-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #19590 from newrelic/serverless-feedback-incorpora…
…tion Serverless restructure
- Loading branch information
Showing
14 changed files
with
814 additions
and
2,175 deletions.
There are no files selected for viewing
148 changes: 148 additions & 0 deletions
148
...ring/instrument-lambda-function/compatibility-requirement-lambda-monitoring.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,148 @@ | ||
--- | ||
title: Compatibility and requirements for AWS Lambda monitoring | ||
metaDescription: Lambda monitoring agent compatibility and requirements. | ||
freshnessValidatedDate: never | ||
--- | ||
|
||
Before you [install Lambda monitoring](/docs/serverless-function-monitoring/aws-lambda-monitoring/instrument-lambda-function/configure-serverless-aws-monitoring), make sure your system meets the following requirements. | ||
|
||
## Basic requirements [#requirements] | ||
|
||
Before enabling serverless monitoring using our Lambda layer, you'll need: | ||
|
||
1. A New Relic account with either an [admin role](/docs/accounts/original-accounts-billing/original-users-roles/users-roles-original-user-model/#roles) or have the **Infrastructure manager** [add-on role](/docs/accounts/original-accounts-billing/original-users-roles/users-roles-original-user-model#add-on). | ||
|
||
2. A <InlinePopover type="userKey" />. | ||
|
||
3. An AWS account with permissions for creating IAM resources, managed secrets, and Lambdas. You also need permissions for creating CloudFormation stacks and S3 buckets. | ||
|
||
{/* Then you'll need to complete the following: | ||
1. Install [AWS CLI v2](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) configure using `aws configure`. You will need an AWS Access Key ID and AWS Secret Access Key. | ||
2. Install [Python](https://www.python.org/downloads/) version 3.3 or higher. | ||
3. Install the [`newrelic-lambda` CLI](https://github.com/newrelic/newrelic-lambda-cli#installation). To install it, run this command: | ||
```bash | ||
pip3 install newrelic-lambda-cli | ||
``` | ||
4. By default, we use the AWS Managed Policy `ReadOnlyAccess`. This allows the Infrastructure integration to see all the resources in your account, rather than just your Lambda functions and CloudWatch metrics. New Relic recommends this default, but we understand that some organizations prefer a strict security posture for third party integrations. If you'd like to limit New Relic's access, the IAM role can be granted with a minimum of these permissions: | ||
```yaml | ||
Resource: "*" | ||
Action: | ||
- "cloudwatch:GetMetricStatistics" | ||
- "cloudwatch:ListMetrics" | ||
- "cloudwatch:GetMetricData" | ||
- "lambda:GetAccountSettings" | ||
- "lambda:ListFunctions" | ||
- "lambda:ListAliases" | ||
- "lambda:ListTags" | ||
- "lambda:ListEventSourceMappings" | ||
``` | ||
5. Before running the CLI, you will need to grant New Relic a minimum of these permissions in AWS: | ||
```json | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Sid": "CLIAccessPolicy", | ||
"Action": [ | ||
"cloudformation:CreateChangeSet", | ||
"cloudformation:CreateStack", | ||
"cloudformation:DescribeStacks", | ||
"cloudformation:ExecuteChangeSet", | ||
"iam:AttachRolePolicy", | ||
"iam:CreateRole", | ||
"iam:GetRole", | ||
"iam:PassRole", | ||
"lambda:AddPermission", | ||
"lambda:CreateFunction", | ||
"lambda:GetFunction", | ||
"logs:DeleteSubscriptionFilter", | ||
"logs:DescribeSubscriptionFilters", | ||
"logs:PutSubscriptionFilter", | ||
"s3:GetObject", | ||
"serverlessrepo:CreateCloudFormationChangeSet", | ||
"secretsmanager:CreateSecret" | ||
], | ||
"Effect": "Allow", | ||
"Resource": "*" | ||
}, | ||
{ | ||
"Sid": "NRLogAccessPolicy", | ||
"Effect": "Allow", | ||
"Action": [ | ||
"serverlessrepo:CreateCloudFormationTemplate", | ||
"serverlessrepo:GetCloudFormationTemplate" | ||
], | ||
"Resource": "arn:aws:serverlessrepo:us-east-1:463657938898:applications/NewRelic-log-ingestion" | ||
} | ||
] | ||
} | ||
``` | ||
If you'd like to learn more about our CLI, see [our CLI repo](https://github.com/newrelic/newrelic-lambda-cli#installation). */} | ||
|
||
## Supported runtimes | ||
|
||
Based on the type of instrumentation, the following runtimes are supported. | ||
|
||
<Tabs> | ||
<TabsBar> | ||
|
||
<TabsBarItem id="1">Layered instrumentation</TabsBarItem> | ||
<TabsBarItem id="2">SDK based instrumentation</TabsBarItem> | ||
<TabsBarItem id="3">Containerized instrumentation</TabsBarItem> | ||
<TabsBarItem id="4">OpenTelemetry</TabsBarItem> | ||
|
||
</TabsBar> | ||
<TabsPages> | ||
|
||
|
||
<TabsPageItem id="1"> | ||
* Node.js: `nodejs16.x`, `nodejs18.x`, `nodejs20.x`, `nodejs22.x` | ||
* Python: `python3.8`, `python3.9`, `python3.10`, `python3.11`, `python3.12`, `python3.13` | ||
* Go: `provided.al2`, `provided.al2023` | ||
* Java: `java8.al2`, `java11`, `java17`, `java21` | ||
* Ruby: `ruby3.2`, `ruby3.3` | ||
* .NET: `dotnet6`, `dotnet8` | ||
|
||
</TabsPageItem> | ||
|
||
|
||
<TabsPageItem id="2"> | ||
|
||
* Use the supported New Relic agent packages for respective runtimes to instrument your Lambda function. | ||
|
||
</TabsPageItem> | ||
|
||
<TabsPageItem id="3"> | ||
* Node.js(OS/Arch: Linux, Windows, ARM, ARM 64, x86, x86-64) : `nodejs16.x`, `nodejs18.x`, `nodejs20.x`, `nodejs22.x` | ||
* Python (OS/Arch: Linux, Windows, ARM, ARM 64, x86, x86-64): `python3.7`, `python3.8`, `python3.9`, `python3.10`, `python3.11`, `python3.12`, `python3.13` | ||
* Java (OS/Arch: Linux, Windows, ARM, ARM 64, x86, x86-64): `java8`, `java11`, `java17`, `java21` | ||
* Ruby : `ruby3.2`, `ruby3.3` | ||
* .NET (OS/Arch: Linux, Windows, ARM, ARM 64, x86, x86-64): `dotnet6`, `dotnet8` | ||
</TabsPageItem> | ||
|
||
<TabsPageItem id="4"> | ||
* Java: `java8.al2` or `java11` | ||
|
||
</TabsPageItem> | ||
</TabsPages> | ||
|
||
</Tabs> | ||
|
||
## What's next | ||
|
||
<DocTiles> | ||
<DocTile title="Install and configure Lambda monitoring" path="/docs/serverless-function-monitoring/aws-lambda-monitoring/instrument-lambda-function/configure-serverless-aws-monitoring" >Get started with instrumentation and configuration for your Lambda functions. </DocTile> | ||
<DocTile title="Data and UI" path="/docs/serverless-function-monitoring/aws-lambda-monitoring/ui-data/understand-lambda-monitoring-ui/" >Learn how to use New Relic to monitor your AWS Lambda functions.</DocTile> | ||
</DocTiles> | ||
|
||
|
||
|
||
|
145 changes: 145 additions & 0 deletions
145
...a-monitoring/instrument-lambda-function/configure-serverless-aws-monitoring.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,145 @@ | ||
--- | ||
title: "Install and configure Lambda monitoring on New Relic" | ||
metaDescription: Configure your AWS Lambda functions with New Relic | ||
freshnessValidatedDate: never | ||
|
||
--- | ||
|
||
|
||
## Before you begin [#begin] | ||
|
||
* If you haven't done so, you may want to check that your Lambda function meets our [compatibility and requirements](/docs/serverless-function-monitoring/aws-lambda-monitoring/instrument-lambda-function/compatibility-requirement-lambda-monitoring). | ||
|
||
|
||
## Install Lambda monitoring [#setup] | ||
|
||
Lambda monitoring includes: | ||
|
||
* An AWS integration to ingest CloudWatch metrics and perform entity synthesis within New Relic. | ||
* A New Relic agent included in our [New Relic Lambda Layers](https://github.com/newrelic/newrelic-lambda-layers) or [as an SDK](/docs/serverless-function-monitoring/aws-lambda-monitoring/instrument-lambda-function/sdk-based-instrumentation). | ||
* A method of sending payloads and logs to New Relic via our [newrelic-log-ingestion](https://github.com/newrelic/aws-log-ingestion) function or [Extension](https://github.com/newrelic/newrelic-lambda-extension). If you use [New Relic Lambda Layers](https://github.com/newrelic/newrelic-lambda-layers), you don't have to do any extra configuration to send data. | ||
|
||
<Steps> | ||
<Step> | ||
## Link your AWS and New Relic accounts [#link] | ||
<Callout variant="tip"> | ||
If you use the [newrelic-lambda-cli](https://github.com/newrelic/newrelic-lambda-cli) to instrument your Lambda function, the linking process is automated, allowing you to bypass this step. | ||
</Callout> | ||
|
||
By linking accounts, you're granting New Relic permission to create an inventory of your AWS account and automatically gather CloudWatch metrics for your Lambda functions. | ||
After you've linked accounts, resources in your AWS account appear as entities in the [entity explorer](/docs/new-relic-solutions/new-relic-one/core-concepts/new-relic-explorer-view-performance-across-apps-services-hosts/#find). Lambda function entities will be found in the Serverless Functions view. | ||
|
||
You can link your AWS and New Relic account by one of the following integration methods. | ||
|
||
<Tabs> | ||
<TabsBar> | ||
<TabsBarItem id="1">AWS Metric Streams(recommended)</TabsBarItem> | ||
<TabsBarItem id="2">API Polling</TabsBarItem> | ||
</TabsBar> | ||
|
||
<TabsPages> | ||
<TabsPageItem id="1"> | ||
For New Relic to monitor your Lambda functions, you need to set up an integration between New Relic and AWS. We recommend using [Metric Streams](/docs/infrastructure/amazon-integrations/connect/aws-metric-stream) to help reduce latency and avoid throttling of our polling requests. | ||
|
||
</TabsPageItem> | ||
<TabsPageItem id="2"> | ||
If you're not using a Metric Streams integration, you can choose to set up an [API Polling](/docs/infrastructure/amazon-integrations/connect/connect-aws-new-relic-infrastructure-monitoring) integration instead. By default, an API Polling integration with the Lambda service enabled will poll every 5 minutes for CloudWatch metrics. | ||
|
||
You can use the [newrelic-lambda-cli](https://github.com/newrelic/newrelic-lambda-cli) to set up an API Polling integration, but not a Metric Streams integration. | ||
|
||
```sh | ||
newrelic-lambda integrations install --nr-account-id YOUR_NR_ACCOUNT_ID \ | ||
--nr-api-key YOUR_NEW_RELIC_USER_KEY | ||
``` | ||
One step in the [integrations install command](https://github.com/newrelic/newrelic-lambda-cli?tab=readme-ov-file#aws-lambda-integration) will create a `NEW_RELIC_LICENSE_KEY` secret in [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) for improved security. This is configurable with a `--disable-license-key-secret` flag, along with other options and flags. | ||
</TabsPageItem> | ||
</TabsPages> | ||
</Tabs> | ||
|
||
|
||
|
||
</Step> | ||
|
||
<Step> | ||
## Instrument your Lambda function [#instrument] | ||
|
||
To instrument your Lambda function, you need an agent, and an extension. These components are bundled together in the New Relic [Lambda layer](https://github.com/newrelic/newrelic-lambda-layers). If using Lambda layers isn't an option for you, you can manually incorporate the agent and extension into your function. | ||
Based on the requirement of your Lambda function, select one of the following instrumention methods: | ||
|
||
<Tabs> | ||
<TabsBar> | ||
|
||
<TabsBarItem id="layered-instrumentation">Layered instrumentation</TabsBarItem> | ||
<TabsBarItem id="sdk-based-instrumentation">SDK based instrumentation</TabsBarItem> | ||
<TabsBarItem id="containerized-instrumentation">Containerized instrumentation</TabsBarItem> | ||
</TabsBar> | ||
|
||
<TabsPages> | ||
|
||
<TabsPageItem id="layered-instrumentation"> | ||
Use this method if your Lambda function is packaged as a Zip file and you can add layers. Layers are distribution mechanism for libraries, custom runtimes, and other dependencies. For more information, refer to [Layered instrumentation](/docs/serverless-function-monitoring/aws-lambda-monitoring/instrument-lambda-function/instrument-your-own/) documentation. | ||
</TabsPageItem> | ||
<TabsPageItem id="sdk-based-instrumentation"> | ||
Use this method if your Lambda function can't use layers, ensuring quick deployment without the necessity to modify layers. For more information, refer to [SDK based instrumentation](/docs/serverless-function-monitoring/aws-lambda-monitoring/instrument-lambda-function/sdk-based-instrumentation/) documentation. | ||
</TabsPageItem> | ||
<TabsPageItem id="containerized-instrumentation"> | ||
Use this method if your Lambda function runs inside a container. Containers provide a consistent, isolated execution environment for your applications. New Relic provides a pre-built Docker image that includes the New Relic Lambda layer, the New Relic Lambda extension, and the New Relic agent. For more information, refer to [Containerized instrumentation](/docs/serverless-function-monitoring/aws-lambda-monitoring/enable-lambda-monitoring/containerized-images/) documentation. | ||
|
||
</TabsPageItem> | ||
|
||
</TabsPages> | ||
</Tabs> | ||
|
||
</Step> | ||
|
||
<Step> | ||
## Configure environment variables [#environment] | ||
|
||
<Callout variant="tip"> | ||
* When you instrument New Relic's Lambda layer with the New Relic CLI, your mandatory environment variables are configured automatically. However, you may want to change some of the default settings and configure your Lambda functions with the environment variables that match your monitoring needs. | ||
* If you're using the New Relic Lambda extension, you need to configure the environment variables manually. | ||
</Callout> | ||
|
||
[Environment variables](/docs/serverless-function-monitoring/aws-lambda-monitoring/instrument-lambda-function/env-variables-lambda) are used to configure the New Relic agent and Lambda extension. It's important to set these variables correctly to ensure that your Lambda functions are monitored correctly. | ||
|
||
</Step> | ||
|
||
</Steps> | ||
|
||
|
||
## Try our example functions | ||
|
||
After you've instrumented New Relic's Lambda layer, we strongly recommend trying out our example functions. These working examples should be used as a starting point for instrumenting your own serverless functions. Using these examples can help you become familiar with the the New Relic Lambda layer, testing the account link, and they can be used as a reference for your own instrumentation. Each example demonstrates adding permissions, runtime-specific techniques for wrapping your handler, managing function log retention in CloudWatch, and more. | ||
|
||
While there are many ways to manage and deploy Lambda functions, AWS CloudFormation is the mechanism we use for our examples. | ||
|
||
Our examples are published, alongside the New Relic Lambda Extension, in this | ||
[GitHub repository](https://github.com/newrelic/newrelic-lambda-extension). There's one for each Lambda runtime New Relic supports: | ||
|
||
* [Node.js](https://github.com/newrelic/newrelic-lambda-extension/tree/main/examples/sam/node) | ||
* [Python](https://github.com/newrelic/newrelic-lambda-extension/tree/main/examples/sam/python) | ||
* [Go](https://github.com/newrelic/newrelic-lambda-extension/tree/main/examples/sam/go) | ||
* [Java](https://github.com/newrelic/newrelic-lambda-extension/tree/main/examples/sam/java) | ||
* [Ruby](https://github.com/newrelic/newrelic-lambda-extension/tree/main/examples/sam/ruby) | ||
* [.NET](https://github.com/newrelic/newrelic-lambda-extension/tree/main/examples/sam/dotnet) | ||
|
||
|
||
You can also learn how to instrument distributed tracing into a non-trivial serverless application in our [distributed tracing example](https://github.com/newrelic/newrelic-lambda-extension/tree/main/examples/sam/distributedtracing). It illustrates manual trace propagation for SQS and SNS, two of the more popular services that might invoke Lambda functions, with Node, Python, Ruby and Java functions. | ||
|
||
<Callout variant="tip"> | ||
When manually testing, telemetry data can be delayed. We recommend waiting seven seconds before invoking the function again, allowing any buffered telemetry to be delivered. | ||
</Callout> | ||
|
||
|
||
|
||
<DocTiles> | ||
<DocTile title="Compatibility and requirement" path="/docs/serverless-function-monitoring/aws-lambda-monitoring/instrument-lambda-function/compatibility-requirement-lambda-monitoring">Learn more about supported runtimes and prerequisites.</DocTile> | ||
<DocTile title="Data and UI" path="/docs/serverless-function-monitoring/aws-lambda-monitoring/ui-data/understand-lambda-monitoring-ui/" >Learn how to use New Relic to monitor your AWS Lambda functions.</DocTile> | ||
<DocTile title="Troubleshooting" path="/docs/serverless-function-monitoring/aws-lambda-monitoring/troubleshooting" >Learn how to troubleshoot installation related issues.</DocTile> | ||
|
||
</DocTiles> | ||
|
||
|
||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.