-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathcf-template.yaml
242 lines (236 loc) · 8.68 KB
/
cf-template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
AWSTemplateFormatVersion: '2010-09-09'
Description: CloudFormation template for the New Relic Reports lambda.
Parameters:
#
# URI of the ECR repository for the scheduler lambda.
#
SchedulerECRImageRepo:
Type: String
Description: URI of the ECR repository for the scheduler lambda.
#
# ECR image tag for the scheduler lambda.
#
SchedulerECRImageTag:
Type: String
Description: ECR image tag for the scheduler lambda.
#
# ARN of the execution role the scheduler lambda will assume to access other
# AWS services.
#
# Used during deployment.
#
SchedulerExecRoleArn:
Type: String
Description: ARN of the execution role the scheduler lambda will assume to access other AWS services.
AllowedPattern: 'arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+'
#
# Name of the scheduler lambda function.
#
# Used during deployment.
#
SchedulerFunctionName:
Type: String
Description: Name of the scheduler lambda function.
Default: NewRelicReportScheduler
#
# Timeout (in seconds) for the scheduler lambda function.
#
# Used during deployment.
#
SchedulerFunctionTimeout:
Type: Number
Description: Timeout (in seconds) for the scheduler lambda function.
MinValue: 1
MaxValue: 900
Default: 60
#
# Memory size for the scheduler lambda function.
#
# Used during deployment.
#
SchedulerFunctionMemorySize:
Type: Number
Description: Memory size for the scheduler lambda function.
MinValue: 128
MaxValue: 10240
Default: 256
#
# New Relic account ID.
#
# Used at runtime by the New Relic AWS lambda extension.
# See https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/enable-lambda-monitoring/account-linking/#env-var
#
NRAccountId:
Type: String
Description: Your New Relic account ID; necessary for distributed tracing.
AllowedPattern: '[0-9]+'
#
# New Relic license key. Defaults to empty but either this or the
# NRLicenseKeySecret parameter should be specified.
#
# Used at runtime by the New Relic AWS lambda extension.
# NOTE: It is not recommended to use this. Instead, specify a secret ARN via
# the NRLicenseKeySecret parameter.
# See https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/enable-lambda-monitoring/account-linking/#env-var
#
NRLicenseKey:
Type: String
Description: Your New Relic license key.
AllowedPattern: '[a-zA-Z0-9\-_]*'
Default: ''
#
# Name of an AWS Secrets Manager secret containing your New Relic license key.
# The secret must contain a 'LicenseKey' property for the license key.
# Defaults to empty but either this or the NRLicenseKey should be specified.
#
# Used at runtime by the New Relic AWS lambda extension.
# See https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/enable-lambda-monitoring/account-linking/#env-var
#
NRLicenseKeySecret:
Type: String
Description: ID (name or ARN) of an AWS Secrets Manager secret containing your New Relic license key.
AllowedPattern: '(^$)|(^arn:(aws[a-zA-Z-]*)?:secretsmanager:.+:\d{12}:secret:[a-zA-Z0-9/_+=\.@\-]+$)'
Default: ''
#
# Log level for the New Relic AWS lambda extension. Defaults to 'INFO'.
#
# Used at runtime by the New Relic AWS lambda extension.
# See https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/enable-lambda-monitoring/account-linking/#env-var
#
NRLogLevel:
Type: String
Description: Log level for the New Relic Lamba extension.
Default: INFO
AllowedValues:
- INFO
- DEBUG
#
# New Relic Region. May be US or EU.
#
NRRegion:
Type: String
Description: New Relic region.
AllowedValues:
- US
- EU
Default: US
#
# Region used for AWS API calls to RDS, S3, and Secrets Manager. Defaults to
# 'us-east-1'.
#
#AwsRegion:
# Type: String
# Description: AWS region used for AWS API calls (RDS/S3/Secretmanager).
# AllowedPattern: '[a-zA-Z0-9._\-]*'
# Default: 'us-east-1'
#
# Name of an AWS Secrets Manager secret containing the customer secret
# data.
#
# NOTE: The Secret value must be a JSON string of key/value pairs. Binary
# secrets are not supported.
#
# See https://github.com/newrelic/nr-reports?tab=readme-ov-file#the-scheduler-lambda-secret
# for more details.
#
SecretName:
Type: String
Description: ID (name or ARN) of a Secret containing the customer secret data.
AllowedPattern: '[a-zA-Z0-9/_+=\.@\-]+'
Default: NewRelicReportsSecret
#
# The schedule group name of the schedule group the scheduler will use to
# create report schedules.
#
ScheduleGroupName:
Type: String
Description: The schedule group name of the schedule group the scheduler will use to create report schedules.
Default: ScheduleGroup
#
# Name of the EventBridge schedule that runs the actual scheduler. This is
# needed so that it can be filtered out when returning schedule names.
#
RunSchedulerScheduleName:
Type: String
Description: Name of the EventBridge schedule that runs the scheduler lambda.
AllowedPattern: '[a-zA-Z0-9/_+=\.@\-]+'
Default: RunSchedule
#
# ARN of the runner lambda. This is used by the eventbridge backend when
# creating schedules.
#
ReportsLambdaArn:
Type: String
Description: ARN of the runner lambda. This is used by the eventbridge backend when creating schedules.
AllowedPattern: 'arn:(aws[a-zA-Z-]*)?:lambda:.+:\d{12}:function:?[a-zA-Z_0-9+=,.@\-_/]+'
#
# ARN of the execution role the event bridge scheduler will assume in order to
# invoke the runner lambda.
#
ReportsLambdaRoleArn:
Type: String
Description: ARN of the execution role the event bridge scheduler will assume in order to invoke the runner lambda.
AllowedPattern: 'arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+'
#
# Log level for the lambda functions. Note that this is separate from the
# NRLogLevel which specifies the level for the New Relic lambda extension.
# Defaults to 'INFO'.
#
LogLevel:
Type: String
Description: Log level for the lambda (not the extension).
Default: INFO
AllowedValues:
- INFO
- VERBOSE
- DEBUG
Conditions:
IsRegionEU: !Equals [!Ref "NRRegion", "EU"]
Resources:
#
# The report scheduler.
#
NrReportSchedulerLambda:
Type: AWS::Lambda::Function
Properties:
PackageType: Image
Code:
ImageUri: !Sub ${SchedulerECRImageRepo}:${SchedulerECRImageTag}
Role: !Ref SchedulerExecRoleArn
Description: A lambda for scheduling New Relic reports.
FunctionName: !Ref SchedulerFunctionName
Timeout: !Ref SchedulerFunctionTimeout
MemorySize: !Ref SchedulerFunctionMemorySize
Environment:
Variables:
# New Relic Lambda Extension variables
# https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/enable-lambda-monitoring/account-linking/#env-var
NEW_RELIC_LAMBDA_HANDLER: nr-reports-scheduler/lambda.handler
NEW_RELIC_LAMBDA_EXTENSION_ENABLED: true
NEW_RELIC_EXTENSION_SEND_FUNCTION_LOGS: true
NEW_RELIC_EXTENSION_LOG_LEVEL: !Ref NRLogLevel
NEW_RELIC_ACCOUNT_ID: !Ref NRAccountId
NEW_RELIC_HOST: !If [IsRegionEU, 'collector.eu.newrelic.com', 'collector.newrelic.com']
NEW_RELIC_LOG_ENDPOINT: !If [IsRegionEU, 'https://log-api.eu.newrelic.com/log/v1', 'https://log-api.newrelic.com/log/v1']
NEW_RELIC_TELEMETRY_ENDPOINT: !If [IsRegionEU, 'https://cloud-collector.eu01.nr-data.net/aws/lambda/v1', 'https://cloud-collector.newrelic.com/aws/lambda/v1']
#
# By default the extension will read the license key from a secret
# named NEW_RELIC_LICENSE_KEY which is setup when you install the
# Lambda integration using the newrelic-lamda CLI. Alternately...
#
# Uncomment to specify your license key manually (not recommended)
#NEW_RELIC_LICENSE_KEY: !Ref NRLicenseKey
#
# Name of an AWS Secrets Manager secret containing your New Relic
# license key. The extension will read from a secret named
# NEW_RELIC_LICENSE_KEY by default.
NEW_RELIC_LICENSE_KEY_SECRET: !Ref NRLicenseKeySecret
# Lambda environment variables
#AWS_REGION: !Ref AwsRegion
SECRET_NAME: !Ref SecretName
SCHEDULE_GROUP_NAME: !Ref ScheduleGroupName
RUN_SCHEDULER_SCHEDULE_NAME: !Ref RunSchedulerScheduleName
REPORTS_LAMBDA_ARN: !Ref ReportsLambdaArn
REPORTS_LAMBDA_ROLE_ARN: !Ref ReportsLambdaRoleArn
LOG_LEVEL: !Ref LogLevel
NEW_RELIC_REGION: !Ref NRRegion