Updated the CloudFormation template and README file to be clearer.

kcantrel · kcantrel · commit 0db507e76fb0 · 2025-06-03T17:00:08.000-05:00
diff --git a/Monitoring/monitor-ontap-services/README.md b/Monitoring/monitor-ontap-services/README.md
@@ -95,7 +95,7 @@ To install the program using the CloudFormation template, you will need to do th
 |SubnetIds|The subnet IDs that the Lambda function will be attached to. They must have connectivity to the FSxN file system management endpoint that you wish to monitor. It is recommended to select at least two.|
 |SecurityGroupIds|The security group IDs that the Lambda function will be attached to. The security group must allow outbound traffic over port 443 to the SNS, Secrets Manager, and CloudWatch and S3 AWS service endpoints, as well as the FSxN file system you want to monitor.|
 |SnsTopicArn|The ARN of the SNS topic you want the program to publish alert messages to.|
-|CloudWatchLogGroupName|The name of **an existing** CloudWatch Log Group that the Lambda function can send event messages to. It will create a new Log Stream within the Log Group every day that is unique to this file system so you can use the same Log Group for multiple instances of this program. If this field is left blank, alerts will not be sent to CloudWatch.|
+|CloudWatchLogGroupARN|The ARN of **an existing** CloudWatch Log Group that the Lambda function can send event messages to. It will create a new Log Stream within the Log Group every day that is unique to this file system so you can use the same Log Group for multiple instances of this program. If this field is left blank, alerts will not be sent to CloudWatch.|
 |SecretArn|The ARN of the secret within the AWS Secrets Manager that holds the FSxN file system credentials.|
 |SecretUsernameKey|The name of the key within the secret that holds the username portion of the FSxN file system credentials. The default is 'username'.|
 |SecretPasswordKey|The name of the key within the secret that holds the password portion of the FSxN file system credentials. The default is 'password'.|
@@ -124,16 +124,16 @@ set for the OntapAdminServer parameter.
 After the stack has been created, check the status of the Lambda function to make sure it is
 not in an error state. To find the Lambda function go to the Resources tab of the CloudFormation
 stack and click on the "Physical ID" of the Lambda function. This should bring you to the Lambda service in the AWS
-console. Once there, click on the "Monitor" tab to see if the function has been invoked. Locate the
+console. Once there, click on the "Monitor" tab to see if the function has been invoked. Note that it will take
+at least the configured iteration time before the function is invoked for the first time. Locate the
 "Error count and success rate(%)" chart, which is usually found at the top right corner of the "Monitor" dashboard.
-Within the "CheckInterval" number of minutes there should be at least one dot on that chart. Note that initially
-the chart is slow to reflect any status so you might have to be patient. Continue to press the "refresh"
-button (the icon with a circle on it) every minute or so to update the status. Once you see a dot on the chart, when you hover your mouse
-over it, you should see the "success rate" and "number of errors." The success rate should be 100% and the number
-of errors should be 0. If it is not, then scroll down to the CloudWatch Logs section and click on the most recent
-log stream. This will show you the output of the Lambda function. If there are any errors, they will be displayed
-there. If you can't figure out what is causing an error, then please create an issue in this repository and someone
-will help you.
+After  the "CheckInterval" number of minutes there should be at least one dot on that chart.
+Hover your mouse over the dot and you should see the "success rate" and "number of errors."
+The success rate should be 100% and the number of errors should be 0. If it is not, then scroll up a little bit and
+click on "View CloudWatch Logs" link. Once on this page, click on the first LogStream and review any output.
+If there are any errors, they will be displayed there. If you can't figure out what is causing an error,
+please create an issue on the [Issues](https://github.com/NetApp/FSx-ONTAP-samples-scripts/issues) section
+in this repository and someone will help you.
 
 ---
 
@@ -324,7 +324,7 @@ Each rule should be an object with one, or more, of the following keys:
 |failover|Boolean|If 'true' the program will send an alert if the FSxN cluster is running on its standby node. If it is set to `false`, it will not report on failover status.|
 |networkInterfaces|Boolean|If 'true' the program will send an alert if any of the network interfaces are down.  If it is set to `false`, it will not report on any network interfaces that are down.|
 
-###### Matching condition schema for EMS Messages (ems)
+###### Matching condition schema for EMS Events (ems)
 Each rule should be an object with three keys, with an optional 4th key:
 
 |Key Name|Value Type|Notes|
diff --git a/Monitoring/monitor-ontap-services/cloudformation.yaml b/Monitoring/monitor-ontap-services/cloudformation.yaml
@@ -21,6 +21,9 @@ Metadata:
           - implementWatchdogAsLambda
           - watchdogRoleArn
           - LambdaRoleArn
+      - Label:
+          default: "AWS Endpoint Options"
+        Parameters:
           - createSecretsManagerEndpoint
           - createSNSEndpoint
           - createCloudWatchLogsEndpoint
@@ -52,6 +55,90 @@ Metadata:
           - vserverNFSProtocolStateAlert
           - vserverCIFSProtocolStateAlert
 
+    ParameterLabels:
+      OntapAdminSever:
+        default: "FSxN Management IP or Hostname"
+      s3BucketName:
+        default: "S3 Bucket Name"
+      subNetIds:
+        default: "Subnet IDs"
+      securityGroupIds:
+        default: "Security Group IDs"
+      snsTopicArn:
+        default: "SNS Topic ARN"
+      cloudWatchLogGroupArn:
+        default: "CloudWatch Log Group ARN"
+      secretArn:
+        default: "Secrets Manager Secret ARN"
+      secretUsernameKey:
+        default: "Secret Username Key"
+      secretPasswordKey:
+        default: "Secret Password Key"
+      checkInterval:
+        default: "Check Interval (minutes)"
+      createWatchdogAlarm:
+        default: "Create Watchdog Alarm"
+      implementWatchdogAsLambda:
+        default: "Implement Watchdog as Lambda Function"
+      watchdogRoleArn:
+        default: "Watchdog Role ARN"
+      LambdaRoleArn:
+        default: "Lambda Role ARN"
+      createSecretsManagerEndpoint:
+        default: "Create Secrets Manager Endpoint"
+      createSNSEndpoint:
+        default: "Create SNS Endpoint"
+      createCloudWatchLogsEndpoint:
+        default: "Create CloudWatch Logs Endpoint"
+      createS3Endpoint:
+        default: "Create S3 Endpoint"
+      routeTableIds:
+        default: "Route Table IDs for S3 Endpoint"
+      vpcId:
+        default: "VPC ID for Endpoints"
+      endpointSecurityGroupIds:
+        default: "Endpoint Security Group IDs"
+      versionChangeAlert:
+        default: "Version Change Alert"
+      failoverAlert:
+        default: "Failover Alert"
+      emsEventsAlert:
+        default: "EMS Events Alert"
+      snapMirrorLagTimeAlert:
+        default: "SnapMirror Maximum Lag Time Alert (seconds)"
+      snapMirrorLagTimePercentAlert:
+        default: "SnapMirror Maximum Lag Time Percent Alert (%)"
+      snapMirrorStalledAlert:
+        default: "SnapMirror Stalled Transfer Alert (seconds)"
+      snapMirrorHealthAlert:
+        default: "SnapMirror Health Alert"
+      fileSystemUtilizationWarnAlert:
+        default: "File System (aggregate) Utilization Warning Alert (%)"
+      fileSystemUtilizationCriticalAlert:
+        default: "File System (aggregate) Utilization Critical Alert (%)"
+      volumeUtilizationWarnAlert:
+        default: "Volume Utilization Warning Alert (%)"
+      volumeUtilizationCriticalAlert:
+        default: "Volume Utilization Critical Alert (%)"
+      volumeFileUtilizationWarnAlert:
+        default: "Volume File (inode) Utilization Warning Alert (%)"
+      volumeFileUtilizationCriticalAlert:
+        default: "Volume File (inode) Utilization Critical Alert (%)"
+      volumeOfflineAlert:
+        default: "Volume Offline Alert"
+      softQuotaUtilizationAlert:
+        default: "Soft Quota Utilization Alert (%)"
+      hardQuotaUtilizationAlert:
+        default: "Hard Quota Utilization Alert (%)"
+      inodesQuotaUtilizationAlert:
+        default: "Inodes Quota Utilization Alert (%)"
+      vserverStateAlert:
+        default: "Vserver State Alert"
+      vserverNFSProtocolStateAlert:
+        default: "Vserver NFS Protocol State Alert"
+      vserverCIFSProtocolStateAlert:
+        default: "Vserver CIFS Protocol State Alert"
+
 Parameters:
   OntapAdminSever:
     Description: "The DNS name, or IP address, of the management endpoint of the FSxN file system to be monitored."
@@ -62,7 +149,7 @@ Parameters:
     Type: String
 
   subNetIds:
-    Description: "The subnet IDs where you want to deploy the Lambda function. Must have connectivity to the FSxN file system to be monitored."
+    Description: "The subnet IDs where you want to deploy the Lambda function. Must have connectivity to the FSxN file system to be monitored. Recommended to have at least two. Also recommended to be in a private subnet."
     Type: "List<AWS::EC2::Subnet::Id>"
 
   securityGroupIds:
@@ -100,7 +187,7 @@ Parameters:
     AllowedValues: ["true", "false"]
 
   implementWatchdogAsLambda:
-    Description: "Use a Lambda function to publish to the SNS topic so it can reside in a different region. Only needed if you are creating the CloudWatch alarm and the SNS topic is in a different region."
+    Description: "Use a Lambda function to publish to the SNS topic so the topic can reside in a different region. Only needed if you are creating the CloudWatch alarm and the SNS topic is in a different region."
     Type: String
     Default: "false"
     AllowedValues: ["true", "false"]
@@ -111,25 +198,25 @@ Parameters:
     Default: ""
 
   createSecretsManagerEndpoint:
-    Description: "Create a Secrets Manager endpoint."
+    Description: "Set to 'true' if you want to create a Secrets Manager endpoint."
     Type: String
     Default: "false"
     AllowedValues: ["true", "false"]
 
   createSNSEndpoint:
-    Description: "Create an SNS endpoint."
+    Description: "Set to 'true if you want to create an SNS endpoint."
     Type: String
     Default: "false"
     AllowedValues: ["true", "false"]
 
   createCloudWatchLogsEndpoint:
-    Description: "Create a CloudWatch logs endpoint."
+    Description: "Set to 'true if you want to create a CloudWatch logs endpoint."
     Type: String
     Default: "false"
     AllowedValues: ["true", "false"]
 
   createS3Endpoint:
-    Description: "Create an S3 endpoint."
+    Description: "Set to 'true if you want to create an S3 endpoint."
     Type: String
     Default: "false"
     AllowedValues: ["true", "false"]
@@ -145,7 +232,7 @@ Parameters:
     Default: ""
 
   endpointSecurityGroupIds:
-    Description: "The security group IDs, comma separated list, to associate with the SNS, SecretsManager and/or CloudWatch Logs endpoints. Must allow traffic from from the Lambda function over TCP port 443. This parameter is only needed if you are creating the SNS, SecretsManager, or CloudWatch Logs endpoint."
+    Description: "The security group IDs, comma separated list, to associate with the SNS, SecretsManager and/or CloudWatch Logs endpoints. Must allow inbound traffic from from the Lambda function over TCP port 443. This parameter is only needed if you are creating the SNS, SecretsManager, or CloudWatch Logs endpoint."
     Type: CommaDelimitedList
     Default: ""
 
@@ -626,8 +713,8 @@ Resources:
           # "matching conditions."  It is intended to be run as a Lambda function, but
           # can be run as a standalone program.
           #
-          # Version: v2.19
-          # Date: 2025-05-27-13:28:30
+          # Version: v2.20
+          # Date: 2025-06-03-16:56:55
           ################################################################################
           
           import json
@@ -1900,10 +1987,7 @@ Resources:
                           conditions["services"][getServiceIndex("systemHealth", conditions)]["rules"].append({"networkInterfaces": False})
                   elif name == "initialEmsEventsAlert":
                       if value == "true":
-                          if os.environ.get("initialEmsExtendedAlerts") == "true":
-                              conditions["services"][getServiceIndex("ems", conditions)]["rules"].append({"name": "", "severity": "informational|notice|error|alert|emergency", "message": ""})
-                          else:
-                              conditions["services"][getServiceIndex("ems", conditions)]["rules"].append({"name": "", "severity": "error|alert|emergency", "message": ""})
+                          conditions["services"][getServiceIndex("ems", conditions)]["rules"].append({"name": "", "severity": "error|alert|emergency", "message": "", "filter": ""})
                   elif name == "initialSnapMirrorHealthAlert":
                       if value == "true":
                           conditions["services"][getServiceIndex("snapmirror", conditions)]["rules"].append({"Healthy": False})  # This is what it matches on, so it is interesting when the health is false.
diff --git a/Monitoring/monitor-ontap-services/monitor_ontap_services.py b/Monitoring/monitor-ontap-services/monitor_ontap_services.py
@@ -1292,10 +1292,7 @@ def buildDefaultMatchingConditions():
                 conditions["services"][getServiceIndex("systemHealth", conditions)]["rules"].append({"networkInterfaces": False})
         elif name == "initialEmsEventsAlert":
             if value == "true":
-                if os.environ.get("initialEmsExtendedAlerts") == "true":
-                    conditions["services"][getServiceIndex("ems", conditions)]["rules"].append({"name": "", "severity": "informational|notice|error|alert|emergency", "message": ""})
-                else:
-                    conditions["services"][getServiceIndex("ems", conditions)]["rules"].append({"name": "", "severity": "error|alert|emergency", "message": ""})
+                conditions["services"][getServiceIndex("ems", conditions)]["rules"].append({"name": "", "severity": "error|alert|emergency", "message": "", "filter": ""})
         elif name == "initialSnapMirrorHealthAlert":
             if value == "true":
                 conditions["services"][getServiceIndex("snapmirror", conditions)]["rules"].append({"Healthy": False})  # This is what it matches on, so it is interesting when the health is false.
