-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathcf-template.yaml
295 lines (289 loc) · 10.5 KB
/
cf-template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
AWSTemplateFormatVersion: '2010-09-09'
Description: CloudFormation template for the New Relic Reports lambda.
Parameters:
#
# URI of the ECR repository for the runner lambda.
#
RunnerECRImageRepo:
Type: String
Description: URI of the ECR repository for the runner lambda.
#
# ECR image tag for the runner lambda.
#
RunnerECRImageTag:
Type: String
Description: ECR image tag for the runner lambda.
#
# ARN of the execution role the runner lambda will assume to access other
# AWS services.
#
# Used during deployment.
#
RunnerExecRoleArn:
Type: String
Description: ARN of the execution role the runner lambda will assume to access other AWS services.
AllowedPattern: 'arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+'
#
# Name of the runner lambda function.
#
# Used during deployment.
#
RunnerFunctionName:
Type: String
Description: Name of the lambda function.
Default: RunNewRelicReport
#
# Timeout (in seconds) for the runner lambda function.
#
# Used during deployment.
#
RunnerFunctionTimeout:
Type: Number
Description: Timeout (in seconds) for the lambda function.
MinValue: 1
MaxValue: 900
Default: 60
#
# Memory size for the runner lambda function.
#
# Used during deployment.
#
RunnerFunctionMemorySize:
Type: Number
Description: Memory size for the lambda function.
MinValue: 128
MaxValue: 10240
Default: 256
#
# New Relic account ID.
#
# Used at runtime by the New Relic AWS lambda extension.
# See https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/enable-lambda-monitoring/account-linking/#env-var
#
NRAccountId:
Type: String
Description: Your New Relic account ID; necessary for distributed tracing.
AllowedPattern: '[0-9]+'
#
# New Relic license key. Defaults to empty but either this or the
# NRLicenseKeySecret parameter should be specified.
#
# Used at runtime by the New Relic AWS lambda extension.
# NOTE: It is not recommended to use this. Instead, specify a secret ARN via
# the NRLicenseKeySecret parameter.
# See https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/enable-lambda-monitoring/account-linking/#env-var
#
NRLicenseKey:
Type: String
Description: Your New Relic license key.
AllowedPattern: '[a-zA-Z0-9\-_]*'
Default: ''
#
# Name of an AWS Secrets Manager secret containing your New Relic license key.
# The secret must contain a 'LicenseKey' property for the license key.
# Defaults to empty but either this or the NRLicenseKey should be specified.
#
# Used at runtime by the New Relic AWS lambda extension.
# See https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/enable-lambda-monitoring/account-linking/#env-var
#
NRLicenseKeySecret:
Type: String
Description: ID (name or ARN) of an AWS Secrets Manager secret containing your New Relic license key.
AllowedPattern: '(^$)|(^arn:(aws[a-zA-Z-]*)?:secretsmanager:.+:\d{12}:secret:[a-zA-Z0-9/_+=\.@\-]+$)'
Default: ''
#
# Log level for the New Relic AWS lambda extension. Defaults to 'INFO'.
#
# Used at runtime by the New Relic AWS lambda extension.
# See https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/enable-lambda-monitoring/account-linking/#env-var
#
NRLogLevel:
Type: String
Description: Log level for the New Relic Lamba extension.
Default: INFO
AllowedValues:
- INFO
- DEBUG
#
# New Relic Region. May be US or EU.
#
NRRegion:
Type: String
Description: New Relic region.
AllowedValues:
- US
- EU
Default: US
#
# Region used for AWS API calls to RDS, S3, and Secrets Manager. Defaults to
# 'us-east-1'.
#
#AwsRegion:
# Type: String
# Description: AWS region used for AWS API calls (RDS/S3/Secretmanager).
# AllowedPattern: '[a-zA-Z0-9._\-]*'
# Default: 'us-east-1'
#
# Name of an AWS Secrets Manager secret containing the customer secret
# data. This is only required when used in conjuction with the New Relic AWS
# Reports Stack. It should not be set otherwise.
#
# NOTE: The Secret value must be a JSON string of key/value pairs. Binary
# secrets are not supported.
#
# See https://github.com/newrelic/nr-reports?tab=readme-ov-file#the-scheduler-lambda-secret
# for more details.
#
SecretName:
Type: String
Description: ID (name or ARN) of a Secret containing the customer secret data.
AllowedPattern: '[a-zA-Z0-9/_+=\.@\-]*'
Default: ''
#
# New Relic User API key used for GraphQL Nerdstorage queries and mutations.
#
# NOTE: It is not recommended to use this. Instead, specify a secret ARN via
# the UserApiKeySecret parameter.
#
UserApiKey:
Type: String
Description: The New Relic User API key to use.
AllowedPattern: '[a-zA-Z0-9._\-]*'
Default: ''
#
# Name or ARN of an AWS Secrets Manager secret containing a New Relic User API
# key used for GraphQL Nerdstorage queries and mutations. By default, the
# secret must contain a 'UserApiKey' property for the API key. A different key
# can be specified by the UserApiKeySecretKey parameter.
#
# NOTE: The Secret value must be a JSON string of key/value pairs. Binary
# secrets are not supported.
#
UserApiKeySecret:
Type: String
Description: ID (name or ARN) of a Secret containing the New Relic User API key.
AllowedPattern: '(^$)|(^arn:(aws[a-zA-Z-]*)?:secretsmanager:.+:\d{12}:secret:[a-zA-Z0-9/_+=\.@\-]+$)'
Default: ''
#
# Key to be used for looking up the User API key in the secret specified by
# the UserApiKeySecret parameter. Defaults to 'UserApiKey'.
#
UserApiKeySecretKey:
Type: String
Description: Key of key/value pair containing the User API key.
AllowedPattern: '[a-zA-Z0-9/!\-_.*()]+'
Default: 'UserApiKey'
#
# Log level for the lambda functions. Note that this is separate from the
# NRLogLevel which specifies the level for the New Relic lambda extension.
# Defaults to 'INFO'.
#
LogLevel:
Type: String
Description: Log level for the lambda (not the extension).
Default: INFO
AllowedValues:
- INFO
- VERBOSE
- DEBUG
#
# Manifest file. If a source bucket is also specified, this value will be
# treated as a bucket key in the source bucket and resolved against the bucket.
# If no source bucket is specified, this value will be resolved against the
# local filesystem of the running container.
#
ManifestFile:
Type: String
Description: Name of the manifest file to load.
Default: ''
#
# Dashboard GUIDs. If specified, a comma delimited string of dashboard entity
# GUIDs to render. If a manifest file is specified, this value is ignored.
#
DashboardIds:
Type: String
Description: Comma delimited list of dashboard GUIDs.
Default: ''
#
# Channel IDs. If specified, a comma delimited string of channel identifiers.
# This value is ignored if a manifest file is specified.
#
ChannelIds:
Type: String
Description: Comma delimited List of channel IDs to which report outputs are sent.
Default: ''
#
# S3 source bucket. If a manifest file is specified or if the default
# manifest file is being used, the manifest file will be resolved against this
# bucket. If the S3_DEST_BUCKET environment variable is not specified, the
# source bucket is also used as the destination bucket for any 's3' channels
# that do not specify a destination bucket.
#
S3SourceBucket:
Type: String
Description: S3 source bucket.
AllowedPattern: '([a-z0-9][a-z0-9.\-]+[a-z0-9])?'
Default: ''
#
# S3 destination bucket. This bucket is used for any 's3' channels that do not
# specify a destination bucket.
#
S3DestBucket:
Type: String
Description: S3 destination bucket.
AllowedPattern: '([a-z0-9][a-z0-9.\-]+[a-z0-9])?'
Default: ''
Conditions:
IsRegionEU: !Equals [!Ref "NRRegion", "EU"]
Resources:
#
# The report runner.
#
NrReportRunnerLambda:
Type: AWS::Lambda::Function
Properties:
PackageType: Image
Code:
ImageUri: !Sub ${RunnerECRImageRepo}:${RunnerECRImageTag}
Role: !Ref RunnerExecRoleArn
Description: A lambda for generating custom New Relic reports.
FunctionName: !Ref RunnerFunctionName
Timeout: !Ref RunnerFunctionTimeout
MemorySize: !Ref RunnerFunctionMemorySize
Environment:
Variables:
# New Relic Lambda Extension variables
# https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/enable-lambda-monitoring/account-linking/#env-var
NEW_RELIC_LAMBDA_HANDLER: nr-reports-lambda/lambda.handler
NEW_RELIC_LAMBDA_EXTENSION_ENABLED: true
NEW_RELIC_EXTENSION_SEND_FUNCTION_LOGS: true
NEW_RELIC_EXTENSION_LOG_LEVEL: !Ref NRLogLevel
NEW_RELIC_ACCOUNT_ID: !Ref NRAccountId
NEW_RELIC_HOST: !If [IsRegionEU, 'collector.eu.newrelic.com', 'collector.newrelic.com']
NEW_RELIC_LOG_ENDPOINT: !If [IsRegionEU, 'https://log-api.eu.newrelic.com/log/v1', 'https://log-api.newrelic.com/log/v1']
NEW_RELIC_TELEMETRY_ENDPOINT: !If [IsRegionEU, 'https://cloud-collector.eu01.nr-data.net/aws/lambda/v1', 'https://cloud-collector.newrelic.com/aws/lambda/v1']
#
# By default the extension will read the license key from a secret
# named NEW_RELIC_LICENSE_KEY which is setup when you install the
# Lambda integration using the newrelic-lamda CLI. Alternately...
#
# Uncomment to specify your license key manually (not recommended)
#NEW_RELIC_LICENSE_KEY: !Sub ${NRLicenseKey}
#
# Name of an AWS Secrets Manager secret containing your New Relic
# license key. The extension will read from a secret named
# NEW_RELIC_LICENSE_KEY by default.
NEW_RELIC_LICENSE_KEY_SECRET: !Ref NRLicenseKeySecret
# Lambda environment variables
#AWS_REGION: !Sub ${AwsRegion}
SECRET_NAME: !Ref SecretName
USER_API_KEY: !Ref UserApiKey
USER_API_KEY_SECRET: !Ref UserApiKeySecret
USER_API_KEY_SECRET_KEY: !Ref UserApiKeySecretKey
LOG_LEVEL: !Ref LogLevel
NEW_RELIC_REGION: !Ref NRRegion
MANIFEST_FILE: !Ref ManifestFile
DASHBOARD_IDS: !Ref DashboardIds
CHANNEL_IDS: !Ref ChannelIds
S3_SOURCE_BUCKET: !Ref S3SourceBucket
S3_DEST_BUCKET: !Ref S3DestBucket