Collector "AWS-DocumentDB" Configuration Manual¶

Before reading this document, please read:

Cloud Integration

Tip

Before using this collector, you must install the "Integration Core Package" and its accompanying third-party dependencies.

1. Configuration Structure¶

The configuration structure of this collector is as follows:

Field	Type	Required	Description
`regions`	list	Required	List of regions to be collected
`regions[#]`	str	Required	Region ID. For example: `'cn-north-1'` See appendix for the complete list

2. Configuration Example¶

Collect instance data from Ningxia and Beijing regions

collector_configs = {
    'regions': [ 'cn-northwest-1', 'cn-north-1' ]
}

3. Data Reporting Format¶

After data is successfully synchronized, you can view the data in the "Infrastructure - Resource Catalog" of TrueWatch.

An example of the reported data is as follows:

{
  "measurement": "aws_documentdb",
  "tags": {
    "AvailabilityZone"          : "cn-north-1a",
    "CACertificateIdentifier"   : "rds-ca-2019",
    "DBClusterIdentifier"       : "docdb-2023-06",
    "DBInstanceArn"             : "arn:aws-cn:rds:cn-north-1:",
    "DBInstanceClass"           : "db.t3.medium",
    "DBInstanceIdentifier"      : "docdb-2023-07",
    "DBInstanceStatus"          : "available",
    "DbiResourceId"             : "db-CKJQ",
    "Engine"                    : "docdb",
    "EngineVersion"             : "3.6.0",
    "KmsKeyId"                  : "arn:aws-cn:kms:cn-north-1:",
    "cloud_provider"            : "aws",
    "name"                      : "docdb-2023-07"
  },
  "fields": {
    "DBSubnetGroup"        : "{}",
    "Endpoint"             : "{\"Address\": \".docdb.cn-north-1.amazonaws.com.cn\", \"HostedZoneId\": \"Z010911BG9\", \"Port\": 27017}",
    "InstanceCreateTime"   : "2023-07-28T05:45:10.004000Z",
    "PendingModifiedValues": "{}",
    "PubliclyAccessible"   : "False",
    "StatusInfos"          : "{}",
    "VpcSecurityGroups"    : "[{\"Status\": \"active\", \"VpcSecurityGroupId\": \"sg-08895f59\"}]",
    "message"              : "{Instance JSON Information}"
  }
}

Note

The fields in tags and fields may change with subsequent updates.

4. IAM Policy Permissions¶

Note

If users use the method of bringing IAM roles to collect resources, certain operation permissions need to be enabled.

This collector requires the following operation permissions:

rds:DescribeDBInstances

Precautions¶

Error Conditions and Solutions for Triggering Tasks¶

AWS client.do_api Error Message: no identity-based policy allows the rds:DescribeDBInstances action

Reason: Permission configuration issue or dependency package version issue.

Solution:

First, determine if the permission rds:DescribeDBInstances has been granted. If it is confirmed that the permission has been granted, please check if the boto3 dependency package version is greater than or equal to 1.28.78. If not, upgrading the dependency package can resolve the issue.

X. Appendix¶

Please refer to the AWS official documentation: