access key and secret key you provide. The attributes, tags and collections will be updated on Zenoss’ normal remodeling interval which defaults to every 12 hours.

Regions
Attributes: ID
Collections: VPCs, Subnets, Zones, Instances, Volumes, Images, Snapshots, Gateways, Reservations, Elastic IPs, SQS Queues, CF Stacks
Zones
Attributes: ID, Region, State
Collections: Instances, Volumes, Subnets
VPCs
Attributes: ID, Region, CIDR Block, State
Tags: Name, Collector
Collections: Subnets, Instances
Subnets
Attributes: ID, Region, VPC, Zone, State, CIDR Block, Available IP Address Count, Zone Default, Auto-Public IP
Tags: Name
Collections: Instances
Instances
Attributes: ID, Region, VPC, Zone, Image, Subnet, State, Instance ID, Tag, Instance Type, Instance Type Details, Platform, Public DNS Name, Private IP Address, Public IP, Launch Time, Guest Device
Tags: Name
Collections: Volumes
Other: Guest Device (if monitored by Zenoss)
Volumes
Attributes: ID, Region, Zone, Instance, Type, Created Time, Size, IOPS, Status, Attach Data Status, Attach Data Device
Tags: Name
Collections: Snapshots
Elastic IPs
Attributes: ID, Region, Public IP, Private IP, Instance ID, Domain, Network interface ID, Network interface owner ID
Tags: Name
SQS Queues
Attributes: ID, Region
Tags: Name
S3 Buckets
Attributes: ID, Creation date
Tags: Name
Snapshots
Attributes: ID, Region, Volume, Volume size in Bytes, Progress, Started, Description
Tags: Name
VPN Gateways
Attributes: ID, Region, Gateway type, State
Tags: Name
Images
Attributes: ID, Region, Status, Location, Owner ID, Architecture, Image type, Kernel ID, Ramdisk ID, Description, Block device mapping, Root device type, Root device name, Virtualization type, Hypervisor
Tags: Name
Reserved Instances
Attributes: ID, Region, Zone, State, Instance Type, Reserved Instance ID
Tags: Name
RDS Instances
Attributes: ID, Region, Zone, State, Instance ID, Instance Type, Parameters Groups, Security Groups, Engine, Engine Version, VPC, VPC Subnets
Tags: Name
RDS Security Group
Attributes: ID, Region, Owner ID, Description, EC2 Groups, IP Ranges
Tags: Name
CF Stacks
Attributes: ID, Description, Creation Time, Disable Rollback, Notification ARNs, Capabilities, Tags, Status, Status Reason, Timeout, Policy, Template, Parameters, Outputs
Tags: Name
Collections: CF Resources
CF Resources
Attributes: ID, Resource Type, Timestamp, Description, Logical Resource ID, Physical Resource ID, Status, Status Reason:
Tags: Name

Monitoring

The following metrics will be collected every 5 minutes by default. Any other CloudWatch metrics can also be collected by adding them to the appropriate monitoring template. The Average statistic is collected, and the graphed value is per second for anything that resembles a rate.

Account
Metrics: EstimatedCharges, EC2EstimatedCharges, S3EstimatedCharges, RDSEstimatedCharges, DynamoDBEstimatedCharges, LightsailEstimatedCharges, RedshiftEstimatedCharges, SESEstimatedCharges, SNSEstimatedCharges, CloudTrailEstimatedCharges, DataTransferEstimatedCharges, QueueServiceEstimatedCharges, KmsEstimatedCharges
Regions
Metrics: CPUUtilization, DiskReadOps, DiskWriteOps, DiskReadBytes, DiskWriteBytes, NetworkIn, NetworkOut
Note: These metrics aggregated only for EC2 Instances with detailed monitoring enabled
Instances
Metrics: CPUUtilization, DiskReadOps, DiskWriteOps, DiskReadBytes, DiskWriteBytes, NetworkIn, NetworkOut, StatusCheckFailed_Instance, StatusCheckFailed_System, CheckReserved
Volumes
Metrics: VolumeReadBytes, VolumeWriteBytes, VolumeReadOps, VolumeWriteOps, VolumeTotalReadTime, VolumeTotalWriteTime, VolumeIdleTime, VolumeQueueLength
Provisioned IOPS Metrics: VolumeThroughputPercentage, VolumeReadWriteOps
S3 Buckets
Metrics: BucketTotalSize, BucketKeysCount
RDS Instances
Metrics: CPUUtilization, FreeableMemory, FreeStorageSpace, SwapUsage, ReadIOPS, WriteIOPS, DatabaseConnections, DiskQueueDepth

The Amazon CloudWatch datasource type also allows for the collection of any other CloudWatch metric.

Besides CloudWatch metrics, the following metrics will also be collected every 5 minutes by default.

Subnets
Metrics: Available IP Adresses count

Monitoring large cloud may require to contact AWS support with request to increase CloudWatch API requests limit. Appropriate event will be created in Zenoss in case limit for CloudWatch requests has been exceeded.

CloudWatch datasources utilize multithreading for better performance. It is possible to increase speed by setting twistedthreadpoolsize value in configuration of zenpython daemon. Please note that setting higher value will result also in bigger memory usage.

Collection interval my be changed using zAWSCloudWatchCollectionInterval property. By default it is set to 300 seconds. This will affect most of Amazon CloudWatch datasources and may help in reducing monitoring costs.

SQS Queue Messages Monitoring

Zenoss only reads the messages for each SQS Queue and will show them as Zenoss Events.

Zenoss SQS Message Event Fields

  • device (set to EC2Account)
  • component (SQS Queue)
  • summary (subject or notificationType)
  • message (message body)
  • severity
  • eventKey (MessageId)

By default all generated events are mapped to /AWS/SQSMessage event class.

SQS Events generated might be delayed in their creation due to Amazons use of short polling by default.

Events will be sent only for messages created after previous monitoring cycle. This prevents from flooding Zenoss Events console with historical SQS messages.

CloudFormation Events Monitoring

Monitoring plugin collects CloudFormation Events for each CF Stack and shows them as Zenoss Events with the same time. Also it updates status of CF Stack or CF Resource component it belongs.

Standard Zenoss Event Fields

  • device (set to EC2Account)
  • component (CF Stack)
  • summary
  • severity
  • eventClassKey (set to CFStackEvents)
  • eventKey (for de-duplication and auto-clear fingerprinting)

Additional Fields

  • aws.cf.event_id
  • aws.cf.logical_resource_id
  • aws.cf.physical_resource_id
  • aws.cf.resource_properties
  • aws.cf.resource_status
  • aws.cf.resource_status_reason
  • aws.cf.resource_type
  • aws.cf.stack_id
  • aws.cf.stack_name

CREATE_FAILED and DELETE_FAILED events have CRITICAL severity, all others INFO one.

By default all generated events are mapped to /AWS/CloudFormation event class.

Once the event is sent, it will not be sent again. If the user clears the event, it will not reappear again.

In case zAWSCloudFormationEventsAutoClear zProperty set to True for each CREATE_COMPLETE and DELETE_COMPLETE corresponding autoclear event will be generated to clear previous CRITICAL ones.

Zenoss Notifications with SES

Notifications for events now have the option to be sent with email using Amazon SES.

In addition to the standard email notification fields you will need to fill out the following additional fields.

  • AWS Account Name
  • AWS Region
  • AWS Access key
  • AWS Secret key

The senders email and the email of the subscribers must be verified within SES for the target region.

Soft Limits Monitoring

The following resource counts subject to the soft-limits will be collected every 5 minutes and when any of these metrics approaches a soft limit threshold, a Zenoss event will be triggered.

Regions
Soft Limit Metrics: Elastic IPs count, Instances count, Subnets count, VPC Security Groups count, VPC Security Groups Rules max, Volumes count

The thresholds are set to the default limit values. If you changed this limit for your account, you should manually change the Max threshold value using the following steps:

  1. Navigate to Monitoring Templates (Advanced panel).
  2. Click EC2Region and find RegionsSoftLimits among Data Sources.
  3. On the Thresholds panel choose the resources count to be changed.
  4. Double click on the resources count and change the value in the Maximum Value field.

Guest Device Discovery

You can optionally configure each monitored AWS account to attempt to discover and monitor the guest Linux or Windows operating systems running within each EC2 instance, when specific Tags are present. This requires that your Zenoss system has the network and server access it needs to monitor the guest operating system. VPC and non-VPC modes are supported.

The guest operating system devices’ life-cycle are managed along with the instance. For example, the guest operating system device is set to a decommissioned production state when the EC2 instance is stopped, and the guest operating system device is deleted when the EC2 instance is destroyed.

Service Impact

When combined with the Zenoss Service Dynamics product, this ZenPack adds built-in service impact capability for services running on AWS. The following service impact relationships are automatically added. These will be included in any services that contain one or more of the explicitly mentioned entities.

Service Impact Relationships

  • Account access failure impacts all regions.
  • Region failure affects all VPCs and zones in affected region.
  • VPC failure affects all related subnets.
  • Zone failure affects all related subnets, instances, RDS Instances and volumes.
  • Subnet failure affects all instances on affected subnet.
  • Volume failure affects any attached instance.
  • Instance failure affects the guest operating system device.
  • SQSQueue, VPNGateway, or EC2ElasticIP failure affects any related region.
  • S3Bucket failure affects related account.
  • Each component affects corresponding CF Resource if it has any
  • CF Resource failure affects CF Stack

Tag Filters

The ZenPack now provides a way to group and collect AWS components on an account based on AWS Tags. You can define a tag filter by navigating to your AWS account device and selecting “Add AWS Tag Filter” from the “+” menu in the lower left corner of the screen. On the dialog that pops up, give your Tag Filter a name, and select the tag you want to track. You can combine multiple tags with the AND and OR operators. You can also generate a Component Group based on the Tag Filter. Click Submit when finished.

The Tag Filter will be visible in the the navigation bar area, and the “AWS Tag Filters” section. This will allow you to view all components of any type matched by the filter, along with their graphs.

In addition, you can use this Tag Filter to view billing information for the group of components in the Expenses Analysis section (see Expense Analysis).

The AWS Tag Filters use a special monitoring template, TagFilter, which is not visible in the device-level monitoring template section, but is visible if you go to Advanced > Monitoring Templates. From here, you can add modify the template, should you need to do so.

Estimated charges monitoring

To turn on monitoring of charges for Amazon services one should enable EstimatedCharges monitoring template for AWS device. This will add graphs with billing information into device overview page and on Expenses Analysis page.

Account Billing Overview
Account Billing Overview

To control spendings limit zAWSBillingCostThreshold zProperty should be used. It is set to 1000 by default. This property sets threshold for bullet-like billing graph to turn red and used in “Billing Cost” threshold as well. Event is generated if spendings go over it’s value.

Billing graphs shows estimated charges for whole account and detailed charges per service. Top 10 services displayed on pie chart.

This ZenPack uses linear interpolation to predict total per month charges and this information displayed on device overview page as well.

Expense Analysis

You can track AWS usage charges for a given tag or tag group, and grouped by specific services. In order to set this up, you must create a Tag Filter to match the tag or tags in which you are intested in. And then you must configure detailed billing reports in your AWS account. See Configuring Charges Per Tags Monitoring for details.

Expenses Analysis
Expenses Analysis

Cloudwatch API Cost

This zenpack uses the Amazon Cloudwatch API to collect metric data. The first 1,000,000 calls to this API each month are free, and then additional calls are charged at a rate of $0.01 per 1,000 calls. For specific pricing questions, see AWS Cloudwatch Pricing.

A report is provided (Reports -> AWS Reports -> Monitoring Costs) to provide a detailed breakdown of API calls and estimated cost per monitoring template on each monitored EC2 Account.

CloudFormation Stacks Blueprints

CloudFormation Stacks Blueprints provides graphical representation of all Stacks templates. The same way as it’s done in AWS Console.

Stacks Blueprints
Stacks Blueprints

At start only stacks are shown. Double click on the node expandes stacks and shows its resources. Also buttons for quick expanding and collapsing all visible stacks are available.

The set of visible stacks can be narrowed down by regions and stack’s name filters. Stack name filter sets the fragment needs to be present in stack’s name. After setting filters Refresh button should be pressed to apply changes.

Each node in stack is resource defined in template. First row of text specifies name of resource defined in template, the second one is type of resource and the last is id of deployed AWS entity.

By default diagram only shows resources were deployed, to show all resources Show Undeployed Resources checkbox can be used.

Links represent dependencies between resources (e.g. EC2 Instances refer Security Groups).

There also are separate blueprints for each CF Stack component.

Usage

Adding AWS Accounts

Use the following steps to start monitoring EC2 using the Zenoss web interface.

  1. Navigate to the Infrastructure page.
  2. Choose Add EC2 Account from the add device button.
  3. Enter your AWS account id, account name, access key and secret key.
  4. Optionally choose a collector other than the default localhost.
  5. Click Add.

Alternatively you can use zenbatchload to add accounts from the command line. To do this, you must create a file with contents similar to the following. Replace all values in angle brackets with your values minus the brackets. Multiple accounts can be added under the same /Device/AWS/EC2 section.

/Devices/AWS/EC2 loader='ec2account', loader_arg_keys=['accountid', 'devicename', 'accesskey', 'secretkey', 'devicePath', 'collector']
<devicename> accountid='accountid', devicename='devicename', accesskey='accesskey', secretkey='secretkey', devicePath='/Devices/AWS/EC2', collector='localhost'

You can then load the account(s) with the following command:

$ zenbatchload <filename>

Configuring filter for modeler plugin

Use zAWSRegionToModel property to narrow components modeled. By default it has empty value, so all EC2 regions and it’s child components will be discovered. Specify EC2 region name, or multiple names separated by comma in it. This will be used as a filter and may help with large AWS accounts.

Configuring Guest Device Discovery

Use the following steps to configure instance guest device discovery. Guest device discovery must be configured individually for each EC2 account.

  1. Navigate to one of the EC2 accounts.
  2. Click the edit link beside Device Class for Discovered Linux Instances
  3. Choose the device class for Linux and/or Windows instances.
  4. Navigate to the Configuration Properties panel and in the zAWSDiscover property specify the instances’ tags and values (e.g. <tag:value>;).
  5. Verify that appropriate SSH, SNMP or Windows credentials are configured for the chosen device class(es).
  6. To choose private or public IP address will be used for creating guest device, change the zAWSGuestUsePublicIPs property.
  7. To populate the guest devices’ titles based on an AWS tag from the instance, set the tag name in the zAWSGuestDeviceTitleTag property. By default, device title will be populated from the instance title. Note: tags are case sensitive.
  8. Remodel the EC2 account by choosing Model Device from its menu.

If your instances are VPC instances, and are in a different VPC than the Zenoss server that’s monitoring the EC2 account, you must add a Collector tag to containing VPC with the value set to the name of the Zenoss collector to which discovered guest devices should be assigned.

Example:

  1. If zAWSDiscover was filled with the value Test:test; after modeling all the devices with the tag Test:test will be discovered
  2. If zAWSDiscover was filled with the value Test1:test1;Test2:test2 after modeling all the devices with either of the tag will be discovered

Configuring Remote Collector for Guest Devices

You can optionally configure an alternate remote collector for the devices created from AWS Instances with the following configuration properties:

zAWSGuestCollector
This property allows you to specify the name of the collector all discovered devices for this AWS device will use.
zAWSResetGuestCollector
Setting this property to false on guest device (not EC2 Account) will tell AWS not to change the collector if you have set it manually.

Find Missing Guest Devices

Guest devices should be discovered automatically during modeling. However, if an error occurs during modeling, or some other unexpected event, it is possible for guest devices to be skipped. If some guest devices appear to be missing, you can force the discovery process to be repeated.

In the Zenoss UI, navigate to your AWS EC2 Account device, and find the gear icon menu in the bottom left corner of the window. Under the this menu, click the option labeled “Find Missing Guest Devices.” This will schedule a job for immediate exection, which will clear the guest ID cache and run the discovery process for each instance. Existing guest devices will remain, but any devices previously missed will be detected. You can monitor the progress of this job in the Jobs section of the UI, under the Advanced Tab.

Reasons a Guest Device Fails to be Discovered

Several criteria must be met in order for a guest device to be discovered by the AWS ZenPack. Those requirements are as follows:

  • The instance must contain a tag listed in the zAWSDiscover configuration property.
  • Guest device classes must be defined. See the “Device Class for Discovered Linux Instances” and “Device Class for Discovered Windows Instances” fields on the Device Overview page.
  • The guest must have a valid collector, either from the EC2 Instance’s VPC, from the zAWSGuestCollector, or the default collector for the AWS account device.
  • The guest must have a valid manageIP, either the EC2 Instance’s private IP, public IP, or its DNS name.
  • The EC2 Instance’s guest property must be set. This should be set automatically. If you believe it is set improperly, use the Find Missing Guest Devices feature described above.
  • The EC2 Instance’s _has_guest must be false. This should be set automatically. If you believe it is set improperly, use the Find Missing Guest Devices feature described above.
  • The guest device ID must not be previously cached in the AWS account’s guest device ID cache. This should be handled automatically. If you believe it is set improperly, use the Find Missing Guest Devices feature described above.

If all the criteria above are met by the EC2 Instance, and an existing device with and ID or title matching the EC2 Instance’s ID exists, or an existing device has a matching IP address, the EC2 Instance will be linked to that existing device.

If no existing device matches the EC2 Instance, but the criteria above are met, a new device will be created in the Linux or Windows device class configured for the account.

Note that guest device creation is triggered during modeling, but is queued as a job to be run later. Thus a guest device will not show up until after modeling has completed, and the corresponding scheduled job has completed.

If a device link appears to be missing, double check the criteria above, and run the Find Missing Guest Devices task described in the preceding section.

When creating guest devices a job should be scheduled for each guest device to be created. If a job was created for the guest device, but the guest device was not created, you can check the job output in the Jobs section of Zenoss.

If a job was not created, you can try running the modeler in debug mode to see why guest device creation was skipped.

Configuring Instances Remodeling

You can optionally configure your monitored AWS account, so that the newly added or recently dropped instances are automatically reflected on Zenoss UI during monitoring:

  1. Navigate to the Configuration Properties panel.
  2. Enable the zAWSRemodelEnabled property.

If zAWSRemodelEnabled is false, only the instance state will be updated on existing instances. If set to true, then all instance properties will be updated on existing instances, and new instances will be added to the model.

Configuring Auto Change of the Production State for EC2 Instances

You can disable auto change of the production state for EC2 Instances, for this purpose you have to:

  1. Click on the Infrastructure tab.
  2. Select discovered EC2 Instances or the appropriate device classes, in case you want to change the behaviour for a group of underlying EC2 instances.
  3. Navigate to the Configuration Properties panel.
  4. Change the zAWSAutoChangeProdState property (default is true).

By default, the production state is changed to ‘Production’ (1000) for running EC2 instances, and to ‘Decommissioned’ (-1) for stopped ones. These states may be customized by specifying the desired production state IDs (numbers) in zAWSAutoChangeProdStateRunning and zAWSAutoChangeProdStateStopped.

PEM file

Use the following steps to specify the PEM file to region for use in auto-discovering instance guest operating systems:

  1. Navigate to the Configuration Properties panel.
  2. Set region name and path to PEM file in the appropriate fields of zAWSRegionPEM property (see image below).
zAWSRegionPEM Property
zAWSRegionPEM Property

Disable AWS Snapshot Monitoring

In some cases, you may have a large quantity of AWS Snapshots in your environment, which can slow down performance of the modeler. If you do not need to model them, you can disable collection of snapshots by setting the zAWSEnableSnapshotCollection property to false. This will prevent the modeler from collecting and modeling snapshots in future. It will also cause current snapshot components to be removed from Zenoss the next time the model is updated.

If you have already modeled your AWS snapshots, and the count is high, removing them can cause the modeler to timeout. If this occurs, you can remove them manually by running the included dmd script delete_all_snapshot_components from the zope container.

Note: The delete_all_snapshot_component script will delete all AWS snapshot components from all AWS devices without prompting for confirmation. If you have multiple AWS devices and only want to delete snapshots from some devices, use zendmd.

Configuring Charges Per Tags Monitoring

If you use tag filters to organize your modeled AWS components, you may also want to enable monitoring charges per tag filter added to Zenoss. This will require configuration on both AWS and Zenoss sides.

To process Cost and Usage reports AWS Athena service is used, so please expect some extra costs for the service usage.

Configuration on AWS side (you may use a different account to collect billing data from the account being used for monitoring, by using zAWSBillingAccessKey and zAWSBillingSecretKey zProperties):

  1. Activate User-Defined Cost Allocation Tags according to AWS documentation. Choose tags you use to filter components.
  2. Turn on the AWS Cost and Usage report according to AWS documentation. There is no need to enable Redshift or QuickSight manifests.
  3. Grant read permissions for S3 bucket reports to be delivered to AWS account configured in Zenoss.
  4. Grant AWS user used in Zenoss access to use AWS Athena service. Please see details in the documention.

Note: It can take up to 24 hours for AWS to start delivering reports to your S3 bucket.

For configuration on Zenoss side set the next zProperties:

  • zAWSBillingReportS3Bucket: S3 Bucket name of Cost and Usage reports to be delivered (e.g. aws-billing-master).
  • zAWSBillingReportPrefix: Report path prefix prepended to reports. Can be empty.
  • zAWSBillingReportName: Report name
  • zAWSBillingAthenaResultsS3Bucket: S3 Bucket AWS Athena will use to store query results. For details please check AWS documentation.
  • zAWSBillingAthenaRegion: Region which will be used to run AWS Athena. To avoid extra charges for cross region data transfer, it’s recommended to use the same region as S3 Bucket with Cost and Usage reports.

If Cost and Usage reports are stored on separate account, zAWSBillingAccessKey and zAWSBillingSecretKey zProperties should be set to access and secret keys of this account. If these properties are empty, access and secret key from device will be used.

If a tag is used for Tag Filter, but is missing in Cost and Usage reports, billing data will not be collected for such Tag Filter and corresponding Info event with list of missing tags will be generated.

Configuring HTTP Proxies

If necessary, this zenpack can query AWS through an HTTP proxy. This is configured in the usual way, by setting the *_proxy environment variables. Because of this, the setting is global for a particular zenoss process. It is therefore important to be aware that, for instance, enabling proxying for zenpython may cause it to be used for other service monitoring beyond just AWS.

To configure these environment variables, edit the service definitions (via ‘serviced service edit’ or the Control Center UI) for the zenpython, zenmodeler, and zenjobs containers as follows:

Change

   "Environment": null,

to:

    "Environment": [
        "http_proxy=http://[proxy host]:[proxy port]",
        "https_proxy=http://[proxy host]:[proxy port]",
        "no_proxy=localhost"
    ],

Note that both http_proxy and https_proxy values must begin with http://. The no_proxy variable is required so that communication with other zenoss services is not impacted.

Note: Do not add this to the zope container.

Installed Items

Installing this ZenPack will add the following items to your Zenoss system.

Device Classes

  • /AWS
  • /AWS/EC2

Configuration Properties

  • zAWSDiscover
  • zAWSRegionPEM
  • zAWSRemodelEnabled
  • zAWSAutoChangeProdState
  • zAWSAutoChangeProdStateRunning
  • zAWSAutoChangeProdStateStopped
  • zAWSGuestCollector
  • zAWSResetGuestCollector
  • zAWSGuestUsePublicIPs
  • zAWSRegionToModel
  • zAWSCloudWatchSSL
  • zAWSCloudWatchMaxParallel
  • zAWSCloudWatchMaxRetries
  • zAWSBillingCostThreshold
  • zAWSCloudFormationEventsAutoClear
  • zAWSEnableSnapshotCollection
  • zAWSGuestDeviceTitleTag
  • zAWSBillingAccessKey
  • zAWSBillingSecretKey
  • zAWSBillingReportS3Bucket
  • zAWSBillingReportPrefix
  • zAWSBillingReportName
  • zAWSBillingAthenaResultsS3Bucket
  • zAWSBillingAthenaRegion
  • zAWSCloudWatchCollectionInterval

Modeler Plugins

  • aws.EC2
  • aws.RDS
  • aws.S3Buckets
  • aws.CloudFormation

Datasource Types

  • Amazon CloudWatch
  • AWSDataSource
  • Tag Filter Billing Report

Monitoring Templates

  • EstimatedCharges (in /AWS/EC2)
  • EC2Region (in /AWS/EC2)
  • EC2Instance (in /AWS/EC2)
  • EC2Instance-Detailed (in /AWS/EC2)
  • EC2Volume (in /AWS/EC2)
  • EC2Volume-IOPS (in /AWS/EC2)
  • EC2Image (in /AWS/EC2)
  • EC2VPC (in /AWS/EC2)
  • EC2VPCSubnet (in /AWS/EC2)
  • EC2Snapshot (in /AWS/EC2)
  • EC2Zone (in /AWS/EC2)
  • S3Bucket (in /AWS/EC2)
  • SQSQueue (in /AWS/EC2)
  • EC2ReservedInstance (in /AWS/EC2)
  • VPNGateway (in /AWS/EC2)
  • RDSInstance (in /AWS/EC2)
  • CFStack (in /AWS/EC2)
  • TagFilter (in /AWS/EC2)

Device Types

  • EC2Account (in /AWS/EC2)

Component Types

  • EC2Region (on EC2Account)
  • EC2VPC (on EC2Region)
  • EC2VPCSubnet (on EC2Region)
  • EC2Zone (on EC2Region)
  • EC2Instance (on EC2Region)
  • EC2Volume (on EC2Region)
  • EC2Image (on EC2Region)
  • EC2Snapshot (on EC2Region)
  • SQSQueue (on EC2Region)
  • VPNGateway (on EC2Region)
  • EC2ReservedInstance (on EC2Region)
  • S3Bucket (on EC2Account)
  • Elastic IP (on EC2Region)
  • RDSInstance (on EC2Region)
  • RDSSecurityGroup (on EC2Region)
  • CFStack (on EC2Region)
  • CFResource (on CFStack)

Event Classes

  • /AWS/SQSMessage
  • /AWS/Suggestion
  • /AWS/CloudFormation

Reports

  • /AWS Reports/Monitoring Costs

Required Daemons

Modeler:

  • zenmodeler

Performance Collector:

  • zenpython

IAM Permissions

{
  "Statement": [
    {
      "Action": [
        "autoscaling:Describe*",
        "cloudformation:DescribeStacks",
        "cloudformation:DescribeStackEvents",
        "cloudformation:DescribeStackResources",
        "cloudformation:GetTemplate",
        "cloudformation:GetStackPolicy",
        "cloudfront:Get*",
        "cloudfront:List*",
        "cloudwatch:Describe*",
        "cloudwatch:Get*",
        "cloudwatch:List*",
        "directconnect:Describe*",
        "dynamodb:GetItem",
        "dynamodb:BatchGetItem",
        "dynamodb:Query",
        "dynamodb:Scan",
        "dynamodb:DescribeTable",
        "dynamodb:ListTables",
        "ec2:Describe*",
        "elasticache:Describe*",
        "elasticbeanstalk:Check*",
        "elasticbeanstalk:Describe*",
        "elasticbeanstalk:List*",
        "elasticbeanstalk:RequestEnvironmentInfo",
        "elasticbeanstalk:RetrieveEnvironmentInfo",
        "elasticloadbalancing:Describe*",
        "iam:List*",
        "iam:Get*",
        "route53:Get*",
        "route53:List*",
        "rds:Describe*",
        "rds:List*",
        "s3:Get*",
        "s3:List*",
        "sdb:GetAttributes",
        "sdb:List*",
        "sdb:Select*",
        "ses:Get*",
        "ses:List*",
        "sns:Get*",
        "sns:List*",
        "sqs:GetQueueAttributes",
        "sqs:ListQueues",
        "sqs:ReceiveMessage",
        "sqs:GetQueueUrl",
        "storagegateway:List*",
        "storagegateway:Describe*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

Upgrade

The AWS Zenpack of versions 2.0.0 / 2.1.0 can be upgraded. To upgrade the ZenPack, install the latest version over the existing one. There is no action for the user to migrate the data. The performance data and events of old ZenPack are retained as per the retain policy settings.

During upgrade from version 2.x to 3.0.0 and above all performance data for S3 Buckets will be lost.

When upgrading from 3.x to 4.x, tags are structured differently. Devices must be remodeled to handle tags properly.

Limitations

In the current version of Zenpack monitoring of large AWS account (e.g. >1000 EC2 instances and volumes) may cause performance issues:

  • Limit for datapoints processed by zenpython daemon may be exceeded. This will result in gaps in graphs.
  • Monitoring cycle may not fit into default value of 5 minutes. This will result for some points on graphs to be not aligned by 5 minutes interval.
  • Having more than one AWS account added into Zenoss may lead to issues described above.
  • zenpython may consume more memory than allocated in Control Center for its service. What will require to increase RAM Requested parameter on Control Center UI.

It is possible to reduce number of datapoints collected by disabling monitoring templates you don’t need.

Known Issues

ZPS-1533

  • “TypeError” flare may be shown when attempting to add a device after upgrading from an older version of the zenpack on Zenoss 5.x
  • If this error is encountered, restarting the zproxy service (by restarting) top-level “Zenoss.resmgr” application in Control Center. It is not necessary to restart the child services.

ZPS-1510

  • “No such file or directory” error event may appear in Events console after upgrading from an older version of the zenpack on Zenoss 4.2.x / 5.x.
  • If this event is present, close it manually.

ZPS-2281

  • When upgrading AWS ZenPack from versions prior to 4.0.0 to newer versions, the schema for tag storage was modified. AWS devices must be remodeled before tags will show up properly.

ZPS-2342

  • When increasing zAWSCloudWatchCollectionInterval on Zenoss 4.2.x it may result in gaps on some graphs (Instances, Volumes, RDS Instances, etc). This is due to a way monitoring data saved in RRD files. Removing these RRD files may help. Files are located in “ZEN_HOME/perf/Devices/[AWS_DEVICE_NAME]”" directory. For example, “/opt/zenoss/perf/Devices/myaws”.

Changes

4.0.2

  • Handle CloudFormation templates where a stack output has no description (ZPS-3181)
  • Upgrade to botocore 1.8.41 / boto3 1.5.27
  • Fix type of the ec2secretkey property (ZEN-29852)
  • AWS Prediction charges time is ‘undefined’ on overview page (ZEN-30367)
  • Styling updates and fixes for Zenoss Cloud
  • Change event class for Billing Cost threshold (ZPS-3838)
  • Handle Cloud Formation Stack Outputs witout a ‘Description’ field (ZPS-3181)
  • Updated documentation with IAM permissions required to model SQS successfully (ZPS-3268)
  • Tested with Zenoss Cloud, Zenoss Resource Manager 6.2.0, 5.3.3 and Service Impact 5.3.1

4.0.1

  • Avoid duplicate events created from SQS messages by querying based on timestamp. (ZPS-2364)
  • Update botocore endpoint list to reflect new regions and AWS services (ZPS-3037)
  • Tested with Zenoss Resource Manager 4.2.5 RPS 743, Zenoss Resource Manager 5.3.3, Zenoss Resource Manager 6.1.0 and Service Impact 5.2.3.

4.0.0

  • Allow filtering of components by AWS tags.
  • Optionally populate Component Groups based on tag filters
  • Monitoring billing information aggregated by tags
  • Added zAWSCloudWatchCollectionInterval (default to 300) to simplify configuration of default collection interval for all Amazon CloudWatch datasources
  • Fixed incorrectly scaled percentage values in the Volume ‘Time’ graph. (ZPS-2247)
  • Improve the managing of guest device production states when zAWSAutoChangeProdState is enabled. When an instance is restarted, restore its previous production state. (ZPS-1865)
  • Add support for CloudFormation YAML templates (ZPS-2201)
  • Converted to use ZPL and updated to Boto v3
  • SSL error fixed (ZPS-1739)
  • Added report “Monitoring Costs” to check estimated charges for AWS devices monitoring
  • Tested with Zenoss Resource Manager 5.3.2, Zenoss Resource Manager 4.2.5 RPS 743 and Service Impact 5.1.7

3.0.3

  • Specify dmd to use for device facade in unit test (ZEN-28777)
  • Internal-only release. No changes to production code, only unit tests

3.0.2

  • Fixed crochet requirement for unit tests, to allow platform build tests to run (ZEN-28777)
  • Internal-only release. No changes to production code, only unit tests

3.0.1

  • Fixed SSL error in S3 modeling when using proxy
  • Added zAWSEnableSnapshotCollection (default to false) to allow disabling collection of Snapshots, in order to improve modeling performance
  • Added gear menu option and job to find missing guest devices
  • Added zAWSGuestDeviceTitleTag (default to empty) to allow guest device titles to be populated based on AWS tag from instance
  • Moved guest device deletion to scheduled job to improve modeling performance and reduce database conflicts due to long transactions

3.0.0

  • CloudFormation and RDS support
  • Estimated charges monitoring
  • Add support for GovCloud (us-gov-west-1) region
  • Migrate S3 Bucket monitoring to use AWS CloudWatch

2.4.6

  • Fix broken AWS monitoring when a proxy is being used (ZPS-1260)

2.4.5

  • Update boto version shipped with the ZenPack to support new “eu-west-2” region.
  • Updated AmazonCloudWatchDataSource to use txboto.
  • Usage of AmazonCloudWatchDataSource on device level is now allowed.

2.4.4

  • Update boto version shipped with the ZenPack to support new “us-east-2” region.

2.4.3

  • Fix Region and S3 Buckets graphs inconsistencies (ZEN-17242)
  • Fix ZenPack failing on model [New Region in Mumbai] (ZEN-23892)
  • AWS ZenPack is able to collect and consume data from demo environment (ZEN-24089)
  • Proper handling for ConnectionLost, TimeoutError and other exceptions (ZEN-23901)
  • Fix EC2RegionPlugin’s traceback events (ZEN-23174)
  • Fix S3 bucket lookup / get_bucket broken for eu-central-1 (ZEN-23044)
  • Fix S3BucketPlugin’s traceback events when S3 bucket’s region is EU (ZEN-23236)
  • Account ID field is added to ‘Add EC2 Account’ dialog (ZEN-21880)
  • Add zAWSAutoChangeProdState property to have more control over EC2 Instance’s production state (ZEN-23427)

2.4.2

  • Fix intermittent graph gaps (ZEN-22337)

2.4.1

  • Fix errors encountered during monitoring of Reserved Instances (ZEN-22379)

2.4.0

  • Update boto version shipped with the ZenPack to support new “ap-northeast-2” region.
  • Improve HTTP errors and warnings.
  • Added zAWSCloudWatchMaxParallel property to configure number of concurrent cloudwatch calls.
  • Make the number of retries for cloudwatch calls configurable (zAWSCloudWatchMaxRetries property).
  • Allow modeler to set it Region explicitlty, and ignore unmodeled buckets.
  • Added path reporter for EC2Snapshots

2.3.1

  • Ignore reserved instances with a null id. (ZEN-17556).
  • Added zAWSRegionToModel property to tell RM what to model (ZEN-17374)
  • Improved zAWSRemodelEnabled and zAWSResetGuestCollector properties

2.3.0

  • Add ability for instances into VPC to use public IP address for guest device
  • Add parallel processing for CloudWatch datasources using multithreading. For large AWS installation it can be boosted by setting bigger value for “twistedthreadpoolsize” setting of PythonCollector.

2.2.2

  • Add support for Zenoss 5x.
  • Add ability for user to specify an alternate remote collector for discovered devices.
  • Update boto version shipped with the ZenPack to support signature v4.

2.2.1

  • Add support for SQS Messages, S3 Buckets, Reserved Instances, Elastic IPs, Images, VPN Gateways, Snapshots.
  • Discover instances via Layer 3 when specific Tags are present on the instance.
  • Add ability for user to upload PEM file to region for use in auto-discovering instance guest operating systems.
  • Add ability for user to enable reflecting new instances on Zenoss UI during monitoring.
  • Support multiple IP addresses per instance and add instance type details.
  • Monitor AWS Soft Limits and VPC Subnet available IP address count.
  • Update component statuses during monitoring.

2.1.0

  • Support CloudWatch metrics with multiple indexes.
  • Add “Amazon Email Host” notification type for SES notifications.

2.0.0

  • Add support for regions, zones, VPCs, subnets and volumes.
  • Add support for custom CloudWatch metrics.
  • Complete rewrite.
Commercial

This ZenPack is developed and supported by Zenoss Inc. Commercial ZenPacks are available to Zenoss commercial customers only. Contact Zenoss to request more information regarding this or any other ZenPacks. Click here to view all available Zenoss Commercial ZenPacks.

randomness