AWS

Amazon Web Services (AWS) is a subsidiary of Amazon.com that provides on-demand cloud computing platforms on a paid subscription basis. The technology allows subscribers to have at their disposal a virtual cluster of computers, available all the time, through the Internet.

Available solutions




This template is for Zabbix version: 7.0
Also available for: 6.4 6.2 6.0

Source: https://git.zabbix.com/projects/ZBX/repos/zabbix/browse/templates/cloud/AWS/aws_http?at=release/7.0

AWS by HTTP

Overview

This template is designed for the effortless deployment of AWS monitoring by Zabbix via HTTP and doesn't require any external scripts.

Requirements

Zabbix version: 7.0 and higher.

Tested versions

This template has been tested on:

  • AWS by HTTP

Configuration

Zabbix should be configured according to the instructions in the Templates out of the box section.

Setup

Before using the template, you need to create an IAM policy for the Zabbix role in your AWS account with the necessary permissions.

Add the following required permissions to your Zabbix IAM policy in order to collect metrics.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "cloudwatch:DescribeAlarms",
                "cloudwatch:GetMetricData",
                "ec2:DescribeInstances",
                "ec2:DescribeVolumes",
                "ec2:DescribeRegions",
                "rds:DescribeEvents",
                "rds:DescribeDBInstances",
                "ecs:DescribeClusters",
                "ecs:ListServices",
                "ecs:ListTasks",
                "ecs:ListClusters",
                "s3:ListAllMyBuckets",
                "s3:GetBucketLocation",
                "s3:GetMetricsConfiguration",
                "elasticloadbalancing:DescribeLoadBalancers",
                "elasticloadbalancing:DescribeTargetGroups",
                "ec2:DescribeSecurityGroups",
                "lambda:ListFunctions"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

For using assume role authorization, add the appropriate permissions to the role you are using:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::{Account}:user/{UserName}"
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudwatch:DescribeAlarms",
                "cloudwatch:GetMetricData",
                "ec2:DescribeInstances",
                "ec2:DescribeVolumes",
                "ec2:DescribeRegions",
                "rds:DescribeEvents",
                "rds:DescribeDBInstances",
                "ecs:DescribeClusters",
                "ecs:ListServices",
                "ecs:ListTasks",
                "ecs:ListClusters",
                "s3:ListAllMyBuckets",
                "s3:GetBucketLocation",
                "s3:GetMetricsConfiguration",
                "ec2:AssociateIamInstanceProfile",
                "ec2:ReplaceIamInstanceProfileAssociation",
                "elasticloadbalancing:DescribeLoadBalancers",
                "elasticloadbalancing:DescribeTargetGroups",
                "ec2:DescribeSecurityGroups",
                "lambda:ListFunctions"
            ],
            "Resource": "*"
        }
    ]
}

Next, add a principal to the trust relationships of the role you are using:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::{Account}:user/{UserName}"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

If you are using role-based authorization, add the appropriate permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": "arn:aws:iam::<<--account-id-->>:role/<<--role_name-->>"
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudwatch:DescribeAlarms",
                "cloudwatch:GetMetricData",
                "ec2:DescribeInstances",
                "ec2:DescribeVolumes",
                "ec2:DescribeRegions",
                "rds:DescribeEvents",
                "rds:DescribeDBInstances",
                "ecs:DescribeClusters",
                "ecs:ListServices",
                "ecs:ListTasks",
                "ecs:ListClusters",
                "s3:ListAllMyBuckets",
                "s3:GetBucketLocation",
                "s3:GetMetricsConfiguration",
                "ec2:AssociateIamInstanceProfile",
                "ec2:ReplaceIamInstanceProfileAssociation",
                "elasticloadbalancing:DescribeLoadBalancers",
                "elasticloadbalancing:DescribeTargetGroups",
                "ec2:DescribeSecurityGroups",
                "lambda:ListFunctions"
            ],
            "Resource": "*"
        }
    ]
}

Next, add a principal to the trust relationships of the role you are using:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "ec2.amazonaws.com"
                ]
            },
            "Action": [
                "sts:AssumeRole"
            ]
        }
    ]
}

Note, Using role-based authorization is only possible when you use a Zabbix server or proxy inside AWS.

To gather Request metrics, enable Requests metrics on your Amazon S3 buckets from the AWS console.

Set the macros: {$AWS.AUTH_TYPE}. Possible values: access_key, assume_role, role_base.

If you are using access key-based authorization, set the following macros: {$AWS.ACCESS.KEY.ID}, {$AWS.SECRET.ACCESS.KEY}.

If you are using access assume role authorization, set the following macros: {$AWS.ACCESS.KEY.ID}, {$AWS.SECRET.ACCESS.KEY}, {$AWS.STS.REGION}, {$AWS.ASSUME.ROLE.ARN}.

For more information about managing access keys, see official documentation.

Refer to the Macros section for a list of macros used for LLD filters.

Additional information about the metrics and used API methods:

Macros used

Name Description Default
{$AWS.DATA.TIMEOUT}

A response timeout for an API.

60s
{$AWS.PROXY}

Sets HTTP proxy value. If this macro is empty then no proxy is used.

{$AWS.ACCESS.KEY.ID}

Access key ID.

{$AWS.SECRET.ACCESS.KEY}

Secret access key.

{$AWS.AUTH_TYPE}

Authorization method. Possible values: access_key, assume_role, role_base.

access_key
{$AWS.REQUEST.REGION}

Region used in GET request ListBuckets.

us-east-1
{$AWS.DESCRIBE.REGION}

Region used in POST request DescribeRegions.

us-east-1
{$AWS.STS.REGION}

Region used in assume role request.

us-east-1
{$AWS.ASSUME.ROLE.ARN}

ARN assume role; add when using the assume_role authorization method.

{$AWS.EC2.LLD.FILTER.NAME.MATCHES}

Filter of discoverable EC2 instances by namespace.

.*
{$AWS.EC2.LLD.FILTER.NAME.NOT_MATCHES}

Filter to exclude discovered EC2 instances by namespace.

CHANGE_IF_NEEDED
{$AWS.EC2.LLD.FILTER.REGION.MATCHES}

Filter of discoverable EC2 instances by region.

.*
{$AWS.EC2.LLD.FILTER.REGION.NOT_MATCHES}

Filter to exclude discovered EC2 instances by region.

CHANGE_IF_NEEDED
{$AWS.ECS.LLD.FILTER.NAME.MATCHES}

Filter of discoverable ECS clusters by name.

.*
{$AWS.ECS.LLD.FILTER.NAME.NOT_MATCHES}

Filter to exclude discovered ECS clusters by name.

CHANGE_IF_NEEDED
{$AWS.ECS.LLD.FILTER.STATUS.MATCHES}

Filter of discoverable ECS clusters by status.

ACTIVE
{$AWS.ECS.LLD.FILTER.STATUS.NOT_MATCHES}

Filter to exclude discovered ECS clusters by status.

CHANGE_IF_NEEDED
{$AWS.S3.LLD.FILTER.NAME.MATCHES}

Filter of discoverable S3 buckets by namespace.

.*
{$AWS.S3.LLD.FILTER.NAME.NOT_MATCHES}

Filter to exclude discovered S3 buckets by namespace.

CHANGE_IF_NEEDED
{$AWS.RDS.LLD.FILTER.NAME.MATCHES}

Filter of discoverable RDS instances by namespace.

.*
{$AWS.RDS.LLD.FILTER.NAME.NOT_MATCHES}

Filter to exclude discovered RDS instances by namespace.

CHANGE_IF_NEEDED
{$AWS.RDS.LLD.FILTER.REGION.MATCHES}

Filter of discoverable RDS instances by region.

.*
{$AWS.RDS.LLD.FILTER.REGION.NOT_MATCHES}

Filter to exclude discovered RDS instances by region.

CHANGE_IF_NEEDED
{$AWS.ECS.LLD.FILTER.REGION.MATCHES}

Filter of discoverable ECS clusters by region.

.*
{$AWS.ECS.LLD.FILTER.REGION.NOT_MATCHES}

Filter to exclude discovered ECS clusters by region.

CHANGE_IF_NEEDED
{$AWS.ELB.LLD.FILTER.NAME.MATCHES}

Filter of discoverable ELB load balancers by name.

.*
{$AWS.ELB.LLD.FILTER.NAME.NOT_MATCHES}

Filter to exclude discovered ELB load balancers by name.

CHANGE_IF_NEEDED
{$AWS.ELB.LLD.FILTER.REGION.MATCHES}

Filter of discoverable ELB load balancers by region.

.*
{$AWS.ELB.LLD.FILTER.REGION.NOT_MATCHES}

Filter to exclude discovered ELB load balancers by region.

CHANGE_IF_NEEDED
{$AWS.ELB.LLD.FILTER.STATE.MATCHES}

Filter of discoverable ELB load balancers by status.

active
{$AWS.ELB.LLD.FILTER.STATE.NOT_MATCHES}

Filter to exclude discovered ELB load balancer by status.

CHANGE_IF_NEEDED
{$AWS.LAMBDA.LLD.FILTER.REGION.MATCHES}

Filter of discoverable Lambda functions by region.

.*
{$AWS.LAMBDA.LLD.FILTER.REGION.NOT_MATCHES}

Filter to exclude discovered Lambda functions by region.

CHANGE_IF_NEEDED
{$AWS.LAMBDA.LLD.FILTER.RUNTIME.MATCHES}

Filter of discoverable Lambda functions by Runtime.

.*
{$AWS.LAMBDA.LLD.FILTER.RUNTIME.NOT_MATCHES}

Filter to exclude discovered Lambda functions by Runtime.

CHANGE_IF_NEEDED
{$AWS.LAMBDA.LLD.FILTER.NAME.MATCHES}

Filter of discoverable Lambda functions by name.

.*
{$AWS.LAMBDA.LLD.FILTER.NAME.NOT_MATCHES}

Filter to exclude discovered Lambda functions by name.

CHANGE_IF_NEEDED

LLD rule S3 buckets discovery

Name Description Type Key and additional info
S3 buckets discovery

Get S3 bucket instances.

Script aws.s3.discovery

LLD rule EC2 instances discovery

Name Description Type Key and additional info
EC2 instances discovery

Get EC2 instances.

Script aws.ec2.discovery

LLD rule RDS instances discovery

Name Description Type Key and additional info
RDS instances discovery

Get RDS instances.

Script aws.rds.discovery

LLD rule ECS clusters discovery

Name Description Type Key and additional info
ECS clusters discovery

Get ECS clusters.

Script aws.ecs.discovery

LLD rule ELB load balancers discovery

Name Description Type Key and additional info
ELB load balancers discovery

Get ELB load balancers.

Script aws.elb.discovery

LLD rule Lambda discovery

Name Description Type Key and additional info
Lambda discovery

Get Lambda functions.

Script aws.lambda.discovery

Feedback

Please report any issues with the template at https://support.zabbix.com

You can also provide feedback, discuss the template, or ask for help at ZABBIX forums

Articles and documentation

+ Propose new article

Не нашли то, что искали?