I'm trying to use the Amazon EC2 Systems Manager (http://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html) to create an "Automation" document type to (amongst other things) tag an AMI it just created.
You can create tags in a predetermined manner like this within "mainSteps":
...
{
"name": "CreateTags",
"action": "aws:createTags",
"maxAttempts": 3,
"onFailure": "Abort",
"inputs": {
"ResourceType": "EC2",
"ResourceIds": ["{{ CreateImage.ImageId }}"],
"Tags": [
{
"Key": "Original_AMI_ID",
"Value": "Created from {{ SourceAmiId }}"
}
]
}
},
...
but to tag with a variable number of Tags, I'm assuming the following change is neccessary:
...
{
"name": "CreateTags",
"action": "aws:createTags",
"maxAttempts": 3,
"onFailure": "Abort",
"inputs": {
"ResourceType": "EC2",
"ResourceIds": ["{{ CreateImage.ImageId }}"],
"Tags": {{ Tags }}
}
},
...
with the addition of a new parameter called 'Tags' of type 'MapList':
"parameters": {
"Tags": {
"type": "MapList"
}
}
since running the process was complaining about my using a 'String' type and saying I should use a 'MapList'.
'MapList' is listed as a parameter type of the Amazon EC2 Systems Manager (http://docs.aws.amazon.com/systems-manager/latest/APIReference/top-level.html), but I have not yet found any documentation on how to define this type.
I have guessed at several formats based upon both what I've seen from their 'hardcoded' sample above and other tagging method in their other API's to no avail:
[ { "Key": "Name", "Value": "newAmi" } ]
[ { "Key": "Name", "Values": [ "newAmi" ] } ]
1: { "Key": "Name", "Values": [ "newAmi" ] }
Does anyone know how to define the new parameter types introduced with the Amazon EC2 Systems Manager (specifically, 'MapList')?
Update:
Since the docs are lacking, Amazon Support is asking the automation team how to best tag ami's using this method. I have found how to add a single tag as a parameter value in the console, though:
{ "Key": "TagName", "Value": "TagValue" }
My attempts to add multiple tags will allow the automation to start:
{ "Key": "TagName1", "Value": "TagValue1" }, { "Key": "TagName2", "Value": "TagValue2" }
but ultimately returns this generic error at runtime:
Internal Server Error. Please refer to Automation Service Troubleshooting
Guide for more diagnosis details
It might seem like the [] is missing from around the array, but you seem to get those for free because when I add them I get this error:
Parameter type error. [[ { "Key": "Description", "Value": "Desc" },
{ "Key": "Name", "Value": "Nm" } ]] is defined as MapList.
Thanks for using EC2 Systems Manager, Automation feature. Here's the document I tested, it works.
{
"schemaVersion": "0.3",
"description": "Test tags.",
"assumeRole": "arn:aws:iam::123456789012:role/TestRole",
"parameters": {
"Tags": {
"default": [{
"Key": "TagName1",
"Value": "TagValue1"
},
{
"Key": "TagName2",
"Value": "TagValue2"
}],
"type": "MapList"
}
},
"mainSteps": [
{
"name": "CreateTags",
"action": "aws:createTags",
"maxAttempts": 3,
"onFailure": "Abort",
"inputs": {
"ResourceType": "EC2",
"ResourceIds": [
"i-12345678"
],
"Tags": "{{ Tags }}"
}
}
]
}
Related
While running AWSFIS-Run-CPU-Stress i am getting below error:
Unable to start action, due to a platform mismatch between the specified document and the targeted instances. I am trying this in Windows EC2 instance
My Experiment script look like this(removed confidential server info):
{
"description": "Test CPU stress predefined SSM document",
"targets": {
"testInstance": {
"resourceType": "aws:ec2:instance",
"resourceArns": [
"arn:aws:ec2:region:123456789012:instance/instance_id"
],
"selectionMode": "ALL"
}
},
"actions": {
"runCpuStress": {
"actionId": "aws:ssm:send-command",
"parameters": {
"documentArn": "arn:aws:ssm:region::document/AWSFIS-Run-CPU-Stress",
"documentParameters": "{\"DurationSeconds\":\"120\"}",
"duration": "PT5M"
},
"targets": {
"Instances": "testInstance"
}
}
},
"stopConditions": [
{
"source": "aws:cloudwatch:alarm",
"value": "arn:aws:cloudwatch:region:123456789012:alarm:awsec2-instance_id-GreaterThanOrEqualToThreshold-CPUUtilization"
}
],
"roleArn": "arn:aws:iam::123456789012:role/AllowFISSSMActions",
"tags": {}
}
I am using #Timed annotation in SpringBoot application to monitor a method. I also want to know the count of response per status.
#GetMapping("/status/{productNumber}", produces = [MediaType.APPLICATION_JSON_VALUE])
#Timed(value = "status.productnumber", description = "Timed information retrieveProduct()")
fun retrieveProduct(#PathVariable productNumber: String): ResponseEntity {
When I open http://localhost:8080/actuator/metrics/status.productnumber I see:
{
"name": "status.productnumber",
"description": "Timed information retrieveProduct()",
"base_unit": "seconds",
"measurements": [
{
"statistic": "COUNT",
"value": 3.0
},
{
"statistic": "TOTAL_TIME",
"value": 0.515840608
},
{
"statistic": "MAX",
"value": 0.006641343
}
],
"available_tags": [
{
"tag": "exception",
"values": [
"None",
"RuntimeException"
]
},
{
"tag": "method",
"values": [
"GET"
]
},
{
"tag": "uri",
"values": [
"/status/{productNumber}"
]
},
{
"tag": "outcome",
"values": [
"SERVER_ERROR",
"SUCCESS"
]
},
{
"tag": "status",
"values": [
"500",
"200"
]
}
]
}
Here the COUNT statistic shows the total number of times this endpoint or method is accessed. Can I know the count per status? I want to know how many times 500 status code has occurred
You can query the tags this way: /actuator/metrics/status.productnumber?tag=status:500, please see the docs.
A couple of side notes:
The metrics endpoint is for metrics debugging/troubleshooting purposes, it does not substitute a metrics backend, it should not be used instead of it in prod
I'm not sure I get what is the purpose of status.productnumber by reading its name
I am capturing the logins of my org users into slack using google workspace admin reports API as mentioned in the doc here: https://developers.google.com/admin-sdk/reports/v1/appendix/activity/saml#login_success
I want to identify the workspace that these users are login into. How can I identify this?
Here's the sample response that I get from the reports API:
{
"kind": "admin#reports#activities",
"etag": "\"SsISqFfgRYY11XaGpPyQF5FTf1EAwqUmKLMPaD85FHw/evu1UTmScwnBzMj7rPtBftM3N2k\"",
"items": [
{
"kind": "admin#reports#activity",
"id": {
"time": "2022-05-25T17:51:08.913Z",
"uniqueQualifier": "35251594669533645",
"applicationName": "token",
"customerId": "C02a9qd29"
},
"etag": "\"SsISqFfgRYY11XaGpPyQF5FTf1EAwqUmKLMPaD85FHw/U-RQigEfldlDShA5VdJAIizlnsQ\"",
"actor": {
"email": "vibhu#cloudeagle.ai",
"profileId": "116721330888590133060"
},
"ipAddress": "18.206.76.246",
"events": [
{
"name": "authorize",
"parameters": [
{
"name": "client_id",
"value": "606092904014-s1u3idjanlbhr4ns5b1hcjgfn63cr9nh.apps.googleusercontent.com"
},
{
"name": "app_name",
"value": "Slack"
},
{
"name": "client_type",
"value": "WEB"
},
{
"name": "scope_data",
"multiMessageValue": [
{
"parameter": [
{
"name": "scope_name",
"value": "openid"
},
{
"name": "product_bucket",
"multiValue": [
"IDENTITY"
]
}
]
},
{
"parameter": [
{
"name": "scope_name",
"value": "https://www.googleapis.com/auth/userinfo.email"
},
{
"name": "product_bucket",
"multiValue": [
"IDENTITY"
]
}
]
},
{
"parameter": [
{
"name": "scope_name",
"value": "https://www.googleapis.com/auth/userinfo.profile"
},
{
"name": "product_bucket",
"multiValue": [
"IDENTITY"
]
}
]
}
]
},
{
"name": "scope",
"multiValue": [
"openid",
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile"
]
}
]
}
]
},
}
I am wondering if it is possible to identify the slack workspace from the above response or would it need other API endpoints and parameters.
keep in mind SAML is an authentication method that allows a Service Provider such as Slack in this scenario, use Google credentials as Identity Provider (IdP). That being said once the Authentication flow is completed usually the IdP doesn't have any control or access to the app activity.
In other words once the login is completed Google is blind about what users do in the app interface.
For that reason I am afraid what you are trying to achieve is not possible. In the Google Reports API link you shared data you can obtain is limited to failed/successful login details.
Testing the call to the Reports API you can see there is no additional details useful to your purpose:
I'm using JSONpath to try and find data with an array of JSON objects but I'm struggling to get to the information I want. The array contains many objects similar to below where there are values for RecID throughout. If I use $..RecID I get them all when I only want the first Key.RecID of each object (with a value 1338438 in this example). Is there a way to only extract the top level Key.RecID value?
BTW I'm trying to do this in jMeter and I'm assuming JSONpath is the best way to do what I want but if there is a better way I'd be happy to hear about it.
Thanks in advance
[{
"Key": {
"RecID": 1338438
},
"Users": [{
"FullName": "Miss Burns",
"Users": {
"Key": {
"Name": "Burns",
"RecID": 1317474
}
}
},
{
"FullName": "Mrs Fisher",
"Users": {
"Key": {
"Name": "Fisher",
"RecID": 1317904
}
}
}
],
"User": {
"FullName": "Mrs Fisher",
"Key": {
"Name": "Fisher",
"RecID": 1317904
}
},
"Organisation": {
"Key": {
"RecID": 1313881
}
}
}]
We have a Azure datafactory fully integrated with DevOps. Every change I make to the datafactory is deployed to all environments (OTAP), except alerts & metrics. I cannot find anything on how to deploy these to the other environments. Is this possible at all?
Is this possible at all?'
Quick answer is NO so far. I contacted Microsoft ADF team and got below response:
Azure Data Factory utilizes Azure Resource Manager templates to store
the configuration of your various ADF entities. Entities on Alerts &
Metrics does not get exported in the ARM template, so Alerts & Metrics
won’t be integrated using DevOps.
I did 2 verifications:
1.Check ARM template supported entities in ADF, Alerts & Metrics doesn't exist.
2.Try to export ARM template in the ADF UI but still no Alerts & Metrics
Really understand you would like to integrate all elements in Data Factory including Alerts & Metrics with DevOps. I suggest you submitting feedback here to push improvements of ADF, any voice is welcome.
There is a way to work around this one.
ADF alert is a "Microsoft.Insights/metricalerts" resource that you can deploy using ARM deployment operation from Azure Devops.
You can try to create an alert in ADF and then go to Portal, search for: Monitor > Alert > Alert Rule, and find the Alert you created in ADF. In my case there is an Alert called Test
Here is the ARM template exported from the alert
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"metricalerts_Alert_name": {
"defaultValue": "Alert",
"type": "String"
},
"factories_test_externalid": {
"defaultValue": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/yyyyy/providers/Microsoft.DataFactory/factories/test",
"type": "String"
},
"actionGroups_actiongroup1_externalid": {
"defaultValue": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/yyyyy/providers/microsoft.insights/actionGroups/actiongroup1",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Insights/metricalerts",
"apiVersion": "2018-03-01",
"name": "[parameters('metricalerts_Alert_name')]",
"location": "global",
"tags": {
"CreatedTimeUtc": "2022-09-13T05:28:46.0663823Z"
},
"properties": {
"severity": 0,
"enabled": true,
"scopes": [
"[parameters('factories_test_externalid')]"
],
"evaluationFrequency": "PT1M",
"windowSize": "PT15M",
"criteria": {
"allOf": [
{
"threshold": 1,
"name": "PipelineFailedRuns",
"metricNamespace": "Microsoft.DataFactory/factories",
"metricName": "PipelineFailedRuns",
"dimensions": [
{
"name": "Name",
"operator": "Include",
"values": [
"pipeline2"
]
},
{
"name": "FailureType",
"operator": "Include",
"values": [
"UserError",
"SystemError",
"BadGateway"
]
}
],
"operator": "GreaterThanOrEqual",
"timeAggregation": "Total",
"criterionType": "StaticThresholdCriterion"
}
],
"odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria"
},
"actions": [
{
"actionGroupId": "[parameters('actionGroups_actiongroup1_externalid')]",
"webHookProperties": {}
}
]
}
}
]
}
For the actionGroups you can refer to
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"groupName": {
"defaultValue": "actiongroup1",
"type": "string"
},
"email_receiver_address": {
"defaultValue": "someEmail#gmail.com",
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "microsoft.insights/actionGroups",
"apiVersion": "2019-03-01",
"name": "[parameters('groupName')]",
"location": "global",
"tags": {
"CreatedTimeUtc": "2020-10-21T07:24:08.2808723Z",
},
"properties": {
"groupShortName": "test",
"enabled": true,
"emailReceivers": [
{
"name": "test email received",
"emailAddress": "[parameters('email_receiver_address')]",
"useCommonAlertSchema": false
}
],
"smsReceivers": [],
"webhookReceivers": [],
"itsmReceivers": [],
"azureAppPushReceivers": [],
"automationRunbookReceivers": [],
"voiceReceivers": [],
"logicAppReceivers": [],
"azureFunctionReceivers": []
}
}
]
}