Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update compatibility-requirement-lambda-monitoring.mdx #19648

Merged
merged 1 commit into from
Jan 7, 2025
Merged

Update compatibility-requirement-lambda-monitoring.mdx #19648

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 0 additions & 71 deletions ...ring/instrument-lambda-function/compatibility-requirement-lambda-monitoring.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,77 +16,6 @@ Before enabling serverless monitoring using our Lambda layer, you'll need:

3. An AWS account with permissions for creating IAM resources, managed secrets, and Lambdas. You also need permissions for creating CloudFormation stacks and S3 buckets.

{/* Then you'll need to complete the following:

1. Install [AWS CLI v2](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) configure using `aws configure`. You will need an AWS Access Key ID and AWS Secret Access Key.

2. Install [Python](https://www.python.org/downloads/) version 3.3 or higher.

3. Install the [`newrelic-lambda` CLI](https://github.com/newrelic/newrelic-lambda-cli#installation). To install it, run this command:

```bash
pip3 install newrelic-lambda-cli
```

4. By default, we use the AWS Managed Policy `ReadOnlyAccess`. This allows the Infrastructure integration to see all the resources in your account, rather than just your Lambda functions and CloudWatch metrics. New Relic recommends this default, but we understand that some organizations prefer a strict security posture for third party integrations. If you'd like to limit New Relic's access, the IAM role can be granted with a minimum of these permissions:

```yaml
Resource: "*"
Action:
- "cloudwatch:GetMetricStatistics"
- "cloudwatch:ListMetrics"
- "cloudwatch:GetMetricData"
- "lambda:GetAccountSettings"
- "lambda:ListFunctions"
- "lambda:ListAliases"
- "lambda:ListTags"
- "lambda:ListEventSourceMappings"
```
5. Before running the CLI, you will need to grant New Relic a minimum of these permissions in AWS:

```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CLIAccessPolicy",
"Action": [
"cloudformation:CreateChangeSet",
"cloudformation:CreateStack",
"cloudformation:DescribeStacks",
"cloudformation:ExecuteChangeSet",
"iam:AttachRolePolicy",
"iam:CreateRole",
"iam:GetRole",
"iam:PassRole",
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:GetFunction",
"logs:DeleteSubscriptionFilter",
"logs:DescribeSubscriptionFilters",
"logs:PutSubscriptionFilter",
"s3:GetObject",
"serverlessrepo:CreateCloudFormationChangeSet",
"secretsmanager:CreateSecret"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Sid": "NRLogAccessPolicy",
"Effect": "Allow",
"Action": [
"serverlessrepo:CreateCloudFormationTemplate",
"serverlessrepo:GetCloudFormationTemplate"
],
"Resource": "arn:aws:serverlessrepo:us-east-1:463657938898:applications/NewRelic-log-ingestion"
}
]
}
```

If you'd like to learn more about our CLI, see [our CLI repo](https://github.com/newrelic/newrelic-lambda-cli#installation). */}

## Supported runtimes

Based on the type of instrumentation, the following runtimes are supported.
Expand Down
Loading