cwe-collector

Alert Logic Amazon Web Services (AWS) CloudWatch Events (CWE) Collector.

Overview

This repository contains the AWS CWE JavaScript Lambda function and CloudFormation Template (CFT) for deploying a CW events collector in AWS which will collect and forward CW events to the Alert Logic CloudInsight backend services.

Installation

Refer to CF template readme for installation instructions.

How It Works

Updater Function

The Updater is a timer triggered function that runs a deployment sync operation every 12 hours in order to keep the collector lambda function up to date. The Updater syncs from the Alert Logic S3 bucket where you originally deployed from.

Collector Function

The Collector function is an AWS lambda function which takes CloudWatch events from Kinesis and sends them to the AlertLogic Ingest service data API for further processing.

1. A CloudWatch rule is used to send CloudWatch events to a AWS Kinesis stream.
2. An AWS Event Source Mapping is used to invoke an Alert Logic Collector lambda function to read CloudWatch events from the Kinesis stream.
3. The Alert Logic Collector lambda function reads CloudWatch events from the Kinesis stream and forwards them to the Alert Logic Ingest service data API.

Checkin Trigger

The Checkin Scheduled Event trigger is used to report the health and status of the Alert Logic AWS lambda collector to the Azcollect back-end service based on an AWS Scheduled Event that occurs every 15 minutes.

Local Development

1. Clone repo git clone [email protected]:alertlogic/cwe-collector.git
2. cd cwe-collector
3. Run make compile test package in order to perform code analysis, unit tests and package the lambda function into a zip file.
4. Run make cfn to check CloudFromation templates.

Please use the following code style as much as possible.

Debugging

To get a debug trace, set an Node.js environment variable called DEBUG and specify the JavaScript module/s to debug.

E.g.

export DEBUG=*
export DEBUG=index

Or set an environment variable called "DEBUG" in your AWS stack (using the AWS console) for the "alertlogic-cwe-collector" AWS Lambda function, with value "index" or "*".

See debug for further details.

Known Issues/ Open Questions

• Warning: Do Not add additional envrionment varaibles to config.json as older collectors do not have the permissions to edit their own environment variables. Adding these to teh config file will break updates on older collectors.

Eg. Dont do this: { { "Environment": { "path": "Envrioment.Variables.some_env_var_name", "value": "DO_NOT_DO_THIS" } }

Useful Links

• Alert Logic AIMs service API
• Alert Logic Sources service API
• How to monitor AWS Lambda functions
• Node.js static code analysis tool
• Node.js rewire testing tool
• Node.js sinon testing tool