AWS EC2 Instance Connectivity Test

Sometimes, an instance could be in a powered-on state, but the failure of the operating system or any fatal error in internal operations of the instance could have rendered the instance inaccessible to users. In order to enable you to promptly detect such ‘hidden’ anomalies, this test periodically runs a connectivity check on each instance available for the configured AWS user account, and reports whether the instances are accessible over the network or not.

Target of the test: Amazon Cloud

Agent deploying the test: An external agent

Output of the test: One set of results for each instancename:instanceID available for the configured AWS user account

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed.

Host

The host for which the test is to be configured.

Access Type

eG Enterprise monitors the AWS cloud using AWS API. By default, the eG agent accesses the AWS API using a valid AWS account ID, which is assigned a special role that is specifically created for monitoring purposes. Accordingly, the Access Type parameter is set to Role by default. Furthermore, to enable the eG agent to use this default access approach, you will have to configure the eG tests with a valid AWS Account ID to Monitor and the special AWS Role Name you created for monitoring purposes.

Some AWS cloud environments however, may not support the role-based approach. Instead, they may allow cloud API requests only if such requests are signed by a valid Access Key and Secret Key. When monitoring such a cloud environment therefore, you should change the Access Type to Secret. Then, you should configure the eG tests with a valid AWS Access Key and AWS Secret Key.

Note that the Secret option may not be ideal when monitoring high-security cloud environments. This is because, such environments may issue a security mandate, which would require administrators to change the Access Key and Secret Key, often. Because of the dynamicity of the key-based approach, Amazon recommends the Role-based approach for accessing the AWS API.

AWS Account ID to Monitor

This parameter appears only when the Access Type parameter is set to Role. Specify the AWS Account ID that the eG agent should use for connecting and making requests to the AWS API. To determine your AWS Account ID, follow the steps below:

  • Login to the AWS management console. with your credentials.

  • Click on your IAM user/role on the top right corner of the AWS Console. You will see a drop-down menu containing the Account ID (see Figure 1).

    Identifying AWS Account ID

    Figure 1 : Identifying the AWS Account ID

AWS Role Name

This parameter appears when the Access Type parameter is set to Role. Specify the name of the role that you have specifically created on the AWS cloud for monitoring purposes. The eG agent uses this role and the configured Account ID to connect to the AWS Cloud and pull the required metrics. To know how to create such a role, refer to Creating a New Role.

AWS Access Key, AWS Secret Key, Confirm AWS Access Key, Confirm AWS Secret Key

These parameters appear only when the Access Type parameter is set to Secret.To monitor an Amazon cloud instance using the Secret approach, the eG agent has to be configured with the access key and secret key of a user with a valid AWS account. For this purpose, we recommend that you create a special user on the AWS cloud, obtain the access and secret keys of this user, and configure this test with these keys. The procedure for this has been detailed in the Obtaining an Access key and Secret key topic. Make sure you reconfirm the access and secret keys you provide here by retyping it in the corresponding Confirm text boxes.

Proxy Host and Proxy Port

In some environments, all communication with the AWS cloud and its regions could be routed through a proxy server. In such environments, you should make sure that the eG agent connects to the cloud via the proxy server and collects metrics. To enable metrics collection via a proxy, specify the IP address of the proxy server and the port at which the server listens against the Proxy Host and Proxy Port parameters. By default, these parameters are set to none , indicating that the eG agent is not configured to communicate via a proxy, by default.

Proxy User Name, Proxy Password, and Confirm Password

If the proxy server requires authentication, then, specify a valid proxy user name and password in the proxy user name and proxy password parameters, respectively. Then, confirm the password by retyping it in the CONFIRM PASSWORD text box. By default, these parameters are set to none, indicating that the proxy sever does not require authentication by default.

Proxy Domain and Proxy Workstation

If a Windows NTLM proxy is to be configured for use, then additionally, you will have to configure the Windows domain name and the Windows workstation name required for the same against the proxy domain and proxy workstation parameters. If the environment does not support a Windows NTLM proxy, set these parameters to none.

Exclude Region

Here, you can provide a comma-separated list of region names or patterns of region names that you do not want to monitor. For instance, to exclude regions with names that contain 'east' and 'west' from monitoring, your specification should be: *east*,*west*

Cloudwatch Enabled

This parameter only applies to the AWS - Aggregated Resource Usage test.This test reports critical metrics pertaining to the resource usage of the server instances launched in the cloud. If you want this test to report resource usage metrics very frequently - say, once every minute or lesser - you will have to configure the tests to use the AWS CloudWatchservice. This is a paidweb service that enables you to monitor, manage, and publish various metrics, as well as configure alarm actions based on data from metrics. To enable is test to use this service, set the CloudWatch Enabled flag to Yes. On the other hand, to report resource usage metrics less frequently - say, once in 5 minutes or more - this test does not require the AWS CloudWatchservice; in this case therefore, set the cloudwatch enabled flag to No. Note that for enabling CloudWatch, you will have to pay CloudWatch fees. For the fee details, refer to the AWS web site.

Exclude Instance

This parameter applies only to AWS- Instance Connectivity, AWS- Instance Resources , and AWS- Instance Uptime tests. In the Exclude Instance text box, provide a comma-separated list of instance names or instance name patterns that you do not wish to monitor. For example: i-b0c3e*,*7dbe56d. By default, this parameter is set to none.

Measures reported by the test:

Measurement

Description

Measurement Unit

Interpretation

Avg network delay:

Indicates the average delay between transmission of packets to this instance and receipt of the response to the packet at the source.

Secs

An increase in the value of this measure is a cause for concern. Given below are some common reasons for such an anomaly:

  • The network between the target AWS instance and the eG agent is congested. When there is an increase in traffic on the interconnecting network, data transmission can slow down, thereby increasing communication latency.

  • The quality of the network connection between the eG external agent and the target instance is sub-par. Poor signal quality, faulty transmission lines, etc. can result in an increase in packet loss and/or network latency.

  • The AWS instance is overloaded. If the target instance is very busy, it takes longer to respond to requests, and this will result in an increase in latency.

  • There are problems with network routing between the target AWS instance and the eG agent. A faulty network router, routing loops, etc., can increase network latency.

Min network delay:

The minimum time between transmission of a packet and receipt of the response back.

Secs

A significant increase in the minimum round-trip time is often a sure sign of network congestion.

Packet loss:

Indicates the percentage of packets lost during transmission from source to target and back.

Percent

A value close to 100% for this measure is a cause for concern. Given below are some common reasons for such an anomaly:

  • The network between the target AWS instance and the eG external agent is congested. When there is an increase in traffic on the interconnecting network, packets may be dropped.

  • The quality of the network connection between the eG external agent and the target instance is sub-par. Poor signal quality, faulty transmission lines, etc. can result in an increase in packet loss and/or network latency.

  • The target AWS instance is overloaded. If the target instance is very busy, it takes longer to respond to requests, and this will result in packet drops.

  • There are problems with network routing between the target instance and the eG external agent. A faulty network router, routing loops, etc., can increase packet loss. Check the detailed diagnosis of this test to know the hops that are on the path from the external agent to the instance, and the packet loss on each hop. This information can be used to diagnose the hop(s) that could be causing excessive packet loss.

Network availability of Instance:

Indicates whether the network connection to this instance is available or not.

Percent

A value of 100 indicates that the instance is accessible over the network. The value 0 indicates that the instance is inaccessible.

Typically, the value 100 corresponds to a Packet loss of 0.

The value 0 for this measure could mean that the instance is either down or too busy, or the interconnecting network is down.