First push

Author: awsimaya

.DS_Store

@@ -0,0 +1,38 @@
+import boto3
+import os, json
+from random import random
+
+xray = boto3.client('xray')
+XRAY_RULE_ARN = os.environ['XRAY_RULE_ARN']
+
+def lambda_handler(event, context):
+    success = True
+    rule = get_api_sampling_rule()
+    iserror='false'
+    try:
+        iserror=event['queryStringParameters']['error']
+    except:
+        print("shh.. do not tell anyone!!")
+        
+    if iserror == 'true':
+        success = False
+
+    return {
+        # fail the request randomly to trigger X-Ray rule adjustment
+        "statusCode": 200 if success else 500,
+        "body": json.dumps({
+            "Success" : success,
+            # return the rule definition to the response
+            "SamplingRule": rule
+        }, indent=2)
+    }
+
+def get_api_sampling_rule():
+    response = xray.get_sampling_rules()
+    rules = response.get('SamplingRuleRecords', [])
+    for r in rules:
+        rule = r.get('SamplingRule', {})
+        if rule.get('RuleARN', '') == XRAY_RULE_ARN:
+            return rule
+
+    return None

api/__init__.py

@@ -0,0 +1,96 @@
+from crhelper import CfnResource
+import logging
+import boto3
+import re
+import os
+
+# Initialise the helper, all inputs are optional, this example shows the defaults
+helper = CfnResource(json_logging=False, log_level='DEBUG', boto_level='CRITICAL', sleep_on_delete=120)
+
+try:
+    # Init code goes here
+    client = boto3.client('xray')
+    logger = logging.getLogger(__name__)
+except Exception as e:
+    helper.init_failure(e)
+
+
+@helper.create
+def create(event, context):
+    # Optionally return an ID that will be used for the resource PhysicalResourceId, 
+    # if None is returned an ID will be generated. If a poll_create function is defined 
+    # return value is placed into the poll event as event['CrHelperData']['PhysicalResourceId']
+
+    config = create_configuration(event)
+    config['Version'] = 1
+
+    response = client.create_sampling_rule(SamplingRule=config)
+    return setup_resource_properties_and_return_arn(response)
+
+
+@helper.update
+def update(event, context):
+    # If the update resulted in a new resource being created, return an id for the new resource. 
+    # CloudFormation will send a delete event with the old id when stack update completes
+
+    arn = event['PhysicalResourceId']
+    original_name = deserialize_sampling_rule_name(arn)
+    new_name = event['ResourceProperties']['Name']
+
+    # handle change of the sampling rule's name by creating a new one (name is immutable)
+    if original_name != new_name:
+        return create(event, context)
+
+    config = create_configuration(event)  
+    response = client.update_sampling_rule(SamplingRuleUpdate=config)
+    setup_resource_properties_and_return_arn(response)
+
+
+@helper.delete
+def delete(event, context):
+    # Delete never returns anything. Should not fail if the underlying resources are already deleted.
+    arn = event['PhysicalResourceId']
+    client.delete_sampling_rule(RuleARN=arn)
+
+
+def setup_resource_properties_and_return_arn(response):
+    arn = response['SamplingRuleRecord']['SamplingRule']['RuleARN']
+    name = response['SamplingRuleRecord']['SamplingRule']['RuleName']
+
+    helper.Data["Arn"] = arn
+    helper.Data["Name"] = name
+    return arn
+
+
+def create_configuration(event):
+    props = event['ResourceProperties']
+    
+    return {
+        # required properties
+        'RuleName': props['Name'],
+        'Priority': int(props['Priority']),
+        'FixedRate': float(props['FixedRate']),
+        'ReservoirSize': int(props['ReservoirSize']),
+        # optional properties
+        'ResourceARN': props.get('ResourceARN', '*'),
+        'ServiceName': props.get('ServiceName', '*'),
+        'ServiceType': props.get('ServiceType', '*'),
+        'Host':        props.get('Host', '*'),
+        'HTTPMethod':  props.get('HTTPMethod', '*'),
+        'URLPath':     props.get('URLPath', '*')
+    }
+
+
+def deserialize_sampling_rule_name(physical_id):
+    # parse sampling rule name from ARN
+    pattern = r'^.+?:.+?:.+?:.+?:.+?:sampling-rule\/(.+?)$'
+
+    match = re.search(pattern, physical_id)
+    if match: 
+        return match.group(1)
+    
+    raise ValueError("Invalid sampling rule ARN!")
+
+
+def lambda_handler(event, context):
+    helper(event, context)

api/handler.py

@@ -0,0 +1 @@
+crhelper==2.0.6

api/requirements.txt

@@ -0,0 +1,172 @@
+AWSTemplateFormatVersion: 2010-09-09
+Transform: AWS::Serverless-2016-10-31
+
+Description: X-Ray sampling rule dynamic adjustment
+
+Globals:
+  Function:
+    Tracing: Active
+  Api:
+    TracingEnabled: true
+
+Resources:
+  # Custom X-Ray sampling rule
+  SimpleXRayRule:
+    Type: Custom::XRaySamplingRule
+    Properties:
+      ServiceToken: !Sub '${XRayRuleCustomResourceLambda.Arn}'
+      Name: MyCustomRule
+      Priority: 20
+      FixedRate: 0.05
+      ReservoirSize: 1
+
+  # Custom CFN resource lambda
+  XRayRuleCustomResourceLambda:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: custom_resource/
+      Handler: handler.lambda_handler
+      Runtime: python3.8
+      Role: !Sub '${XRayRuleCustomResourceExecutionRole.Arn}'
+      Timeout: 90
+  XRayRuleCustomResourceExecutionRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: lambda.amazonaws.com
+            Action: sts:AssumeRole
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
+        - arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess
+      Path: /
+      Policies:
+        - PolicyName: LambdaRequiredPermissions
+          PolicyDocument:
+            Version: 2012-10-17
+            Statement:
+              - Effect: Allow
+                Action:
+                  - 'xray:CreateSamplingRule'
+                  - 'xray:UpdateSamplingRule'
+                  - 'xray:DeleteSamplingRule'
+                Resource:
+                  - !Sub >-
+                    arn:aws:xray:${AWS::Region}:${AWS::AccountId}:sampling-rule/*
+
+  # Web API Lambda                  
+  WebApiFunction:
+    Type: AWS::Serverless::Function 
+    Properties:
+      CodeUri: api/
+      Handler: handler.lambda_handler
+      Runtime: python3.8
+      Role: !Sub '${WebApiExecutionRole.Arn}'
+      Environment:
+        Variables: 
+          XRAY_RULE_ARN: !Sub '${SimpleXRayRule.Arn}'
+      Events:
+        HelloWorld:
+          Type: Api
+          Properties:
+            Path: /
+            Method: get
+  WebApiExecutionRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: lambda.amazonaws.com
+            Action: 'sts:AssumeRole'
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
+        - arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess
+      Path: /
+      Policies:
+        - PolicyName: LambdaRequiredPermissions
+          PolicyDocument:
+            Version: 2012-10-17
+            Statement:
+              - Effect: Allow
+                Action:
+                  - 'xray:GetSamplingRules'
+                Resource:
+                  - '*'            
+
+  # X-Ray sampling rule adjuster lambda
+  XRayRuleAdjusterLambda:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: xray_rule_adjuster/
+      Handler: handler.lambda_handler
+      Runtime: python3.8
+      Role: !Sub '${XRayRuleAdjusterExecutionRole.Arn}'
+      Environment:
+        Variables: 
+          XRAY_RULE_ARN: !Sub '${SimpleXRayRule.Arn}' 
+      Timeout: 90
+      Events:
+        Trigges:
+          Type: SNS
+          Properties:
+            Topic:
+              Ref: ApiGatewayNotificationTopic
+  XRayRuleAdjusterExecutionRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: lambda.amazonaws.com
+            Action: 'sts:AssumeRole'
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
+        - arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess
+      Path: /
+      Policies:
+        - PolicyName: LambdaRequiredPermissions
+          PolicyDocument:
+            Version: 2012-10-17
+            Statement:
+              - Effect: Allow
+                Action:
+                  - xray:UpdateSamplingRule
+                Resource:
+                  - !Sub '${SimpleXRayRule.Arn}'        
+
+  # CloudWatch alarm
+  ApiGatewayAlarm:
+    Type: AWS::CloudWatch::Alarm
+    Properties:
+      AlarmDescription: Number of 5xx errors alarm
+      AlarmActions:
+        - Ref: ApiGatewayNotificationTopic
+      OKActions:
+        - Ref: ApiGatewayNotificationTopic
+      MetricName: 5XXError
+      Namespace: AWS/ApiGateway
+      Statistic: Sum
+      Period: 60
+      EvaluationPeriods: 1
+      Threshold: 5
+      ComparisonOperator: GreaterThanThreshold
+      TreatMissingData: 'notBreaching'
+      Dimensions:
+        - Name: ApiName
+          Value:
+            Ref: 'AWS::StackName'
+  ApiGatewayNotificationTopic:
+    Type: AWS::SNS::Topic
+
+Outputs:
+  WebApi:
+    Description: "API Gateway endpoint URL for Prod stage for WebApi function"
+    Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/"