We use cookies or similar technologies to personalize your online experience and tailor marketing to you. Many of our product features require cookies to function properly. Your use of this site and online product constitutes your consent to these personalization technologies. Read our Privacy Policy to find out more.

X

Getting AWS SNS Events into Honeycomb

Honeycomb provides an agentless integration for ingesting SNS Events . The integration runs as one or more Lambda functions, subscribed to your SNS topics. If you have an existing event pipeline with SNS, you can get better observability in just a few minutes by integrating Honeycomb!

The source is available on Github and instructions for getting started are provided here. Do you have a use case not covered here? Please open an issue.

Prerequisites

You will need permission to deploy a Cloudformation stack with an IAM role in your AWS account.

Install

To install, use one of the AWS Cloudformation Quick-Create links below. These links will launch the AWS Cloudformation console with the appropriate template and steer you through the installation process.

Cloudformation Stack Creation

Generic JSON Integration

This integration accepts event data with arbitrary JSON. Many AWS services generate events that are JSON-structured. If you are sending JSON-based events to your SNS topic, this will work as well. Click Here

You will need to provide the following parameters:

Optionally, you can supply:

Encrypting Your API Key

When installing the integration, you must supply your Honeycomb API Key via Cloudformation parameter. Cloudformation parameters are not encrypted, and are plainly viewable to anyone with access to your Cloudformation stacks or Lambda functions. For this reason, we strongly recommend that your Honeycomb API Key be encrypted. To encrypt your key, use AWS’s KMS service.

First, you’ll need to create a KMS key if you don’t have one already. The default account keys are not suitable for this use case.

$ aws kms create-key --description "used to encrypt secrets"
{
    "KeyMetadata": {
        "AWSAccountId": "123455678910",
        "KeyId": "a38f80cc-19b5-486a-a163-a4502b7a52cc",
        "Arn": "arn:aws:kms:us-east-1:123455678910:key/a38f80cc-19b5-486a-a163-a4502b7a52cc",
        "CreationDate": 1524160520.097,
        "Enabled": true,
        "Description": "used to encrypt Honeycomb secrets",
        "KeyUsage": "ENCRYPT_DECRYPT",
        "KeyState": "Enabled",
        "Origin": "AWS_KMS",
        "KeyManager": "CUSTOMER"
    }
}
$ aws kms create-alias --alias-name alias/secrets_key --target-key-id=a38f80cc-19b5-486a-a163-a4502b7a52cc

Now you’re ready to encrypt your Honeycomb API Key:

$ aws kms encrypt --key-id=a38f80cc-19b5-486a-a163-a4502b7a52cc --plaintext "thisismyhoneycombkey"
{
    "CiphertextBlob": "AQICAHge4+BhZ1sURk1UGUjTZxmcegPXyRqG8NCK8/schk381gGToGRb8n3PCjITQPDKjxuJAAAAcjBwBgkqhkiG9w0BBwagYzBhAgEAMFwGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM0GLK36ChLOlHQiiiAgEQgC9lYlR3qvsQEhgILHhT0eD4atgdB7UAMW6TIAJw9vYsPpnbHhqhO7V8/mEa9Iej+g==",
    "KeyId": "arn:aws:kms:us-east-1:702835727665:key/a38f80cc-19b5-486a-a163-a4502b7a52cc"
}

Record the CiphertextBlob and the last part of the Key ID (example: a38f80cc-19b5-486a-a163-a4502b7a52cc) - this is what you’ll pass to the Cloudformation templates.

Troubleshooting

Integration Logs

The SNS integration is just a normal Lambda function, which means you can see its metrics and log messages from the Lambda Console. Look for functions starting with SNSLambdaHandler. From there, you can view error rate, latency, and Cloudwatch logs.

Updating/Redeploying

If you are trying to pick up a newer version of the integration, or have misconfigured an existing installation, it is better to completely delete the CFN stack and re-create it using the quick-create links.

Advanced Use

Quick-create links are great for getting started, but if you have an existing workflow for configuring infrastructure, you might want to directly configure the Lambdas yourself to suit your needs. We’ve provided example templates for Cloudformation and Terraform in our repository to get you started.