Real-Time Insights on AWS Account Activity
Real-Time Insights on AWS Account Activity

Appendix B: Customizing the Dashboard

The Real-Time Insights on AWS Account Activity solution dashboard displays a default set of metrics, but you can customize the dashboard to include any metrics from your AWS CloudTrail logs. Follow the step-by-step instructions in this section to add a metric to the dashboard.

For this exercise, you can add the awsRegion metric in the CloudTrail event.

{ "eventVersion": "1.03", "userIdentity": { "type": "IAMUser", "principalId": "111122223333", "arn": "arn:aws:iam::111122223333:user/myUserName", "accountId": "111122223333", "accessKeyId": "AKIAIOSFODNN7EXAMPLE", "userName": "myUserName" }, "eventTime": "2015-08-26T20:46:31Z", "eventSource": "s3.amazonaws.com", "eventName": "GetBucketVersioning", "awsRegion": "us-west-2", "sourceIPAddress": "", "userAgent": "[]", "requestParameters": { "bucketName": "myawsbucket" }, "responseElements": null, "requestID": "07D681279BD94AED", "eventID": "f2b287f3-0df1-4961-a2f4-c4bdfed47657", "eventType": "AwsApiCall", "recipientAccountId": "111122223333" }

Step 1. Add the Metric to the Source Schema

Use this procedure to update the source schema with the new metric. For information on using the Schema Editor, see Working with the Schema Editor in the Amazon Kinesis Data Analytics Developer Guide.

Note

If the custom metric is already added to the Amazon Kinesis Data Analytics application’s in-application input stream, skip to Step 2.

  1. Sign in to the AWS Management Console and open the Amazon Kinesis Data Analytics console.

  2. Select the RealTimeInsightsAccountActivityApp application from the list.

  3. Under Real-Time Analytics, choose Go to SQL results.

  4. On the Source data tab, choose Edit schema.

  5. Choose + Add column and enter the following:

    • For Column name, enter awsRegion.

    • For Column type, enter VARCHAR.

    • For Length, enter 64.

    • For Row path, enter $.detail.awsRegion.

  6. Choose Save schema and update stream samples.

  7. To verify that you added the metric correctly, choose Go to SQL results and verify that the Source data tab shows the new column (awsRegion) and an applicable value.

Step 2. Modify the Application’s SQL Code

Use this procedure to update the application’s code with the new SQL statement. For information on using the SQL Editor, see Working with the SQL Editor in the Amazon Kinesis Data Analytics Developer Guide.

  1. On the Kinesis Data Analytics application’s SQL Editor page, select the Real-time analytics tab.

  2. Add the following SQL statement

    CREATE OR REPLACE PUMP "PUMP_FOR_CALLS_BY_REGION" AS INSERT INTO "DESTINATION_SQL_STREAM" SELECT eventTimeStamp, 'CallsPerRegion', "awsRegion" , 'None', 'Sum', callsPerRegion FROM ( SELECT STREAM STEP(cloudtraillogs."eventTimestamp" BY INTERVAL '10' SECOND) as eventTimeStamp, COUNT(*) callsPerRegion, "awsRegion" FROM "SOURCE_SQL_STREAM_001" cloudtraillogs GROUP BY "awsRegion", STEP(cloudtraillogs.ROWTIME BY INTERVAL '10' SECOND), STEP(cloudtraillogs."eventTimestamp" BY INTERVAL '10' SECOND));

    This SQL statement creates a new metric (CallsPerRegion) that stores the number of API calls per AWS Region with the associated region value in the Amazon DynamoDB table.

  3. Select Save and run SQL.

Step 3. Update the JavaScript Code

The solution creates an Amazon Simple Storage Service (Amazon S3) bucket with a js folder that contains a dash.js file with the JavaScript code that populates the charts with metrics. To populate the new chart with metrics, download the dash.js file and follow the step-by-step instructions to modify the JavaScript.

  1. Declare the variables and parameters. For this exercise, add the bold JavaScript to the dash.js file.

    var serviceCallChartData = {'labels': [], 'times': [], 'values': {}} var serviceCallQueryTime = getTimeSecsAgo(15*60, currentTime); var serviceCallChart = generateLineChart("callsByServiceCanvas", "No of service calls"); var regionCallChartData = {'labels': [], 'times': [], 'values': {}} var regionCallQueryTime = getTimeSecsAgo(15*60, currentTime); var regionCallChart = generateLineChart("callsByRegionCanvas", "No of region calls");
  2. Modify the updateDashboard function. Add the bold JavaScript to the function.

    while(isInFastUpdate); isInSlowUpdate = true; docClient.query(serviceTypeParams, function(err, data) { if (err) console.log(err); else { serviceCallChartData = updateLineChart(data, serviceCallChartData, serviceCallChart, splitFunc) ; } }); var awsRegionParams = retrieveParams("CallsPerRegion", regionCallQueryTime); docClient.query(awsRegionParams, function(err, data) { if (err) console.log(err); else { regionCallChartData = updateLineChart(data, regionCallChartData, regionCallChart, splitFunc); } });
  3. Modify the fastUpdate function. Add the following JavaScript to the function.

    while(isInSlowUpdate); isInFastUpdate = true; docClient.query(regionParams, function(err, data) { if (err) console.log(err); else { serviceCallQueryTime = fastUpdateLineChart(data, serviceCallChartData, serviceCallChart, serviceCallQueryTime, splitFunc) ; } }); var regionParams = retrieveParams("CallsPerRegion", regionCallQueryTime); docClient.query(serviceTypeParams, function(err, data) { if (err) console.log(err); else { regionCallQueryTime = fastUpdateLineChart(data, regionCallChartData, regionCallChart, regionCallQueryTime, splitFunc) ; } });
  4. Upload the modified dash.js file to the solution’s Amazon S3 bucket.

Step 4. Update the Website Assets

In the Amazon S3 bucket with the JavaScript, there is a file (dash.html)that contains all the HTML elements that render charts on the dashboard. To add a new chart, download the dash.html file, modify the HTML, and upload the modified file to the Amazon S3 bucket. You can replace the row of an existing chart with the new row, or add the new row to the end of the file.

For this exercise, add the bold HTML element to the dash.html file.

<div class="row aws-mb-l"> <div class="col-md-5 col-md-offset-1 col-xs-12"> <div class="x_title"> <h3>Calls per AWS region <small> Over the last hour </small></h3> </div> <div class="x_content"> <canvas id="callsByRegionCanvas"/> </div> </div> <div class="col-xs-5 col-xs-offset-1 col-xs-12"> <div class="x_title"> <h3>EC2 Calls <small> over the last hour </small></h3> </div> <div class="x_content"> <canvas id="callsByEC2Canvas"/> </div> </div> </div>

After you upload the modified dash.html file to the Amazon S3 bucket, open the dashboard in a browser and verify the new chart shows metrics.


        Real-Time Insights on AWS Account Activity calls per region chart

Figure 2. Calls per AWS Region chart