Categorygithub.com/DataReply/alertmanager-sns-forwarder
modulepackage
0.0.0-20200515152958-6136a5aafdd1
Repository: https://github.com/datareply/alertmanager-sns-forwarder.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
20
Dependents
0
Files
304 SLOC

# README

alertmanager-sns-forwarder

Dispatching Panic Across the Organization

Build Status go-doc Go Report Card Docker Hub

Prometheus Alertmanager Webhook Receiver for forwarding alerts to AWS SNS. Inspired by https://github.com/inCaller/prometheus_bot.

Compile

As a Docker image:

docker build -t alertmanager-sns-forwarder:0.1 .

Or as local binary:

export GOPATH="your go path"
make all

GOPATH related doc.

Usage

  1. Build the Docker image.

  2. Deploy, preferably on K8s (yaml provided in folder deploy).

  3. Configure Alertmanager.

AWS SDK Configuration

The app uses the AWS SDK for Go, so it's necessary to configure it according to the docs. Specifically this means setting a region and providing credentials.

The region should be set by:

  • Setting the AWS_REGION environment variable to the default region.
  • Setting the AWS_SDK_LOAD_CONFIG environment variable to true to get the region value from the config file in the .aws/ folder in your home directory.

Alternatively, if you provide the ARN prefix argument (described in the next section), the region will be parsed from the prefix and it's not necessary to provide it.

Accordingly, you can provide credentials by:

  • Using IAM roles for Amazon EC2 (recommended if your application is running on an Amazon EC2 instance).
  • Using a shared credentials file.
  • Using environment variables.

Arguments

The app accepts some optional arguments, available as flags or env vars.

FlagEnv VariableDefaultDescription
--addrSNS_FORWARDER_ADDRESS:9087Address on which to listen.
--debugSNS_FORWARDER_DEBUGfalseDebug mode
--arn-prefixSNS_FORWARDER_ARN_PREFIXnot specifiedPrefix to use for SNS topic ARNs. If not specified, will try to be detected automatically.
--sns-subjectSNS_SUBJECTnot specifiedOptional parameter to be used as the "Subject" line when the message is delivered to email endpoints.

Customising messages with template

The app also supports go templating language. The feature was ported from prometheus_bot and you can read more about this functionality in their docs.

The settings for using templates are available as the following flags or env vars.

FlagEnv VariableDefaultDescription
--template-pathSNS_FORWARDER_TEMPLATE_PATHTemplate path
--template-time-zoneSNS_FORWARDER_TEMPLATE_TIME_ZONETemplate time zone
--template-time-out-formatSNS_FORWARDER_TEMPLATE_TIME_OUT_FORMATTemplate time out format
--template-split-tokenSNS_FORWARDER_TEMPLATE_SPLIT_TOKENToken used for split measure label

There are also an example template file along with an example payload json provided.

Endpoints

The app exposes the following HTTP endpoints:

EndpointMethodDescription
/alert/<topic>POSTEndpoint for posting alerts by Alertmanager
/healthGETEndpoint for k8s readiness and liveness probes
/metricsGETEndpoint for Prometheus metrics

Configuring Alertmanager

Alertmanager configuration file:

- name: 'sns-forwarder'
  webhook_configs:
  - send_resolved: True
    url: http://<forwarder_url>/alert/<sns_topic_name>

Replace <forwarder_url> with the correct URL, on K8s using the provided yaml it will be alertmanager-sns-forwarder-svc.default:9087.

Replace <sns_topic_name> by the name of your SNS topic. You can specify the full ARN, or just the topic name, but then you need to do one of the following:

  • deploy the container in AWS, this way the ARN prefix will be detected automatically
  • specify the ARN prefix via a parameter --arn-prefix
  • specify the ARN prefix via an env var SNS_FORWARDER_ARN_PREFIX

N.B make sure to add a trailing colon to the arn prefix e.g --arn-prefix arn:aws:sns:us-east-1:123456789123:

This allows the app to be used for forwarding alerts to multiple SNS topics. The rules for which alerts to send to which topics should be configured in Alertmanager.

Deploying

In order to deploy the app on K8s the yaml file provided in folder deploy can be used. However, the deploy file requires some additional comments.

The app needs the AWS Region information in order to use the AWS SDK. This information is passed using an env variable. In the provided yaml file it's set to eu-central-1.

The app also needs AWS credentials to be able to use the AWS SDK to publish data to SNS. This can be achieved in a nice way using an IAM Role. The Role needs the following Policy attached:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sns:Publish",
            "Resource": "<topic_arn>"
        }
    ]
}

If you're planning on publishing to multiple SNS topics, you should define them all as an array in the Resource field. Once the Role is ready, it should be attached to the container. This can be achieved on K8s using kube2iam or kiam via the iam.amazonaws.com/role annotation.

If for some reason this approach is not possbile, you should follow other Best Practices for Managing AWS Access Keys.

Metrics

The app exposes standard Go metrics, instrumented HTTP metrics and the following custom metrics:

NameDescription
forwarder_sns_successful_requests_totalTotal number of successful requests to SNS, with topic name as an additional label.
forwarder_sns_unsuccessful_requests_totalTotal number of unsuccessful requests to SNS, with topic name as an additional label.

Additionally, the K8s deploy yaml file contains a definition of an appropriate Prometheus Service Monitor for scraping these metrics.

# Packages

Package arnutil provides utility functions for AWS ARNs.
Package templateutil contains template functions from prometheus_bot.

# Functions

AlertFormatTemplate applies the template to the Alerts.

# Structs

Alert is a structure for a single Prometheus Alert.
Alerts is a structure for grouping Prometheus Alerts.