Skip to content

Edda

Jump to bottom
copperlight edited this page Dec 15, 2014 · 26 revisions

Introduction

Netflix/Edda is a caching service for AWS API calls that can help mitigate the effects of throttling. Instead of querying AWS APIs for information about your systems, use Edda.

Caveats

The current Edda docker image is not production ready. This guide will help you get up and running quickly, but take note of the following:

  • Ensure the docker host has the correct time. Communication with the AWS API's require the container to be within 15 minutes of actual.
  • The docker images currently do not export logs off the container. Logging is set to INFO level, which is fairly verbose.
  • The Tomcat configuration has not been tuned for large collections.
  • The IAM role guidance has not been tweaked to the absolute minimum set of permissions.

Pre-Requisites

  • Create an S3 bucket to store the current resource crawl state.

Configure

  • Copy the edda.properties template file to edda.properties.mine and make modifications there.

  • Set edda.s3current.bucket= to your new S3 bucket name.

  • Set edda.region= to the region that you are using.

  • For local workstation execution, configure keys that have the PowerUser role:

    • Set edda.aws.accessKey=
    • Set edda.aws.secretKey=

  • For AWS execution:

    • Launch an instance with an IAM Role that grants the equivalent of the PowerUser role.

  • No configuration is necessary for DynamoDB; the service will create the tables needed at startup.

  • If you want to minimize the rights associated with the role used for Edda, then follow these guidelines:

    • Read/write access is required for DynamoDB and S3.
    • Read access is required for the rest of the resources you want to crawl (i.e. describe... calls).

Run the Container

docker run -d \
  --name edda \
  -p :8080:8080 \
  -v `pwd`/edda.properties.mine:/tomcat/webapps/ROOT/WEB-INF/classes/edda.properties \
  netflixoss/edda:2.1

Test the Container

Test the Edda service by querying for instances and security groups.

curl -g 'localhost:8080/api/v2/view/instances;_pp'
curl -g 'localhost:8080/api/v2/aws/securityGroups;_pp'

See the Edda REST API documentation for additional use cases.

Inspect the Container

docker exec -i -t edda bash
Clone this wiki locally