The CloudWatch Mule® Integration is a CloudWatch custom integration and it is configured through a conf.yml file located at /home/cmi-agent/iocs/conf/conf.yml  in Linux systems

The configuration in the conf.yml is divided into two parts:

  • init_config: A common part used by all the executions
  • instances: A list of instances to be scheduled independently

init_config

This section contains the common configuration used by all the instance executions. It contains the following configurations:

  •    hostsGrouping of all the hosts' definitions needed to read the metrics out of the Anypoint Platform. Some hosts are specific to some APIs, if so, it is specified in the description:
    •    anypointThe Anypoint server host URL. It is preconfigured with https://anypoint.mulesoft.com but it could be different for EU or GOV Mule Regions, see https://docs.mulesoft.com/access-management/managing-users#prerequisites
    •    object_store_v2The Specific Region Object Store V2 server host URL. See https://docs.mulesoft.com/object-store/osv2-apis for the full list of available hosts. This host definition is used by the Object Store API. Example value: https://object-store-us-east-1.anypoint.mulesoft.com
    •    object_store_v2_statsThe Object Store V2 Stats server host URL. This host definition is used by the Object Store V2 Stats API. It is preconfigured with https://object-store-stats.anypoint.mulesoft.com
    •    mule_serverThe URL or IP of the Server running a Mule Runtime with the Mule Agent. This host definition is used by the ARM APIs Example value: http://localhost:9999
    •    oauth_providerThe Oauth Provider URL allows obtaining a Bearer token used to make requests to all the APIs. It is preconfigured with https://anypoint.mulesoft.com/accounts/api/v2/oauth2/token but it could be different for EU or GOV Mule Regions, see https://docs.mulesoft.com/access-management/managing-users#prerequisites
  •    usernameThe user name for the authentication API
  •    aws_secret_nameThe AWS Secret Manager Name where the password for the authentication API is stored.
  •    env_idThe Environment ID for environment-specific requests
  •    org_idThe Organization ID for the requests that require to specify it
  •    api_keyThe API key provided when you purchased the product
  •    customer_keyThe Customer key provided when you purchased the product
  •    connection_wait_timeThe number of seconds that authentication method will wait until the next retry. If not specified it defaults to 2
  •    connection_attempts_numThe number of retry attempts that the authentication method will perform. If not specified it defaults to 3

 

In the Full Example section, there is an example of a configuration file with all the values configured.

instances

This section contains a list of instances defined following the YAML list item notation -. Each instance is scheduled independently to run a set of APIs with a specific threads number configuration. Each instance contains the following configurations:

  •    min_collection_interval: The time in seconds between executions. If not specified it defaults to 15 seconds
  •    threadsThe number of allowed parallel threads running the instance
  •    api_filterIf not specified, all the APIs are executed, otherwise it must contain a list of APIs to run within the instance following the YAML list item notation -.

In the Full Example section, there is an example of a configuration file with a list of instances. The example is taken directly from the  conf.yml file distributed with the integration and contains the optimum numbers we recommend for almost any scenario for min_collection_interval and threads.

The metric collection of any instance can be disabled at any time by commenting out the whole instance. This means, commenting on the two attributes mentioned above.

Configuration process

The instances section contains a list of instances that were set to a periodicity and concurrency level according to each API-provided information. Even if all these values can be changed, we recommend just go with the defaults.

The main configuration parameters to pay attention to are:

  •    object_store_v2.
  •    mule_server. 
  •    username
  •    aws_secret_name.
  •    env_id.
  •    org_id.
  •    api_key.
  •    customer_key.
     

·For EU or GOV Mule Regions, the anypoint and oauth_provider should be changed too. See https://docs.mulesoft.com/access-management/managing-users#prerequisites

The service user permissions

CloudWatch Mule® Integration requires specific permissions on the MuleSoft Anypoint Platform to collect metrics. 

There are some common permissions that must be granted to be able to execute any API and others, specific, used by one or few APIs.

·Exchange API:

o   Exchange Administrator
This is only required to read data from Exchange. CloudWatch Mule® Integration does not modify any asset.

·CloudHub:

o   CloudHub Organization Admin
This is only required to read data from CloudHub. CloudWatch Mule® Integration does not modify any asset.

o   Read Alerts

·ARM Rest Services:

o   Read Alerts

o   Read Applications

o   Read Servers

·Access Management:

o   Read Applications

o   View Organization

·ARM Monitoring Query:

o   Read Applications

·Object Store:

o   Manage Application Data

o   Manage stores data

·Object Store V2 Stats:

o   An administrator user
This is only required to read data from Object Store V2 statistics. CloudWatch Mule® Integration does not modify any asset. If these metrics are not desired, make sure you comment out this entry in the configuration file in instances.

The integration does not modify in any manner the assets in Anypoint Platform, those permissions are for read-only.

Full example

Below is a complete configuration example (with fake credentials and ids):

init_config:

    hosts:

          anypoint: https://anypoint.mulesoft.com

          object_store_v2: https://object-store-us-east-1.anypoint.mulesoft.com

          object_store_v2_stats: https://object-store-stats.anypoint.mulesoft.com

          mule_server: http://localhost:9999

          oauth_provider: https://anypoint.mulesoft.com/accounts/api/v2/oauth2/token

    client_id: 035715123cbc31a1234a43143213f3

    client_secret: bAc2345678C34aFB1A12f5A245678

    env_id: a3cc1234-4a24-125b-1a45-1c1aa13cad

    org_id: ac2345aa-cc13-1367-bca1-b12aa4aa

    api_key: 548f-1s52-2d5f4f4ed

    customer_key: a6a6-b5e854e5

    connection_wait_time: 2

    connection_attempts_num: 3

instances:

  - min_collection_interval: 86400

    threads: 32

    api_filter:

      - access_management

  - min_collection_interval: 10

    threads: 32

    api_filter:

      - arm_monitoring_query

  - min_collection_interval: 10

    threads: 32

    api_filter:

      - arm_mule_agent

  - min_collection_interval: 10

    threads: 32

    api_filter:

      - arm_rest_services

  - min_collection_interval: 10

    threads: 32

    api_filter:

      - cloudhub

  - min_collection_interval: 86400

    threads: 32

    api_filter:

      - exchange_experience

  - min_collection_interval: 60

    threads: 32

    api_filter:

      - insight

  - min_collection_interval: 86400

    threads: 32

    api_filter:

      - object_store

  - min_collection_interval: 86400

    threads: 32

    api_filter:

      - object_store_v2_stats