NR APM (Application Performance and Monitoring) Stack allows teams to tactically respond to potential issues and strategically investigate their KPIs. It is delivered using OpenSearch hosted on AWS. OpenSearch is a open source search and analytics suite derived from Elasticsearch & Kibana.
This README is for developers deploying NR APM Stack. See our Github site for integration documentation.
OpenSearch documentation is located here:
https://opensearch.org/docs/latest/
For end-users, our training, use cases and testimonials are located here:
https://apps.nrs.gov.bc.ca/int/confluence/x/GaRvBQ
For developers and product owners, our integration documentation is located here:
https://bcdevops.github.io/nr-apm-stack/
This project contains all the source code and supporting files for the APM Stack. It consists of a serverless application for processing documents, a workflow cli for handling maintenance and the AWS SAM template for deploying to AWS.
The CI/CD pipeline uses Github actions to deploy and maintain the product.
To develop, you need the following tools.
- Node.js - Install Node.js 20, including the NPM package management tool.
- Podman (Docker) - Install Podman
If you want to run SAM locally, you will need to install the CLI in addition to the development tools.
- SAM CLI - Install the SAM CLI
The environment variables that SAM uses are documented in the AWS CLI documentation. They can be obtained from the Cloud PathFinder login page and clicking on "Click for Credentials" of the appropriate project/environment.
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN
AWS_DEFAULT_REGION
To build, run the following in your shell:
sam build
After you build, you can do local testing of the Lambda using sam as well as deploying it.
To deploy, run the following in your shell:
sam deploy --guided
For production, running the deployment locally is not recommended.
- AWS_ACCOUNT_NUMBER - The account number for the environment
- AWS_ROLE_TO_ASSUME - The role to assume. This role was manually setup in the account. See: Configuring OpenID Connect in Amazon Web Services
- MAXMIND_LICENSE_KEY - The maxmind geo ip lookup licence. Also in Vault.
To push to Kinesis, you need the arn of the stream (nr-apm-stack-documents) and a role with a policy with permission to push to that stream. The arn is to be kept secret because it contains the account number.
- Infrastructure as Code
- Configuration as Code
- GitOps:
- Describe the entire system declaratively
- Version the canonical desired system state in Git
- Automatically apply approved changes to the desired state
- Ensure correctness and alert on divergence with software agents