Appendix A: Code Components - Real-Time Insights on AWS Account Activity

Appendix A: Code Components

The Real-Time Insights on AWS Account Activity solution uses three main code components to process and display metrics on the real-time dashboard. The Amazon Kinesis Data Analytics application (RealTimeInsightsAccountActivityApp) runs SQL queries against the in-application streams and emits the results. A JavaScript file (dash.js) populates the chart with the results of the queries, and an HTML file (dash.html) renders the chart on the dashboard in real-time.

The following example shows the SQL, JavaScript, and HTML code for the CallsPreUniqueIp metric.

SQL Query

The SQL query calculates the number of calls, in one minute intervals, based on an IP address. The result is stored in an output in-application stream (DESTINATION_SQL_STREAM) with the name of the metric (CallsPerUniqueIp) and the corresponding values: IP address and count.

CREATE OR REPLACE PUMP "PUMP_FOR_CALLS_PER_IP" AS INSERT INTO "DESTINATION_SQL_STREAM" SELECT eventTimeStamp, 'CallsPerUniqueIp', sip, 'None', 'Sum', callsPerIp FROM ( SELECT STREAM STEP(cloudtraillogs."eventTimestamp" BY INTERVAL '1' MINUTE) eventTimeStamp, COUNT(*) callsPerIp, "sourceIPAddress" sip FROM "SOURCE_SQL_STREAM_001" cloudtraillogs GROUP BY "sourceIPAddress", STEP(cloudtraillogs.ROWTIME BY INTERVAL '1' MINUTE), STEP(cloudtraillogs."eventTimestamp" BY INTERVAL '1' MINUTE));


The JavaScript populates the chart with the calls per unique IP.

var ipParams = retrieveParams("CallsPerUniqueIp", ipQueryTime); docClient.query(ipParams, function(err, data) { if (err) console.log(err); else { ipQueryTime = updateHorizontalBarChart(data, 5, osChart, ipQueryTime, splitFunc); } });

HTML Element

The HTML element renders the CallsPerUniqueIp chart with the results of the SQL query.

<div class="row aws-mb-l"> <div class="col-md-5 col-md-offset-1 col-xs-12"> <div class="x_title"> <h3>Max calls per IP <small> Over last 24 hours </small></h3> </div> <div class="x_content"> <canvas id="maxIpCanvas"></canvas> </div> </div> <div class="col-md-5 col-xs-12"> <div class="x_title"> <h3>Top Calls By IP <small> Over last 1 hour</small></h3> </div> <div class="x_content"> <canvas id="osCanvas"></canvas> </div> </div> </div>