はじめに
AWS CloudFormationのテンプレートを作成する時はAWS CLIのdescribeを使うととても作業が捗る。
普段、コンソールでリソースを作成するとテンプレートの引数で何を与えればよいか分からないが、AWS CLIで既存リソースに対しdescribeすると一発でテンプレートの引数が分かる。
やり方
- AWS CloudShell を開く。AWS Console(トップページ)の右上
>_を四角で囲んだマークをクリック。 - 作成したいリソースに対して、
aws xx describe-xx --output yaml - CloudFormationのリファレンスを見ながら、出力されたyamlのうち必要なものを抽出する。引数の先頭が大文字でない場合があるため注意する。
CloudFormationのリファレンス
AWS CLIのリファレンス
例
作成しているリソース
- CloudWatch Logs
- ロググループ
- ログストリーム
- メトリクスフィルター
- CloudWatch Alarm
- アラーム
メトリクスフィルターとアラームの設定項目が多く何を設定したらよいか分からない。
AWSTemplateFormatVersion: 2010-09-09
Description: >-
alert crontab result, and monitoring crontab
Parameters:
SNSTopicARN:
Description: SNS Topic ARN for Notification
Type: String
ProjectName:
Description: Project Name
Type: String
Resources:
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html
LogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub /aws/ec2/${ProjectName}-service-status
RetentionInDays: 1
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-logstream.html
LogStream:
Type: AWS::Logs::LogStream
Properties:
LogGroupName: !Ref LogGroup
LogStreamName: "service-status"
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-metricfilter.html
# aws logs describe-metric-filters --output yaml
MetricFilter:
Type: AWS::Logs::MetricFilter
Properties:
FilterPattern: "ActiveState=active" ## 適宜書き換え
LogGroupName: !Ref LogGroup
MetricTransformations:
- DefaultValue: 0.0
MetricName: !Sub ${ProjectName}-filter-active
MetricNamespace: !Sub ${ProjectName}-service-status
MetricValue: 1
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-alarm.html
# aws cloudwatch describe-alarms --alarm-names "active-alarm" --output yaml
CloudWatchAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
ActionsEnabled: true
AlarmActions:
- Ref: SNSTopicARN
AlarmDescription: >-
Monitor ec2 service status log.
AlarmName: !Sub ${ProjectName}-active-alarm
ComparisonOperator: LessThanOrEqualToThreshold
DatapointsToAlarm: 1
Dimensions: []
EvaluationPeriods: 1
InsufficientDataActions: []
MetricName: !Sub ${ProjectName}-filter-active
Namespace: !Sub ${ProjectName}-service-status
Period: 300
Statistic: Sum
Threshold: 0.0
TreatMissingData: breaching
メトリクスフィルターに対して、describe。
[cloudshell-user@ip-10-0-xx-xx ~]$ aws logs describe-metric-filters --output yaml
metricFilters:
- creationTime: 1634819123618
filterName: filter-active
filterPattern: ActiveState=active
logGroupName: /aws/ec2/service-status
metricTransformations:
- defaultValue: 0.0
metricName: filter-active
metricNamespace: service-status
metricValue: '1'
CloudWatchアラームに対して、describe。
[cloudshell-user@ip-10-0-xx-xx ~]$ aws cloudwatch describe-alarms --alarm-names "active-alarm" --output yaml
CompositeAlarms: []
MetricAlarms:
- ActionsEnabled: true
AlarmActions:
- arn:aws:sns:ap-northeast-1:0000000000000:Default_CloudWatch_Alarms_Topic
AlarmArn: arn:aws:cloudwatch:ap-northeast-1:0000000000000:alarm:active-alarm
AlarmConfigurationUpdatedTimestamp: '2021-10-21T13:47:23.276000+00:00'
AlarmName: active-alarm
ComparisonOperator: LessThanOrEqualToThreshold
DatapointsToAlarm: 1
Dimensions: []
EvaluationPeriods: 1
InsufficientDataActions: []
MetricName: filter-active
Namespace: service-status
OKActions: []
Period: 300
StateReason: 'Threshold Crossed: no datapoints were received for 1 period and 1
missing datapoint was treated as [Breaching].'
StateReasonData: '{"version":"1.0","queryDate":"2021-11-07T09:54:24.256+0000","statistic":"Sum","period":300,"recentDatapoints":[],"threshold":0.0,"evaluatedDatapoints":[{"timestamp":"2021-11-07T09:54:00.000+0000"}]}'
StateUpdatedTimestamp: '2021-11-07T09:54:24.263000+00:00'
StateValue: ALARM
Statistic: Sum
Threshold: 0.0
TreatMissingData: breaching