Configuring AWS agent for Lambda monitoring

The AWS agent tracks existing versions of the Lambda function and collects their associated runtime metrics.

To configure the Instana AWS agent, you need to set up the AWS agent for AWS Lambda monitoring and if required, use proxy configuration.

Setting up the AWS agent for AWS Lambda monitoring

Before you set up AWS agent for AWS Lambda monitoring, set up an AWS account and select a region in which you deploy the AWS Lambda functions. For more information, see AWS agent.

The setup steps are required by several AWS Lambda-related functions, including Dynamic Focus Queries that use the entity.aws.lambda.version Operator, Unbounded Analytics tags like faas.functionversion, and the dashboards dedicated to AWS Lambda functions and function versions.

To set up AWS agent for AWS Lambda monitoring, apply these configurations to the AWS agent.

Granting extra IAM permissions

To collect metrics and versions for the AWS Lambda functions, the following extra IAM permissions must be granted to the AWS agent:

  • cloudwatch:GetMetricStatistics
  • cloudwatch:GetMetricData
  • lambda:ListTags
  • lambda:ListFunctions
  • lambda:ListVersionsByFunction
  • lambda:GetFunctionConfiguration
  • lambda:ListEventSourceMappings

For more information about granting IAM permissions to the AWS agent, see the AWS agent installation documentation.

Monitoring Lambda versions

To enable monitoring Lambda versions, grant the lambda:ListVersionsByFunction IAM permission to the AWS agent. If the required permission is missing, Instana aggregates the metrics for all versions.

By default, Instana monitors the five most recent versions of each Lambda function individually. You can use the following configuration to set the number of versions for which Instana fetches data:

com.instana.plugin.aws.lambda:
  number_of_versions: 3 # default 5

Up to 20 versions of Lambda can be configured.

You can disable monitoring individual Lambda versions, and then Instana aggregates the metrics for all versions. In this case, the aggregating metrics are attached to the \$LATEST version for the Lambda function.

Restart the agent after you make this configuration change.

Disabling retrieval of Lambda versions and metrics

To entirely disable monitoring of Lambda instances, use the following configuration:

com.instana.plugin.aws.lambda:
  enabled: false

To disable only the retrieval of versions data, use the following configuration:

com.instana.plugin.aws.lambda:
  fetch_versions: false

Changing poll rate

Metrics for Lambda are retrieved every 5 minutes. You can change the interval by using the following agent configuration in <agent_install_dir>/etc/instana/configuration.yml:

com.instana.plugin.aws.lambda:
  cloudwatch_period: 300

You can specify how often sensors poll the AWS tagged resources by using the tagged-services-poll-rate configuration property (default: 300 seconds).

To define how often sensors poll the tagged resources use following configuration:

com.instana.plugin.aws:
  tagged-services-poll-rate: 60 #default 300

Using proxy configuration

To configure the AWS agent to use proxy configuration, add the following agent configuration settings:

com.instana.plugin.aws.lambda:
  proxy_host: 'example.com' # proxy host name or ip address
  proxy_port: 3128 # proxy port
  proxy_protocol: 'HTTP' # proxy protocol: HTTP or HTTPS
  proxy_username: 'username' # OPTIONAL: proxy username
  proxy_password: 'password' # OPTIONAL: proxy password

Filtering

You can define multiple tags that are separated by a comma. Use tags as a key-value pair separated by the : character. To simplify the configuration process, you can define the tags that you want to include or exclude from discovery. When you define tags in both the lists (include and exclude), the exclude list takes higher priority. If services filtering is not required, do not define the configuration. It’s not mandatory to define all values to enable filtering.

To include services by tags into discovery, use the following configuration:

com.instana.plugin.aws.lambda:
  include_tags: # Comma separated list of tags in key:value format (e.g. env:prod,env:staging)

To exclude services by tags from discovery, use the following configuration:

com.instana.plugin.aws.lambda:
  exclude_tags: # Comma separated list of tags in key:value format (e.g. env:dev,env:test)

AWS services without tags are monitored by default, but can be excluded by setting the include_untagged field to false:

com.instana.plugin.aws.lambda:
  include_untagged: false # True value by default

Monitoring multiple AWS accounts

To set up monitoring of multiple AWS accounts with one AWS agent in the same region, see the Monitoring multiple AWS accounts documentation.

Overriding profiles: AWS named profiles approach

To override which profiles must be used to monitor Lambda, use the following configuration:

com.instana.plugin.aws.lambda:
  profile_names:
    - 'profile2'
    - 'profile3'

Defining profiles on service level overrides the global AWS profiles configuration.

Overriding IAM roles: AWS STS approach

To override the IAM Roles used to monitor Lambda, use the following configuration:

com.instana.plugin.aws.lambda:
  role_arns:
    - 'arn:aws:iam::<account_1_id>:role/<role_1_name>'
    - 'arn:aws:iam::<account_2_id>:role/<role_2_name>'

Defining IAM roles on service level overrides the global AWS IAM roles configuration.