Installing the Agent on AWS

Instana will collect your AWS metrics, traces and metadata through a dedicated agent which you give the permissions to collect those things.

There are three installation options:

  1. For your convenience, we provide an AMI to spawn new instances of the agent to get started quickly. Please see Installation inside your AWS infrastructure with AMI below for more details.

  2. Alternatively you can also configure any agent running on any existing AWS instance to monitor your AWS services. Please see Installation inside your AWS infrastructure without AMI below for more details.

  3. Last but not least, you can even configure an agent instance running anywhere with access to Amazons API to collect the data. Please see Installation outside your AWS infrastructure below for more details.

Please note: you will need one agent per every region you want to monitor.

Installation inside your AWS infrastructure with AMI

While we use Amazon’s console to describe the installation process, you could easily achieve the same with whatever the tool you use to provision your Amazon EC2 instances.

Selecting the Instana AMI

Go to the AMI section of your EC2 dashboard and look for the Instana AMI (please contact us for access). Select the AMI and click Launch.

1 AMIGeneralOverview

NOTE: You will need to provision a new EC2 instance per every region you want to monitor.

Selecting instance type

Now we will need to select the type of instance we want to spawn.

2 InstanceType

The recommended instance type is a Current Generation General Purpose machine (for example, the m4.large).

A note on cost

Monitoring your AWS infrastructure will incur some additional costs into your AWS bugdet. Here is a rough estimate (assuming a m4.large instance):

  • EC2 Instance: $0.12 per hour * 24 hours = $2.88 per day
  • Discovery: Number of AWS supported services * (3 discover ticks per minute * 60 minutes * 24 hours) = 4320 * Number of AWS supported services calls to the AWS API
  • Cloud Watch Metrics: Number of AWS detected services * (1 request per minute * 60 minutes * 24 hours) * Number of metrics = 1440 * Number of AWS detected services calls to the AWS CloudWatch API * Number of metrics calls to the Cloud Watch API per day

An Example

Let’s use Amazon RDS as an example with two PostgreSQL instances running. We’re currently monitoring 18 different metrics for this service, so:

  • EC2 Instance: $0.12 per hour * 24 hours makes a total $2.88 per day
  • RDS Costs: 1440 requests per day * 2 RDS instances * 18 metrics makes a total of 51,840 requests per day to the AWS CloudWatch API. The current price for the CloudWatch API is $0.01 per 1000 requests so it would make a total of $0.52 per day

The total approximate cost of running an agent installation and monitor two RDS instances would be $3.40 per day

NOTE: This estimate doesn’t include the amount of network traffic transferred across different availability zones

Instance configuration

Next we’ll configure the networking of the instance.

3 AMIDetailsUserData

You will need to provide the following information:

  • IAM Role: allows the agent to discover and monitor your AWS resources. Below you can find the necessary role configuration:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": [
                    "dynamodb:ListTables",
                    "dynamodb:DescribeTable",
                    "dynamodb:ListTagsOfResource",
                    "rds:Describe*",
                    "rds:ListTagsForResource",
                    "sqs:ListQueues",
                    "sqs:GetQueueAttributes",
                    "sqs:ListQueueTags",
                    "elasticache:ListTagsForResource",
                    "elasticache:DescribeCacheClusters",
                    "elasticache:DescribeEvents",
                    "elasticloadbalancing:DescribeLoadBalancers",
                    "elasticloadbalancing:DescribeTags",
                    "es:ListDomainNames",
                    "es:DescribeElasticsearchDomain",
                    "es:ListTags",
                    "ec2:DescribeInstances",
                    "ec2:DescribeTags",
                    "ec2:DescribeVolumes",
                    "kinesis:ListStreams",
                    "kinesis:DescribeStream",
                    "kinesis:ListTagsForStream",
                    "lambda:ListTags",
                    "lambda:ListFunctions",
                    "lambda:ListEventSourceMappings",
                    "lambda:GetFunctionConfiguration",
                    "s3:GetBucketTagging",
                    "s3:ListAllMyBuckets",
                    "s3:GetBucketLocation",
                    "xray:BatchGetTraces",
                    "xray:GetTraceSummaries"
                ],
                "Effect": "Allow",
                "Resource": "*"
            },
            {
                "Action": [
                    "cloudwatch:GetMetricData",
                    "cloudwatch:ListMetrics"
                ],
                "Effect": "Allow",
                "Resource": "*"
            }
        ]
    }
    

    This role needs to be able to perform the AssumeRole action, so, make sure to edit the Trust Relationship with something like the following:

    {
    "Version": "2012-10-17",
    "Statement": [
        {
        "Effect": "Allow",
        "Principal": {
            "Service": "ec2.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
        }
    ]
    }    
    
  • User Data: will be used to configure the Instana agent. The following information is mandatory:

    INSTANA_AGENT_KEY=
    INSTANA_AGENT_HOST=
    INSTANA_AGENT_PORT=

Launching your AMI

The next steps of the wizard will allow you to configure the storage, tags, and security group for the new instance. Once they’re configured according to your infrastructure’s policies you can start the new Instana agent instance.

Installation inside your AWS infrastructure without AMI

If you’re already running agents in AWS but don’t want to use the Instana AMI, you will just need to configure the environment variable

INSTANA_AWS_REGION_CONFIG=

within the instance where want to run the agent that will collect the data. Of course, you will need to make sure that the IAM role with the right permissions is available for that instance.

IMPORTANT NOTE: When running Instana Agent from within AWS (EC2), agent needs to run in the region it monitors and INSTANA_AWS_REGION_CONFIG needs to match same region. Setting INSTANA_AWS_REGION_CONFIG to different region will not work and will cause cross-region AWS API errors.

Installation in a Kubernetes cluster running in AWS

As an example, let’s imagine that you are already running a Kubernetes cluster in Amazon’s cloud. In order to configure the Instana AWS support you would need to:

  • Configure a replicateset of size 1. This replica set will contain the Instana agent installation.
  • Make sure that the INSTANA_AWS_REGION_CONFIG variable is available to the previous installation, so the agent can read it. Note that you will need to deploy one agent per every region you want to monitor.
  • Make sure that the necessary IAM role definition is available so the agent can read it.

Installation outside your AWS infrastructure

You can also dedicate any agent running in your own infrastructure. For this you will need to specify the following environment variables:

  • The region you want to monitor:

    INSTANA_AWS_REGION_CONFIG=
  • The credentials to access AWS resources. Please note that these credentials should belong to a user which is allowed to access the resources already described in the Instance Configuration section.

    AWS_ACCESS_KEY_ID=
    AWS_SECRET_ACCESS_KEY=
  • If you’re using XRay tracing in your applications, you can configure Instana to integrate the traces. You just need to define the following variable:

    XRAY_TRACING_ENABLED=true

The simplest way to configure these variables is to include them in your $AGENT_HOME/bin/setenv file.