By using AWS re:Post, you agree to the Terms of Use

Questions tagged with Monitoring

Sort by most recent
  • 1
  • 12 / page

Browse through the questions and answers listed below or filter and sort to narrow down your results.

RDS: Difference between RX and NetworkReceiveThroughput?

I was analyzing the network performance of the Database we have on RDS, which has enhanced monitoring turned on. I am confused with two metrics (one from enhanced monitoring, another from CloudWatch), that theoretically mean the same, but are showing different values. For a given time range, 'RX' graph under Enhanced Monitoring says that 3.27 GiB (approximately). And according to the [AWS documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring-Available-OS-Metrics.html), RX means "The number of bytes received per second.". ![RDS-Console-RX-Value-In-GiB](https://repost.aws/media/postImages/original/IMrOSJwCBaQ9uAoZEfHjNf_Q) But for the same time range, if you plot 'NetworkReceiveThroughput' in CloudWatch, I see 3.6 million bytes per second (approximately), which is close to 3.6MB per second. And if you look up the [documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-metrics.html) on this term, it says "The incoming (receive) network traffic on the DB instance, including both customer database traffic and Amazon RDS traffic used for monitoring and replication." ![CloudWatch-NetworkReceiveThroughput-Bytes-per-Second](https://repost.aws/media/postImages/original/IMN-ChqNTKQdiG7DZDA0GrEw) Though NetworkReceiveThroughput is slightly different from RX since it includes AWS internal traffic that transmits monitoring data as well, I should have seen a higher value than RX in my case. Why are these values different by a huge margin? What am I getting wrong?
1
answers
0
votes
31
views
asked 20 days ago

Not able to get the data in query result in the Athena for the AWS config from S3 bucket

Hi, I have been trying to implement a monitoring solution to monitor the resources for AWS accounts in the organizations with AWS config, AWS Athena and Quicksight. I have set up all the services however Athena is not able to query all the data from the S3 bucket where the config data for all the accounts are stored. It is able to only query the data for the current account from where I am running the query. I can see the config data for all accounts in the S3 bucket as well. **Athena table creation query** ``` CREATE EXTERNAL TABLE aws_config_configuration_snapshot ( fileversion STRING, configSnapshotId STRING, configurationitems ARRAY < STRUCT < configurationItemVersion : STRING, configurationItemCaptureTime : STRING, configurationStateId : BIGINT, awsAccountId : STRING, configurationItemStatus : STRING, resourceType : STRING, resourceId : STRING, resourceName : STRING, ARN : STRING, awsRegion : STRING, availabilityZone : STRING, configurationStateMd5Hash : STRING, configuration : STRING, supplementaryConfiguration : MAP < STRING, STRING >, tags: MAP < STRING, STRING >, resourceCreationTime : STRING > > ) PARTITIONED BY (accountid STRING, dt STRING, region STRING) ROW FORMAT SERDE 'org.openx.data.jsonserde.JsonSerDe' LOCATION 's3://<S3_BUCKET_NAME>/AWSLogs/'; ``` **The lambda function used for data partitioning as per accounts** ``` import datetime import re import boto3 import os TABLE_NAME = 'aws_config_configuration_snapshot' DATABASE_NAME = 'sampledb' ACCOUNT_ID = None # Determined at runtime LATEST_PARTITION_VALUE = 'latest' athena = boto3.client('athena') def lambda_handler(event, context): global ACCOUNT_ID object_key = event['Records'][0]['s3']['object']['key'] match = get_configuration_snapshot_object_key_match(object_key) if match is None: print('Ignoring event for non-configuration snapshot object key', object_key) return print('Adding partitions for configuration snapshot object key', object_key) ACCOUNT_ID = context.invoked_function_arn.split(':')[4] object_key_parent = 's3://{bucket_name}/{object_key_parent}/'.format( bucket_name=event['Records'][0]['s3']['bucket']['name'], object_key_parent=os.path.dirname(object_key)) configuration_snapshot_accountid = get_configuration_snapshot_accountid(match) configuration_snapshot_region = get_configuration_snapshot_region(match) configuration_snapshot_date = get_configuration_snapshot_date(match) drop_partition(configuration_snapshot_accountid, configuration_snapshot_region, LATEST_PARTITION_VALUE) add_partition(configuration_snapshot_accountid, configuration_snapshot_region, LATEST_PARTITION_VALUE, object_key_parent) add_partition(configuration_snapshot_accountid, configuration_snapshot_region, get_configuration_snapshot_date(match).strftime('%Y-%m-%d'), object_key_parent) def get_configuration_snapshot_object_key_match(object_key): # Matches object keys like AWSLogs/123456789012/Config/us-east-1/2018/4/11/ConfigSnapshot/123456789012_Config_us-east-1_ConfigSnapshot_20180411T054711Z_a970aeff-cb3d-4c4e-806b-88fa14702hdb.json.gz return re.match('^AWSLogs/(\d+)/Config/([\w-]+)/(\d+)/(\d+)/(\d+)/ConfigSnapshot/[^\\\]+$', object_key) def get_configuration_snapshot_accountid(match): print('AccountId:', match.group(1)) return match.group(1) def get_configuration_snapshot_region(match): return match.group(2) def get_configuration_snapshot_date(match): return datetime.date(int(match.group(3)), int(match.group(4)), int(match.group(5))) def add_partition(accountid_partition_value, region_partition_value, dt_partition_value, partition_location): execute_query('ALTER TABLE {table_name} ADD PARTITION {partition} location \'{partition_location}\''.format( table_name=TABLE_NAME, partition=build_partition_string(accountid_partition_value, region_partition_value, dt_partition_value), partition_location=partition_location)) def drop_partition(accountid_partition_value, region_partition_value, dt_partition_value): execute_query('ALTER TABLE {table_name} DROP PARTITION {partition}'.format( table_name=TABLE_NAME, partition=build_partition_string(accountid_partition_value, region_partition_value, dt_partition_value))) def build_partition_string(accountid_partition_value, region_partition_value, dt_partition_value): return "(accountid='{accountid_partition_value}', dt='{dt_partition_value}', region='{region_partition_value}')".format( accountid_partition_value=accountid_partition_value, dt_partition_value=dt_partition_value, region_partition_value=region_partition_value) def execute_query(query): print('Executing query:', query) query_output_location = 's3://aws-athena-query-results-{account_id}-{region}'.format( account_id=ACCOUNT_ID, region=os.environ['AWS_REGION']) start_query_response = athena.start_query_execution( QueryString=query, QueryExecutionContext={ 'Database': DATABASE_NAME }, ResultConfiguration={ 'OutputLocation': query_output_location, } ) print('Query started') is_query_running = True while is_query_running: get_query_execution_response = athena.get_query_execution( QueryExecutionId=start_query_response['QueryExecutionId'] ) query_state = get_query_execution_response['QueryExecution']['Status']['State'] is_query_running = query_state in ('RUNNING','QUEUED') if not is_query_running and query_state != 'SUCCEEDED': raise Exception('Query failed') print('Query completed') ``` **sample query tried:** ``` CREATE OR REPLACE VIEW v_config_ec2_vpcs AS SELECT DISTINCT "accountId" "633328536665" , "region" "us-east-1" , "configurationItem"."resourceid" "ResourceId" , "configurationItem"."tags"['name'] "TagName" , "json_extract_scalar"("configurationItem"."configuration", '$.isdefault') "IsDefault" , "json_extract_scalar"("configurationItem"."configuration", '$.cidrblockassociationset[0].cidrblock') "CidrBlock0" , "json_extract_scalar"("configurationItem"."configuration", '$.cidrblockassociationset[1].cidrblock') "CidrBlock1" , "json_extract_scalar"("configurationItem"."configuration", '$.cidrblockassociationset[2].cidrblock') "CidrBlock2" , "json_extract_scalar"("configurationItem"."configuration", '$.cidrblockassociationset[3].cidrblock') "CidrBlock3" , "json_extract_scalar"("configurationItem"."configuration", '$.cidrblockassociationset[4].cidrblock') "CidrBlock4" FROM default.aws_config_configuration_snapshot CROSS JOIN UNNEST("configurationitems") t (configurationItem) WHERE (("dt" = 'latest') AND ("configurationItem"."resourcetype" = 'AWS::EC2::VPC')) ``` It is not able to get the data from the S3 bucket for all the AWS account for some reason(only the data for the current account the data is queried.). I have checked the s3 bucket policy and it is set up as per the given below solution. Solution referred: * https://aws.amazon.com/blogs/mt/visualizing-aws-config-data-using-amazon-athena-and-amazon-quicksight/ * https://aws.amazon.com/blogs/mt/how-to-query-your-aws-resource-configuration-states-using-aws-config-and-amazon-athena/ Thanks and Regards, Mahesh B.
0
answers
0
votes
66
views
asked a month ago

Status 2/2 failed from amazon side.

Hi team, One of our servers was down yesterday with a 2/2 status failed caused by Amazone. Due to which we are also unable to log in, I have tried multiple troubleshooting steps, such as starting, stopping, rebooting, enabling details monitoring, and collecting system logs, but it appears that we are unable to recover the instance at this time. I have also tried to increase server resources for a time being, but this did not solve the problem. Please help me to recover this issue also please follow the below logs for more details ( Instance type: m5.4xlrage, with 1000GB of gp2) [ 0.000000] Linux version 5.8.0-1038-aws (buildd@lcy01-amd64-016) (gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #40~20.04.1-Ubuntu SMP Thu Jun 17 13:25:28 UTC 2021 (Ubuntu 5.8.0-1038.40~20.04.1-aws 5.8.18) [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-5.8.0-1038-aws root=PARTUUID=5198cbc0-01 ro console=tty1 console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1 [ 0.000000] KERNEL supported cpus: [ 0.000000] Intel GenuineIntel [ 0.000000] AMD AuthenticAMD [ 0.000000] Hygon HygonGenuine [ 0.000000] Centaur CentaurHauls [ 0.000000] zhaoxin Shanghai [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' [ 0.000000] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 [ 0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format. [ 0.000000] BIOS-provided physical RAM map: [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable [ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x00000000bffe8fff] usable [ 0.000000] BIOS-e820: [mem 0x00000000bffe9000-0x00000000bfffffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000e0000000-0x00000000e03fffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x0000000ff7ffffff] usable [ 0.000000] BIOS-e820: [mem 0x0000000ff8000000-0x000000103fffffff] reserved [ 0.000000] NX (Execute Disable) protection: active [ 0.000000] SMBIOS 2.7 present. [ 0.000000] DMI: Amazon EC2 m5a.4xlarge/, BIOS 1.0 10/16/2017 [ 0.000000] Hypervisor detected: KVM [ 0.000000] kvm-clock: Using msrs 4b564d01 and 4b564d00 [ 0.000000] kvm-clock: cpu 0, msr 124a01001, primary cpu clock [ 0.000000] kvm-clock: using sched offset of 11809202197 cycles [ 0.000003] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns [ 0.000005] tsc: Detected 2199.474 MHz processor [ 0.000602] last_pfn = 0xff8000 max_arch_pfn = 0x400000000 [ 0.000709] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT [ 0.000736] last_pfn = 0xbffe9 max_arch_pfn = 0x400000000 [ 0.006651] check: Scanning 1 areas for low memory corruption [ 0.006703] Using GB pages for direct mapping [ 0.006927] RAMDISK: [mem 0x37715000-0x37b81fff] [ 0.006938] ACPI: Early table checksum verification disabled [ 0.006945] ACPI: RSDP 0x00000000000F8F40 000014 (v00 AMAZON) [ 0.006952] ACPI: RSDT 0x00000000BFFEDCB0 000044 (v01 AMAZON AMZNRSDT 00000001 AMZN 00000001) [ 0.006958] ACPI: FACP 0x00000000BFFEFF80 000074 (v01 AMAZON AMZNFACP 00000001 AMZN 00000001) [ 0.006964] ACPI: DSDT 0x00000000BFFEDD00 0010E9 (v01 AMAZON AMZNDSDT 00000001 AMZN 00000001) [ 0.006968] ACPI: FACS 0x00000000BFFEFF40 000040 [ 0.006971] ACPI: SSDT 0x00000000BFFEF170 000DC8 (v01 AMAZON AMZNSSDT 00000001 AMZN 00000001) [ 0.006975] ACPI: APIC 0x00000000BFFEF010 0000E6 (v01 AMAZON AMZNAPIC 00000001 AMZN 00000001) [ 0.006978] ACPI: SRAT 0x00000000BFFEEE90 000180 (v01 AMAZON AMZNSRAT 00000001 AMZN 00000001) [ 0.006981] ACPI: SLIT 0x00000000BFFEEE20 00006C (v01 AMAZON AMZNSLIT 00000001 AMZN 00000001) [ 0.006985] ACPI: WAET 0x00000000BFFEEDF0 000028 (v01 AMAZON AMZNWAET 00000001 AMZN 00000001) [ 0.006991] ACPI: HPET 0x00000000000C9000 000038 (v01 AMAZON AMZNHPET 00000001 AMZN 00000001) [ 0.006994] ACPI: SSDT 0x00000000000C9040 00007B (v01 AMAZON AMZNSSDT 00000001 AMZN 00000001) [ 0.006997] ACPI: Reserving FACP table memory at [mem 0xbffeff80-0xbffefff3] [ 0.006999] ACPI: Reserving DSDT table memory at [mem 0xbffedd00-0xbffeede8] [ 0.007000] ACPI: Reserving FACS table memory at [mem 0xbffeff40-0xbffeff7f] [ 0.007001] ACPI: Reserving SSDT table memory at [mem 0xbffef170-0xbffeff37] [ 0.007002] ACPI: Reserving APIC table memory at [mem 0xbffef010-0xbffef0f5] [ 0.007003] ACPI: Reserving SRAT table memory at [mem 0xbffeee90-0xbffef00f] [ 0.007004] ACPI: Reserving SLIT table memory at [mem 0xbffeee20-0xbffeee8b] [ 0.007005] ACPI: Reserving WAET table memory at [mem 0xbffeedf0-0xbffeee17] [ 0.007007] ACPI: Reserving HPET table memory at [mem 0xc9000-0xc9037] [ 0.007008] ACPI: Reserving SSDT table memory at [mem 0xc9040-0xc90ba] [ 0.007080] SRAT: PXM 0 -> APIC 0x00 -> Node 0 [ 0.007082] SRAT: PXM 0 -> APIC 0x01 -> Node 0 [ 0.007083] SRAT: PXM 0 -> APIC 0x02 -> Node 0 [ 0.007084] SRAT: PXM 0 -> APIC 0x03 -> Node 0 [ 0.007085] SRAT: PXM 0 -> APIC 0x04 -> Node 0 [ 0.007086] SRAT: PXM 0 -> APIC 0x05 -> Node 0 [ 0.007087] SRAT: PXM 0 -> APIC 0x06 -> Node 0 [ 0.007088] SRAT: PXM 0 -> APIC 0x07 -> Node 0 [ 0.007088] SRAT: PXM 0 -> APIC 0x08 -> Node 0 [ 0.007089] SRAT: PXM 0 -> APIC 0x09 -> Node 0 [ 0.007090] SRAT: PXM 0 -> APIC 0x0a -> Node 0 [ 0.007091] SRAT: PXM 0 -> APIC 0x0b -> Node 0 [ 0.007092] SRAT: PXM 0 -> APIC 0x0c -> Node 0 [ 0.007093] SRAT: PXM 0 -> APIC 0x0d -> Node 0 [ 0.007094] SRAT: PXM 0 -> APIC 0x0e -> Node 0 [ 0.007095] SRAT: PXM 0 -> APIC 0x0f -> Node 0 [ 0.007098] ACPI: SRAT: Node 0 PXM 0 [mem 0x00000000-0xbfffffff] [ 0.007099] ACPI: SRAT: Node 0 PXM 0 [mem 0x100000000-0x103fffffff] [ 0.007112] NUMA: Node 0 [mem 0x00000000-0xbfffffff] + [mem 0x100000000-0xff7ffffff] -> [mem 0x00000000-0xff7ffffff] [ 0.007121] NODE_DATA(0) allocated [mem 0xff7fd5000-0xff7ffefff] [ 0.007503] Zone ranges: [ 0.007504] DMA [mem 0x0000000000001000-0x0000000000ffffff] [ 0.007505] DMA32 [mem 0x0000000001000000-0x00000000ffffffff] [ 0.007507] Normal [mem 0x0000000100000000-0x0000000ff7ffffff] [ 0.007508] Device empty [ 0.007509] Movable zone start for each node [ 0.007513] Early memory node ranges [ 0.007514] node 0: [mem 0x0000000000001000-0x000000000009efff] [ 0.007515] node 0: [mem 0x0000000000100000-0x00000000bffe8fff] [ 0.007516] node 0: [mem 0x0000000100000000-0x0000000ff7ffffff] [ 0.007522] Initmem setup node 0 [mem 0x0000000000001000-0x0000000ff7ffffff] [ 0.007827] DMA zone: 28770 pages in unavailable ranges [ 0.013325] DMA32 zone: 23 pages in unavailable ranges [ 0.128485] ACPI: PM-Timer IO Port: 0xb008 [ 0.128498] ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1]) [ 0.128538] IOAPIC[0]: apic_id 0, version 17, address 0xfec00000, GSI 0-23 [ 0.128541] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level) [ 0.128543] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) [ 0.128545] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level) [ 0.128546] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level) [ 0.128551] Using ACPI (MADT) for SMP configuration information [ 0.128553] ACPI: HPET id: 0x8086a201 base: 0xfed00000 [ 0.128562] smpboot: Allowing 16 CPUs, 0 hotplug CPUs [ 0.128591] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff] [ 0.128593] PM: hibernation: Registered nosave memory: [mem 0x0009f000-0x0009ffff] [ 0.128594] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000effff] [ 0.128595] PM: hibernation: Registered nosave memory: [mem 0x000f0000-0x000fffff] [ 0.128597] PM: hibernation: Registered nosave memory: [mem 0xbffe9000-0xbfffffff] [ 0.128598] PM: hibernation: Registered nosave memory: [mem 0xc0000000-0xdfffffff] [ 0.128598] PM: hibernation: Registered nosave memory: [mem 0xe0000000-0xe03fffff] [ 0.128599] PM: hibernation: Registered nosave memory: [mem 0xe0400000-0xfffbffff] [ 0.128600] PM: hibernation: Registered nosave memory: [mem 0xfffc0000-0xffffffff] [ 0.128602] [mem 0xc0000000-0xdfffffff] available for PCI devices [ 0.128604] Booting paravirtualized kernel on KVM [ 0.128607] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645519600211568 ns [ 0.128615] setup_percpu: NR_CPUS:8192 nr_cpumask_bits:16 nr_cpu_ids:16 nr_node_ids:1 [ 0.129248] percpu: Embedded 56 pages/cpu s192512 r8192 d28672 u262144 [ 0.129287] setup async PF for cpu 0 [ 0.129294] kvm-stealtime: cpu 0, msr fb8c2e080 [ 0.129301] Built 1 zonelists, mobility grouping on. Total pages: 16224626 [ 0.129302] Policy zone: Normal [ 0.129304] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-5.8.0-1038-aws root=PARTUUID=5198cbc0-01 ro console=tty1 console=ttyS0 nvme_core.io_timeout=4294967295 panic=-1 [ 0.135405] Dentry cache hash table entries: 8388608 (order: 14, 67108864 bytes, linear) [ 0.138445] Inode-cache hash table entries: 4194304 (order: 13, 33554432 bytes, linear) [ 0.138515] mem auto-init: stack:off, heap alloc:on, heap free:off [ 0.267053] Memory: 64693096K/65928732K available (14339K kernel code, 2545K rwdata, 5476K rodata, 2648K init, 4904K bss, 1235636K reserved, 0K cma-reserved) [ 0.267061] random: get_random_u64 called from kmem_cache_open+0x2d/0x410 with crng_init=0 [ 0.267205] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=16, Nodes=1 [ 0.267222] ftrace: allocating 46691 entries in 183 pages [ 0.284648] ftrace: allocated 183 pages with 6 groups [ 0.284772] rcu: Hierarchical RCU implementation. [ 0.284773] rcu: RCU restricting CPUs from NR_CPUS=8192 to nr_cpu_ids=16. [ 0.284775] Trampoline variant of Tasks RCU enabled. [ 0.284775] Rude variant of Tasks RCU enabled. [ 0.284776] Tracing variant of Tasks RCU enabled. [ 0.284777] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies. [ 0.284778] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=16 [ 0.287928] NR_IRQS: 524544, nr_irqs: 552, preallocated irqs: 16 [ 0.288408] random: crng done (trusting CPU's manufacturer) [ 0.433686] Console: colour VGA+ 80x25 [ 0.949504] printk: console [tty1] enabled [ 1.196291] printk: console [ttyS0] enabled [ 1.200429] ACPI: Core revision 20200528 [ 1.204793] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 30580167144 ns [ 1.213129] APIC: Switch to symmetric I/O mode setup [ 1.217629] Switched APIC routing to physical flat. [ 1.223344] ..TIMER: vector=0x30 apic1=0 pin1=0 apic2=-1 pin2=-1 [ 1.228384] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x1fb441f3908, max_idle_ns: 440795250092 ns [ 1.237533] Calibrating delay loop (skipped) preset value.. 4398.94 BogoMIPS (lpj=8797896) [ 1.241533] pid_max: default: 32768 minimum: 301 [ 1.245565] LSM: Security Framework initializing [ 1.249543] Yama: becoming mindful. [ 1.253557] AppArmor: AppArmor initialized [ 1.257659] Mount-cache hash table entries: 131072 (order: 8, 1048576 bytes, linear) [ 1.261614] Mountpoint-cache hash table entries: 131072 (order: 8, 1048576 bytes, linear) [ 1.266288] Last level iTLB entries: 4KB 1024, 2MB 1024, 4MB 512 [ 1.269534] Last level dTLB entries: 4KB 1536, 2MB 1536, 4MB 768, 1GB 0 [ 1.273534] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization [ 1.277533] Spectre V2 : Mitigation: Full AMD retpoline [ 1.281532] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch [ 1.285533] Speculative Store Bypass: Vulnerable [ 1.289807] Freeing SMP alternatives memory: 40K [ 1.406501] smpboot: CPU0: AMD EPYC 7571 (family: 0x17, model: 0x1, stepping: 0x2) [ 1.409675] Performance Events: Fam17h+ core perfctr, AMD PMU driver. [ 1.413537] ... version: 0 [ 1.417532] ... bit width: 48 [ 1.421532] ... generic registers: 6 [ 1.425532] ... value mask: 0000ffffffffffff [ 1.429532] ... max period: 00007fffffffffff [ 1.433532] ... fixed-purpose events: 0 [ 1.437532] ... event mask: 000000000000003f [ 1.441596] rcu: Hierarchical SRCU implementation. [ 1.446253] smp: Bringing up secondary CPUs ... [ 1.449663] x86: Booting SMP configuration: [ 1.453539] .... node #0, CPUs: #1 [ 0.937207] kvm-clock: cpu 1, msr 124a01041, secondary cpu clock [ 1.455817] setup async PF for cpu 1 [ 1.457530] kvm-stealtime: cpu 1, msr fb8c6e080 [ 1.469534] #2 [ 0.937207] kvm-clock: cpu 2, msr 124a01081, secondary cpu clock [ 1.471039] setup async PF for cpu 2 [ 1.473530] kvm-stealtime: cpu 2, msr fb8cae080 [ 1.481657] #3 [ 0.937207] kvm-clock: cpu 3, msr 124a010c1, secondary cpu clock [ 1.485679] setup async PF for cpu 3 [ 1.489530] kvm-stealtime: cpu 3, msr fb8cee080 [ 1.497656] #4 [ 0.937207] kvm-clock: cpu 4, msr 124a01101, secondary cpu clock [ 1.499437] setup async PF for cpu 4 [ 1.501530] kvm-stealtime: cpu 4, msr fb8d2e080 [ 1.513649] #5 [ 0.937207] kvm-clock: cpu 5, msr 124a01141, secondary cpu clock [ 1.515060] setup async PF for cpu 5 [ 1.517530] kvm-stealtime: cpu 5, msr fb8d6e080 [ 1.525659] #6 [ 0.937207] kvm-clock: cpu 6, msr 124a01181, secondary cpu clock [ 1.529602] setup async PF for cpu 6 [ 1.533530] kvm-stealtime: cpu 6, msr fb8dae080 [ 1.541658] #7 [ 0.937207] kvm-clock: cpu 7, msr 124a011c1, secondary cpu clock [ 1.543028] setup async PF for cpu 7 [ 1.545530] kvm-stealtime: cpu 7, msr fb8dee080 [ 1.553662] #8 [ 0.937207] kvm-clock: cpu 8, msr 124a01201, secondary cpu clock [ 1.558560] setup async PF for cpu 8 [ 1.561530] kvm-stealtime: cpu 8, msr fb8e2e080 [ 1.569799] #9 [ 0.937207] kvm-clock: cpu 9, msr 124a01241, secondary cpu clock [ 1.573726] setup async PF for cpu 9 [ 1.577530] kvm-stealtime: cpu 9, msr fb8e6e080 [ 1.585658] #10 [ 0.937207] kvm-clock: cpu 10, msr 124a01281, secondary cpu clock [ 1.587067] setup async PF for cpu 10 [ 1.589530] kvm-stealtime: cpu 10, msr fb8eae080 [ 1.597671] #11 [ 0.937207] kvm-clock: cpu 11, msr 124a012c1, secondary cpu clock [ 1.602918] setup async PF for cpu 11 [ 1.605530] kvm-stealtime: cpu 11, msr fb8eee080 [ 1.613655] #12 [ 0.937207] kvm-clock: cpu 12, msr 124a01301, secondary cpu clock [ 1.617734] setup async PF fo
1
answers
0
votes
49
views
asked a month ago

IAM poilcy for an user to access Enhanced Monitoring for RDS.

I am trying to create an IAM user that will have least privileges to be able to view enhanced monitoring for a particular RDS database. I have created a ROLE (Enhanced Monitoring) and attached a managed policy to it:'AmazonRDSEnhancedMonitoringRole'. This role is passed to RDS database using the passrole permission. The policy that I am attaching to this IAM user is as below: ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "rds:*", "cloudwatch:GetMetricData", "iam:ListRoles", "cloudwatch:GetMetricStatistics", "cloudwatch:DeleteAnomalyDetector", "cloudwatch:ListMetrics", "cloudwatch:DescribeAnomalyDetectors", "cloudwatch:ListMetricStreams", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:ListDashboards", "ec2:*", "cloudwatch:PutAnomalyDetector", "cloudwatch:GetMetricWidgetImage" ], "Resource": "*" }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "iam:GetRole", "iam:PassRole", "cloudwatch:*" ], "Resource": [ "arn:aws:cloudwatch:*:accountnumber:insight-rule/*", "arn:aws:iam::accountnumber:role/Enhanced-Monitoring", "arn:aws:rds:us-east-1:accountnumber:db:dbidentifier" ] } ] } ``` As you can see, I have given almost every permission to this user, but still I am getting 'Not Authorized' error on the IAM user RDS dashboard for enhanced monitoring, although cloudwatch logs are displaying normally. I am following this guide (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html) for enhanced monitoring of RDS. Refer to example 2 on this page.
1
answers
0
votes
31
views
asked 2 months ago
  • 1
  • 12 / page