Another form of log-watching, this time the Audit logs that Aurora can push to Cloudwatch. It's not all stuff by any means; heck, the example they use is just about failed logins.
In this case, we're reading the Cloudwatch logs for our RDS clusters.
Since Cloudwatch offers filters, in this example we're looking for QUERY commands, since we've turned Server Audit on, and are uploading connects + queries to Cloudwatch. (More information on that in: https://aws.amazon.com/blogs/database/monitoring-amazon-aurora-audit-events-with-amazon-cloudwatch/). Remember to set a cap on it, though then interesting things could be buried.
Why are we doing this? In our case, this gives us a few bits of cool info. Specifically, we can log all the DDL commands that come across our cluster, making sure everything is behaving as expected.
Monday, May 7, 2018
[AWS] Aurora - reading the errorlog files with powershell
Been working on monitoring. For some reason, when you tell Aurora to send errorlogs to Cloudwatch, all it sends are the Audit Logs, which will tell you that code had changed, etc, but doesn't (!?!?!??!!!) actually put your logs in Cloudwatch. I don't understand it, so I built this process to look through logs and return the data. The next step would be to format it and either upload to Cloudwatch manually, or log it, or send email. Whatever works for you. You be you. :D
Thursday, May 3, 2018
[AWS] powershell to patch all Aurora clusters
Pretty basic, but took longer than I figured it would. The catch was figuring out how to look inside the results.
set-awscredentials -accesskey youraccesskey -secretkey yoursecretkey
Get-RDSPendingMaintenanceAction|%{
Submit-RDSPendingMaintenanceAction -ResourceIdentifier $_.ResourceIdentifier -applyaction $_.PendingMaintenanceActionDetails.action -OptInType immediate }
So when you get the results back, it looks like:
PendingMaintenanceActionDetails ResourceIdentifier
------------------------------- ------------------
{Amazon.RDS.Model.PendingMaintenanceAction} arn:aws:rds:us-west-1:xxxxxxxx:cluster:xxxxxx
How do you view what's in that Amazon.RDS object? I have no doubt there's some way to unpack it with powershell, but I'm not sure what that is.
What I did:
Looked at the PoSH module documentation for this cmdlet (Get-RDSPendingMaintenanceAction) to see what it returned:
https://docs.aws.amazon.com/powershell/latest/reference/Index.html
Which says:
PendingMaintenanceActionDetails
ResourceIdentifier
Which, indeed, is what it returned to us.
Now, clicking on the object info from the documentation:
System.Collections.Generic.List<Amazon.RDS.Model.PendingMaintenanceAction>
takes us to:
https://docs.aws.amazon.com/sdkfornet/v3/apidocs/index.html?page=RDS/TRDSResourcePendingMaintenanceActions.html&tocid=Amazon_RDS_Model_ResourcePendingMaintenanceActions)
And THAT page says it has Action, AutoAppliedAfterDate, etc.
When I run
$DataSet = Get-RDSPendingMaintenanceAction
$DataSet.PendingMaintenanceActionDetails
Here's what I get:
Action : system-update
AutoAppliedAfterDate : 1/1/0001 12:00:00 AM
CurrentApplyDate : 5/2/2018 4:41:00 PM
Description : Aurora 1.17.2 release
ForcedApplyDate : 1/1/0001 12:00:00 AM
OptInStatus : immediate
set-awscredentials -accesskey youraccesskey -secretkey yoursecretkey
Get-RDSPendingMaintenanceAction|%{
Submit-RDSPendingMaintenanceAction -ResourceIdentifier $_.ResourceIdentifier -applyaction $_.PendingMaintenanceActionDetails.action -OptInType immediate }
So when you get the results back, it looks like:
PendingMaintenanceActionDetails ResourceIdentifier
------------------------------- ------------------
{Amazon.RDS.Model.PendingMaintenanceAction} arn:aws:rds:us-west-1:xxxxxxxx:cluster:xxxxxx
How do you view what's in that Amazon.RDS object? I have no doubt there's some way to unpack it with powershell, but I'm not sure what that is.
What I did:
Looked at the PoSH module documentation for this cmdlet (Get-RDSPendingMaintenanceAction) to see what it returned:
https://docs.aws.amazon.com/powershell/latest/reference/Index.html
Which says:
PendingMaintenanceActionDetails
ResourceIdentifier
Which, indeed, is what it returned to us.
Now, clicking on the object info from the documentation:
System.Collections.Generic.List<Amazon.RDS.Model.PendingMaintenanceAction>
takes us to:
https://docs.aws.amazon.com/sdkfornet/v3/apidocs/index.html?page=RDS/TRDSResourcePendingMaintenanceActions.html&tocid=Amazon_RDS_Model_ResourcePendingMaintenanceActions)
And THAT page says it has Action, AutoAppliedAfterDate, etc.
When I run
$DataSet = Get-RDSPendingMaintenanceAction
$DataSet.PendingMaintenanceActionDetails
Here's what I get:
Action : system-update
AutoAppliedAfterDate : 1/1/0001 12:00:00 AM
CurrentApplyDate : 5/2/2018 4:41:00 PM
Description : Aurora 1.17.2 release
ForcedApplyDate : 1/1/0001 12:00:00 AM
OptInStatus : immediate
So, now we have the fields we need: what kind of action to take (non optional, and it can be db-update or system-update), and the ResourceIdentifier for the cluster.
Subscribe to:
Posts (Atom)