aws-observability
diff --git a/‎docs/concepts.md
Lines changed: 88 additions & 0 deletions b/‎docs/concepts.md
Lines changed: 88 additions & 0 deletions
diff --git a/‎docs/contributors.md
Lines changed: 27 additions & 0 deletions b/‎docs/contributors.md
Lines changed: 27 additions & 0 deletions
diff --git a/‎docs/eks.md
Lines changed: 159 additions & 0 deletions b/‎docs/eks.md
Lines changed: 159 additions & 0 deletions
diff --git a/‎docs/helpers/new-eks-cluster.md
Lines changed: 78 additions & 0 deletions b/‎docs/helpers/new-eks-cluster.md
Lines changed: 78 additions & 0 deletions
@@ -0,0 +1,88 @@
+# Concepts
+
+## Prerequisites
+
+All examples in this repository require the following tools installed
+
+1. [Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli)
+2. [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)
+3. [Kubectl](https://Kubernetes.io/docs/tasks/tools/)
+
+### Minimum IAM Policy
+
+To run the examples, you need a set of AWS IAM permissions. You can find an example of minimum
+permissions required [in this file](https://github.com/aws-observability/terraform-aws-observability-accelerator/blob/docs/docs/iam/min-iam-policy.json).
+
+> **Note**: The policy resource is set as `*` to allow all resources, this is not a recommended practice.
+You should restrict instead to the ARNs when applicable.
+
+### Terraform states and variables
+
+By default, our examples are using local Terraform states. If you need
+your Terraform states to be saved remotely, on Amazon S3, visit the
+[terraform remote states](https://www.terraform.io/language/state/remote) documentation.
+
+For simplicity, we use Terraform supported environment variables.
+You can also edit the `terraform.tfvars` files directly and deploy
+with `terraform apply -var-file=terraform.tfvars`. Terraform tfvars file can be useful if
+you need to track changes as part of a Git repository or CI/CD pipeline.
+
+> **Note:** When using `tfvars` files, always be careful to not store and commit any secrets (keys, passwords, ...)
+
+## Base module
+
+The base module allows you to configure the AWS Observability services for your cluster and the AWS Distro for OpenTelemetry (ADOT) Operator as the signals collection mechanism.
+
+Here is the minimum configuration to have a new Managed Grafana Workspace, Amazon Managed Service for Prometheus Workspace, ADOT Operator deployed for you and ready to receive your data.
+
+```hcl
+module "eks_observability_accelerator" {
+  source = "aws-observability/terraform-aws-observability-accelerator"
+  aws_region = "eu-west-1"
+  eks_cluster_id = "my-eks-cluster"
+}
+```
+
+You can optionally reuse existing Workspaces to dissociate their lifecycle from the
+Terraform state.
+
+```hcl
+module "eks_observability_accelerator" {
+  source = "aws-observability/terraform-aws-observability-accelerator"
+  aws_region = "eu-west-1"
+  eks_cluster_id = "my-eks-cluster"
+
+  # prevents creation of a new Amazon Managed Prometheus workspace
+  enable_managed_prometheus = false
+
+  # reusing existing Amazon Managed Prometheus Workspace
+  managed_prometheus_workspace_id     = "ws-abcd123..."
+
+  # prevents creation of a new Amazon Managed Grafana workspace
+  enable_managed_grafana       = false
+
+  managed_grafana_workspace_id = "g-abcdef123"
+  grafana_api_key              = var.grafana_api_key
+}
+```
+
+View all the configuration options in the [module's documentation](https://github.com/aws-observability/terraform-aws-observability-accelerator#requirements)
+
+## Workload modules
+
+Workloads modules are focused Terraform modules provided in this repository. They essentially provide curated metrics collection, alerts and Grafana dashboards according to the use case. Most of those modules require the base module.
+
+You can check the full workload modules list and their documentation [here](https://github.com/aws-observability/terraform-aws-observability-accelerator/tree/main/modules/workloads).
+
+All the modules come with end-to-end deployable examples.
+
+## Examples
+
+[Examples](https://github.com/aws-observability/terraform-aws-observability-accelerator/tree/main/examples) put modules together in a ready to deploy terraform configuration as a starting point. With little to no configuration, you can run `terraform apply` and use the deployed resources on your AWS Account.
+
+You can find **workload** examples like [Amazon EKS infrstructure monitoring](/terraform-aws-observability-accelerator/workloads/eks/) or [monitoring your Amazon Managed Service for Prometheus workspace](terraform-aws-observability-accelerator/workloads/managed-prometheus/) and more.
+
+
+## Getting started with AWS Observability services
+
+If you are new to AWS Observability services, or want to dive deeper into them, check our [One Observability Workshop](https://catalog.workshops.aws/observability/) for a hands-on experience in a self-paced environement or at an AWS venue.
@@ -0,0 +1,27 @@
+# Contributors
+
+The content on this site is maintained by the Solutions Architects from the
+AWS observability team with support from the AWS service teams and other
+volunteers from across the organization.
+
+Our goal is to make it easier to use AWS Open Source Observability Services.
+
+The core team include the following people:
+
+* Abhi Khanna
+* Imaya Kumar Jagannathan
+* Jerome DECQ
+* Kevin Lewin
+* Michael Hausenblas
+* Munish Dabra
+* Ramesh Kumar Venkatraman
+* Rodrigue Koffi
+* Toshal Dudhwhala
+* Vara Bonthu
+* Vikram Venkataraman
+
+We welcome the wider open source community and thank [those who contribute](https://github.com/aws-observability/terraform-aws-observability-accelerator/graphs/contributors)
+to this project.
+
+Note that all information published on this site is available via the
+Apache 2.0 license.
@@ -0,0 +1,159 @@
+# Amazon EKS cluster monitoring
+
+This example demonstrates how to monitor your Amazon Elastic Kubernetes Service
+(Amazon EKS) cluster with the Observability Accelerator's EKS
+[infrastructure module](https://github.com/aws-observability/terraform-aws-observability-accelerator/tree/main/modules/workloads/infra).
+
+Monitoring Amazon Elastic Kubernetes Service (Amazon EKS) has two categories:
+the control plane and the Amazon EKS nodes (with Kubernetes objects).
+The Amazon EKS control plane consists of control plane nodes that run the Kubernetes software,
+such as etcd and the Kubernetes API server. To read more on the components of an Amazon EKS cluster,
+please read the [service documentation](https://docs.aws.amazon.com/eks/latest/userguide/clusters.html).
+
+The Amazon EKS infrastructure Terraform modules focuses on metrics collection to Amazon
+Managed Service for Prometheus using the [AWS Distro for OpenTelemetry Operator](https://docs.aws.amazon.com/eks/latest/userguide/opentelemetry.html) for Amazon EKS.
+Additionally, it provides default dashboards to get a comprehensible visibility on the nodes,
+namespaces, pods, and kubelet operations health. Finally, you get curated Prometheus recording rules
+and alerts to operate your cluster.
+
+## Prerequisites
+
+Make sure to complete the [prerequisites section](/terraform-aws-observability-accelerator/concepts/#prerequisites)
+before proceeding.
+
+## Setup
+
+### 1. Download sources and initialize Terraform
+
+```
+git clone https://github.com/aws-observability/terraform-aws-observability-accelerator.git
+cd examples/existing-cluster-with-base-and-infra
+terraform init
+```
+
+### 2. AWS Region
+
+Specify the AWS Region where the resources will be deployed:
+
+```bash
+export TF_VAR_aws_region=xxx
+```
+
+### 3. Amazon EKS Cluster
+
+To run this example, you need to provide your EKS cluster name. If you don't
+have a cluster ready, visit [this example](/terraform-aws-observability-accelerator/helpers/new-eks-cluster.md)
+first to create a new one.
+
+Specify your cluster name:
+
+```bash
+export TF_VAR_eks_cluster_id=xxx
+```
+
+### 4. Amazon Managed Service for Prometheus workspace (optional)
+
+By default, we create an Amazon Managed Service for Prometheus workspace for you.
+However, if you have an existing workspace you want to reuse, edit and run:
+
+```bash
+export TF_VAR_managed_prometheus_workspace_id=ws-xxx
+```
+
+To create a workspace outside of Terraform's state, simply run:
+
+```bash
+aws amp create-workspace --alias observability-accelerator --query '.workspaceId' --output text
+```
+
+### 5. Amazon Managed Grafana workspace
+
+To run this example you need an Amazon Managed Grafana workspace. If you have an existing workspace, edit and run:
+
+```bash
+export TF_VAR_managed_grafana_workspace_id=g-xxx
+```
+
+To create a new one, within this example's Terraform state (sharing the same lifecycle with all the
+other resources created by Terraform):
+
+- Edit main.tf and set `enable_managed_grafana = true`
+- Run
+
+```bash
+terraform init
+terraform apply -target "module.eks_observability_accelerator.module.managed_grafana[0].aws_grafana_workspace.this[0]"
+export TF_VAR_managed_grafana_workspace_id=$(terraform output --raw managed_grafana_workspace_id)
+```
+
+### 6. Grafana API Key
+
+Amazon Managed Grafana provides a control plane API for generating Grafana API keys.
+As a security best practice, we will provide to Terraform a short lived API key to
+run the `apply` or `destroy` command.
+
+Ensure you have necessary IAM permissions (`CreateWorkspaceApiKey, DeleteWorkspaceApiKey`)
+
+```bash
+export TF_VAR_grafana_api_key=`aws grafana create-workspace-api-key --key-name "observability-accelerator-$(date +%s)" --key-role ADMIN --seconds-to-live 1200 --workspace-id $TF_VAR_managed_grafana_workspace_id --query key --output text`
+```
+
+## Deploy
+
+Simply run this command to deploy the example
+
+```bash
+terraform apply
+```
+
+## Visualization
+
+1. Prometheus datasource on Grafana
+
+Open your Grafana workspace and under Configuration -> Data sources, you should see `aws-observability-accelerator`. Open and click `Save & test`. You should see a notification confirming that the Amazon Managed Service for Prometheus workspace is ready to be used on Grafana.
+
+2. Grafana dashboards
+
+Go to the Dashboards panel of your Grafana workspace. You should see a list of dashboards under the `Observability Accelerator Dashboards`
+
+<img width="1540" alt="image" src="https://user-images.githubusercontent.com/10175027/190000716-29e16698-7c90-49d6-8c37-79ca1790e2cc.png">
+
+Open a specific dashboard and you should be able to view its visualization
+
+<img width="2056" alt="cluster headlines" src="https://user-images.githubusercontent.com/10175027/199110753-9bc7a9b7-1b45-4598-89d3-32980154080e.png">
+
+2. Amazon Managed Service for Prometheus rules and alerts
+
+Open the Amazon Managed Service for Prometheus console and view the details of your workspace. Under the `Rules management` tab, you should find new rules deployed.
+
+<img width="1629" alt="image" src="https://user-images.githubusercontent.com/10175027/189301297-4865e75d-2d71-434f-b5d0-9750b3533632.png">
+
+
+To setup your alert receiver, with Amazon SNS, follow [this documentation](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-alertmanager-receiver.html)
+
+
+## Destroy resources
+
+If you leave this stack running, you will continue to incur charges. To remove all resources
+created by Terraform, [refresh your Grafana API key](#6-grafana-api-key) and run the command below.
+
+Be careful, this command will removing everything created by Terraform. If you wish
+to keep your Amazon Managed Grafana or Amazon Managed Service for Prometheus workspaces. Remove them
+from your terraform state before running the destroy command.
+
+```bash
+terraform destroy
+```
+
+To remove resources from your Terraform state, run
+
+```bash
+# grafana workspace
+terraform state rm "module.eks_observability_accelerator.module.managed_grafana[0].aws_grafana_workspace.this[0]"
+
+# prometheus workspace
+terraform state rm "module.eks_observability_accelerator.aws_prometheus_workspace.this[0]"
+```
+
+
+> **Note:** To view all the features proposed by this module, visit the [module documentation](https://github.com/aws-observability/terraform-aws-observability-accelerator/tree/main/modules/workloads/infra).
@@ -0,0 +1,78 @@
+# Creating a new Amazon EKS cluster with VPC
+
+> Note: This example is a subset from [this EKS Blueprint example](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/examples/eks-cluster-with-new-vpc)
+
+This example deploys the following:
+
+- New sample VPC, 3 Private Subnets and 3 Public Subnets
+- Internet gateway for Public Subnets and NAT Gateway for Private Subnets
+- EKS Cluster Control plane with one managed node group
+
+## Prerequisites
+
+Make sure to complete the [prerequisites section](/terraform-aws-observability-accelerator/concepts/#prerequisites)
+before proceeding.
+
+
+## Setup
+
+### 1. Download sources and initialize Terraform
+
+```
+git clone https://github.com/aws-observability/terraform-aws-observability-accelerator.git
+cd examples/eks-cluster-with-vpc/
+terraform init
+```
+
+### 2. AWS Region
+
+Specify the AWS Region where the resources will be deployed:
+
+```bash
+export TF_VAR_aws_region=xxx
+```
+
+## Deploy
+
+Simply run this command to deploy the example
+
+```bash
+terraform apply
+```
+
+##  Login to your cluster
+
+EKS Cluster details can be extracted from terraform output or from AWS Console to get the name of cluster.
+Use the following commands in your local machine where you want to interact with your EKS Cluster.
+
+### 1. Run `update-kubeconfig` command
+
+`~/.kube/config` file gets updated with cluster details and certificate from the below command
+
+    aws eks --region <enter-your-region> update-kubeconfig --name <cluster-name>
+
+### 2. List all the worker nodes by running the command below
+
+    kubectl get nodes
+
+### 3. List all the pods running in `kube-system` namespace
+
+    kubectl get pods -n kube-system
+
+## Cleanup
+
+To clean up your environment, destroy the Terraform modules in reverse order.
+
+Destroy the Kubernetes Add-ons, EKS cluster with Node groups and VPC
+
+```sh
+terraform destroy -target="module.eks_blueprints_kubernetes_addons" -auto-approve
+terraform destroy -target="module.eks_blueprints" -auto-approve
+terraform destroy -target="module.vpc" -auto-approve
+```
+
+Finally, destroy any additional resources that are not in the above modules
+
+```sh
+terraform destroy -auto-approve
+```