Monitoring AWS CloudFront

The AWS CloudFront sensor is automatically deployed and installed after you install the Instana agent. This sensor monitors AWS CloudFront distributions and their associated functions.

For other supported AWS services, see the AWS topic.

Prerequisites
Viewing details and metrics for a CloudFront distribution
- CloudFront distribution details
- Metrics
  - Distribution
  - Associated functions
Required permissions

Prerequisites

To enable monitoring of AWS CloudFront, deploy the agent to the us-east-1 region.
To monitor Cache hit rate and Origin latency metrics, enable additional CloudFront distribution metrics in the AWS Console. For instructions about how to enable additional metrics, see the AWS documentation.

Viewing details and metrics for a CloudFront distribution

Instana collects details and metrics for a CloudFront distribution.

CloudFront distribution details

The following CloudFront details are collected by the AWS CloudFront sensor:

CloudFront Distribution Details	Description
ARN	The Amazon Resource Name (ARN) of the CloudFront distribution.
Name	The CloudFront domain name of the distribution.
Region	The location (region) of the distribution.
Distribution ID	The unique identifier of the distribution.
Status	The deployment status of the distribution.
Last Modified Time	The date and time at which the distribution was last modified.

Metrics

Instana collects metrics on CloudFront distribution and associated functions.

Distribution

Name	Description
Requests	The total number of viewer requests received by CloudFront, for all HTTP methods and for both HTTP and HTTPS requests.
Bytes Uploaded	The total number of bytes that viewers uploaded to your origin with CloudFront, using POST and PUT requests.
Bytes Downloaded	The total number of bytes downloaded by viewers for GET, HEAD, and OPTIONS requests.
4xx Error Rate	The percentage of all viewer requests for which the response's HTTP status code is 4xx.
5xx Error Rate	The percentage of all viewer requests for which the response's HTTP status code is 5xx.
Total Error Rate	The percentage of all viewer requests for which the response's HTTP status code is 4xx or 5xx.
Cache Hit Rate	The percentage of all requests that can be cached for which CloudFront served the content from its cache. HTTP POST and PUT requests, and errors, are not cached.
Origin Latency	The total time taken in milliseconds by the CloudFront to send a response to the network for a request. This latency value is only for requests that are served from the origin; that is, not from the CloudFront cache.

Associated functions

Name	Description
Invocations	The number of times the function was started (invoked) in a given time period.
Compute Utilization	The amount of time (0-100, as a percentage of the maximum allowed time) that the function took to run.
Throttles	The number of times that the function was throttled in a given time period.
Validation Errors	The number of validation errors produced by the function in a given time period. Validation errors occur when the function runs successfully, but returns invalid data (an invalid event object).
Execution Errors	The number of execution errors that occurred in a given time period. Execution errors occur when the function fails to complete successfully.

Required permissions

The following permissions are required:

cloudfront:GetDistribution
cloudfront:ListDistributions
cloudfront:ListTagsForResource

Configuring the AWS CloudFront sensor

To change the configuration of the AWS CloudFront sensor, edit the com.instana.plugin.aws.cloudfront properties of the agent configuration in the <agent_install_dir>/etc/instana/configuration.yml file.

The AWS CloudFront sensor pulls metrics for CloudFront once every 5 minutes. To change this frequency, use the cloudwatch_period property:

com.instana.plugin.aws.cloudfront:
  cloudwatch_period: 60

Enabling function monitoring incurs additional financial costs due to an increase in gathered CloudWatch metrics.

To enable monitoring of CloudFront functions, set the enable_function_monitoring: true property:

com.instana.plugin.aws.cloudfront:
   enable_function_monitoring: true

To disable monitoring of CloudFront distributions, set the enabled: false property:

com.instana.plugin.aws.cloudfront:
  enabled: false

Configuring the AWS CloudFront sensor to use a proxy

To make the AWS CloudFront sensor use a proxy, add the following properties to the agent configuration in the <agent_install_dir>/etc/instana/configuration.yml file:

com.instana.plugin.aws.cloudfront:
  proxy_host: 'example.com' # proxy host name or ip address
  proxy_port: 3128 # proxy port
  proxy_protocol: 'HTTP' # proxy protocol: HTTP or HTTPS
  proxy_username: 'username' # OPTIONAL: proxy username
  proxy_password: 'password' # OPTIONAL: proxy password

Monitoring multiple AWS accounts

To set up monitoring of multiple AWS accounts with one AWS agent in the same region, see the Monitoring multiple AWS accounts topic.

Overriding the AWS profiles used to monitor CloudFront

To override which AWS profiles are used to monitor CloudFront, use the following configuration:

com.instana.plugin.aws.cloudfront:
  profile_names:
    - 'profile2'
    - 'profile3'

If you define profiles on a service level, the global AWS profiles configuration is overridden.

Overriding the IAM roles used to monitor CloudFront

To override which IAM roles are used to monitor CloudFront, use the following configuration:

com.instana.plugin.aws.cloudfront:
  role_arns:
    - 'arn:aws:iam::<account_1_id>:role/<role_1_name>'
    - 'arn:aws:iam::<account_2_id>:role/<role_2_name>'

If you define IAM roles on a service level, the global AWS IAM roles configuration are overridden.

Filtering

You can define tags that are to be used to include services in discovery or to exclude services from discovery. If you don't need to filter services, you don't need to define the tags.

You can define multiple tags, which are separated by a comma. Define each tag as a key-value pair. To make configuration easier, you can define which tags you want to include in discovery or exclude from discovery. If you define the same tag in both lists (include and exclude), the exclude list has higher priority. It’s not mandatory to define all values to enable filtering.

Tags are only available with the AWS Agent.

You can specify how often sensors poll the AWS tagged resources by using the tagged-services-poll-rate configuration property. By default, the value is 300 seconds.

To define how often sensors poll the tagged resources, use the following configuration:

com.instana.plugin.aws:
  tagged-services-poll-rate: 60 #default 300

To include services by tags into discovery, use the following configuration:

com.instana.plugin.aws.cloudfront:
  include_tags: # Comma separated list of tags in key:value format (e.g. env:prod,env:staging)

To exclude services by tags from discovery, use the following configuration:

com.instana.plugin.aws.cloudfront:
  exclude_tags: # Comma separated list of tags in key:value format (e.g. env:dev,env:test)

AWS services without tags are monitored by default, but can be excluded by setting the include_untagged field to false:

com.instana.plugin.aws.cloudfront:
  include_untagged: false # True value by default