Amazon Redshift
Amazon Redshift is a managed scalable database warehouse where Nobl9 users can store their metrics information. Nobl9 allows retrieving metrics data from Redshift, enabling customers to use standard SQL statements that require two specific return valuesβa value and a timestamp.
Amazon Redshift parameters and supported features in Nobl9
- General support:
- Release channel: Stable, Beta
- Connection method: Agent, Direct
- Replay and SLI Analyzer: Not supported
- Event logs: Supported
- Query checker: Not supported
- Query parameters retrieval: Not supported
- Timestamp cache persistence: Supported
- Query parameters:
- Query interval: 1 min
- Query delay: 30 sec
- Jitter: 15 sec
- Timeout: 30 sec
- Agent details and minimum required versions for supported features:
- Environment variable:
REDSHIFT_QUERY_DELAY
- Plugin name:
n9redshift
- Timestamp cache persistence:
0.65.0
- Additional notes:
- AWS Secrets Manager and Cross-Account IAM roles for authentication
- No support for SQL connections and temporary credentials
Authenticationβ
For authentication, you can use:
- Authentication via AWS Secrets Manager stored secret for authenticating with the Data API
- Cross-Account IAM roles for authentication to Redshift
SQL connections and temporary credentials are not supported.
Secret-ARNβ
Nobl9 supports
authenticating with Amazon Redshiftβs Data API using the AWS Secrets Manager.
To connect to Redshift through direct and agent configuration,
you must create a secret and ensure the secret is tagged with the RedshiftDataFullAccess
permission.
When running the agent, you will also be asked to provide the ARN for the secret.
For more information on Redshift secrets, refer to Using the Amazon Redshift Data API | Amazon Redshift documentation.
Cross-account IAM rolesβ
Prerequisitesβ
You can activate cross-account access in AWS using the External ID and Nobl9 AWS Account ID. To create an IAM role ARN with cross-account access, make sure the following prerequisites are complete:
- Copy the External ID and Nobl9 AWS Account ID values in the Data source wizard.
Check Cross Account Resource Access in IAM | AWS documentation to learn more.
-
Policy permissions for your IAM role require a custom policy that allows action
secretsmanager:GetSecretValueon
for the resource pointed by the SecretARN.When you miss this policy, create it in the IAM > Policies > Create Policy > Specify Permission > JSON section:
In the policy editor, apply the following JSON statement, replacing your-Secret-ARN
with your AWS Secret ARN value in the statement.resource
field.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "secretsmanager:GetSecretValue",
"Resource": "arn:aws:secretsmanager:*:your-Secret-ARN"
}
]
}
IAM role ARN creationβ
Sign in to the AWS Management Console. Open the IAM console.
- Choose Roles on the navigation pane.
The Roles section opens.
-
Click Create Role:
To create the access role, you select a trusted entity first.
- Choose the AWS account role tile:
-
Choose Another AWS account. Paste the
Nobl9 Account ID
you copied in the Nobl9 Data source wizard.
This is the account you're granting access to your resources. -
Select Require External ID. Paste the
Nobl9 External ID
you copied in the Nobl9 Data source wizard.
This option automatically adds a condition to the trust policy, allowing users to assume the role only if the request includes the correctsts:ExternalID
.
- Click Next.
- In the Add Permissions section, attach the
AmazonRedshiftDataFullAccess
permission policy. Click Next:
Make sure this policy allows action secretsmanager:GetSecretValueon
for the resource pointed by the SecretARN. When this action is missing, read Prerequisites.
- Click Next and save the role. Then, copy its IAM Role ARN to the Data source wizard in Nobl9 UI.
Adding Amazon Redshift as a data sourceβ
To ensure data transmission between Nobl9 and Amazon Redshift, it may be necessary to list Nobl9 IP addresses as trusted.
app.nobl9.com
instance:- 18.159.114.21
- 18.158.132.186
- 3.64.154.26
us1.nobl9.com
instance:- 34.121.54.120
- 34.123.193.191
- 34.134.71.10
- 35.192.105.150
- 35.225.248.37
- 35.226.78.175
- 104.198.44.161
You can add the Amazon Redshift data source using the direct or agent connection methods.
Direct connection methodβ
Direct connection to Amazon Redshift requires users to enter their credentials which Nobl9 stores safely.
Nobl9 Webβ
To set up this type of connection:
- Navigate to Integrations > Sources.
- Click .
- Click the required Source button.
- Choose Direct.
-
Select one of the following Release Channels:
- The
stable
channel is fully tested by the Nobl9 team. It represents the final product; however, this channel does not contain all the new features of abeta
release. Use it to avoid crashes and other limitations. - The
beta
channel is under active development. Here, you can check out new features and improvements without the risk of affecting any viable SLOs. Remember that features in this channel can change.
- The
-
Enter your AWS Secret ARN (mandatory).
The secret must be tagged withRedshiftDataFullAccess
permission. For more information, see Data API | Amazon Redshift documentation -
Enter the IAM Role ARN.
Check the instructions above for more details.
- Select a Project.
Specifying a project is helpful when multiple users are spread across multiple teams or projects. When the Project field is left blank, Nobl9 uses thedefault
project. - Enter a Display Name.
You can enter a user-friendly name with spaces in this field. - Enter a Name.
The name is mandatory and can only contain lowercase, alphanumeric characters, and dashes (for example,my-project-1
). Nobl9 duplicates the display name here, transforming it into the supported format, but you can edit the result. - Enter a Description.
Here you can add details such as who is responsible for the integration (team/owner) and the purpose of creating it. - Specify the Query delay to set a customized delay for queries when pulling the data from the data source.
- The default value in Amazon Redshift integration for Query delay is
30 seconds
.
infoChanging the Query delay may affect your SLI data. For more details, check the Query delay documentation. - The default value in Amazon Redshift integration for Query delay is
- Click Add Data Source
sloctlβ
The YAML for setting up a direct connection to Amazon Redshift looks like this:
apiVersion: n9/v1alpha
kind: Direct
metadata:
name: redshift-direct
displayName: Redshift Direct
project: redshift-direct
spec:
sourceOf:
- Metrics
releaseChannel: stable
queryDelay:
unit: Minute
value: 720
logCollectionEnabled: false # boolean, defaults to 'false'. Set to true if you'd like your source to collect logs. Available for data sources connected using the direct method only. Reach out to support@nobl9.com to activate it.
redshift:
roleARN: ""
secretARN: ""
Field | Type | Description |
---|---|---|
queryDelay.unit mandatory | enum | Specifies the unit for the query delay. Possible values: Second | Minute . β’ Check query delay documentation for default unit of query delay for each source. |
queryDelay.value mandatory | numeric | Specifies the value for the query delay. β’ Must be a number less than 1440 minutes (24 hours). β’ Check query delay documentation for default unit of query delay for each source. |
logCollectionEnabled optional | boolean | Optional. Defaults to false . Set to true if you'd like your direct to collect event logs. Contact us to activate it. |
releaseChannel mandatory | enum | Specifies the release channel. Accepted values: beta | stable . |
Source-specific fields | ||
redshift.roleARN mandatory | string, secret | See authentication section above for more details. |
redshift.secretARN mandatory | string, secret | See authentication section above for more details. |
Agent connection methodβ
Nobl9 Webβ
Follow the instructions below to create your Amazon Redshift agent connection. Refer to the section above for the description of the fields.
- Navigate to Integrations > Sources.
- Click .
- Click the required Source button.
- Choose Direct.
-
Select one of the following Release Channels:
- The
stable
channel is fully tested by the Nobl9 team. It represents the final product; however, this channel does not contain all the new features of abeta
release. Use it to avoid crashes and other limitations. - The
beta
channel is under active development. Here, you can check out new features and improvements without the risk of affecting any viable SLOs. Remember that features in this channel can change.
- The
- Select a Project.
Specifying a project is helpful when multiple users are spread across multiple teams or projects. When the Project field is left blank, Nobl9 uses thedefault
project. - Enter a Display Name.
You can enter a user-friendly name with spaces in this field. - Enter a Name.
The name is mandatory and can only contain lowercase, alphanumeric characters, and dashes (for example,my-project-1
). Nobl9 duplicates the display name here, transforming it into the supported format, but you can edit the result. - Enter a Description.
Here you can add details such as who is responsible for the integration (team/owner) and the purpose of creating it. - Specify the Query delay to set a customized delay for queries when pulling the data from the data source.
- The default value in Amazon Redshift integration for Query delay is
30 seconds
.
infoChanging the Query delay may affect your SLI data. For more details, check the Query delay documentation. - The default value in Amazon Redshift integration for Query delay is
- Click Add Data Source
sloctlβ
The YAML for setting up an agent connection to Amazon Redshift looks like this:
apiVersion: n9/v1alpha
kind: Agent
metadata:
name: redshift-agent
displayName: Redshift Agent # optional
project: default
spec:
description: Agent settings for redshift datasource # optional
sourceOf:
- Metrics
releaseChannel: stable # string, one of: beta || stable
queryDelay:
unit: Minute # string, one of: Second || Minute
value: 720 # numeric, must be a number less than 1440 minutes (24 hours)
redshift: {}
Field | Type | Description |
---|---|---|
queryDelay.unit mandatory | enum | Specifies the unit for the query delay. Possible values: Second | Minute . β’ Check query delay documentation for default unit of query delay for each source. |
queryDelay.value mandatory | numeric | Specifies the value for the query delay. β’ Must be a number less than 1440 minutes (24 hours). β’ Check query delay documentation for default unit of query delay for each source. |
releaseChannel mandatory | enum | Specifies the release channel. Accepted values: beta | stable . |
You can deploy only one agent in one YAML file by using the sloctl apply
command.
Agent deploymentβ
When you add the data source, Nobl9 automatically generates a Kubernetes configuration and a Docker command line for you to use to deploy the agent. Both of these are available in the web UI, under the Agent Configuration section. Be sure to swap in your credentials (e.g., replace <AWS_SECRET_ARN>
, <AWS_ACCESS_KEY_ID>
, and <AWS_SECRET_ACCESS_KEY>
with your organization key).
- Kubernetes
- Docker
If you use Kubernetes, you can apply the supplied YAML config file to a Kubernetes cluster to deploy the agent. It will look something like this:
# DISCLAIMER: This deployment description contains only the fields necessary for the purpose of this demo.
# It is not a ready-to-apply k8s deployment description, and the client_id and client_secret are only exemplary values.
apiVersion: v1
kind: Secret
metadata:
name: nobl9-agent-nobl9-dev-default-my-amazon-redshift
namespace: default
type: Opaque
stringData:
aws_access_key_id: <AWS_ACCESS_KEY_ID>
aws_secret_access_key: <AWS_SECRET_ACCESS_KEY>
aws_secret_arn: <AWS_SECRET_ARN>
client_id: client_id
client_secret: client_secret
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nobl9-agent-nobl9-dev-default-my-amazon-redshift
namespace: default
spec:
replicas: 1
selector:
matchLabels:
nobl9-agent-name: my-amazon-redshift
nobl9-agent-project: default
nobl9-agent-organization: nobl9-dev
template:
metadata:
labels:
nobl9-agent-name: my-amazon-redshift
nobl9-agent-project: default
nobl9-agent-organization: nobl9-dev
spec:
containers:
- name: agent-container
image: nobl9/agent:0.82.2
resources:
requests:
memory: "350Mi"
cpu: "0.1"
env:
- name: N9_CLIENT_ID
valueFrom:
secretKeyRef:
key: client_id
name: nobl9-agent-nobl9-dev-default-my-amazon-redshift
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: aws_access_key_id
name: nobl9-agent-nobl9-dev-default-my-amazon-redshift
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: aws_secret_access_key
name: nobl9-agent-nobl9-dev-default-my-amazon-redshift
- name: AWS_SECRET_ARN
valueFrom:
secretKeyRef:
key: aws_secret_arn
name: nobl9-agent-nobl9-dev-default-my-amazon-redshift
- name: N9_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: client_secret
name: nobl9-agent-nobl9-dev-default-my-amazon-redshift
# The N9_METRICS_PORT is a variable specifying the port to which the /metrics and /health endpoints are exposed.
# The 9090 is the default value and can be changed.
# If you donβt want the metrics to be exposed, comment out or delete the N9_METRICS_PORT variable.
- name: N9_METRICS_PORT
value: "9090"
If you use Docker, you can run the Docker command to deploy the agent. It will look something like this:
# DISCLAIMER: This Docker command contains only the fields necessary for the purpose of this demo.
# It is not a ready-to-apply command, and you will need to replace the placeholder values with your own values.
docker run -d --restart on-failure \
--name nobl9-agent-nobl9-dev-default-my-amazon-redshift \
-e N9_CLIENT_SECRET="client_secret" \
-e N9_CLIENT_ID="client_id" \
# The N9_METRICS_PORT is a variable specifying the port to which the /metrics and /health endpoints are exposed.
# The 9090 is the default value and can be changed.
# If you donβt want the metrics to be exposed, comment out or delete the N9_METRICS_PORT variable.
-e N9_METRICS_PORT=9090 \
-e AWS_ACCESS_KEY_ID="<AWS_ACCESS_KEY_ID>" \
-e AWS_SECRET_ACCESS_KEY="<AWS_SECRET_ACCESS_KEY>" \
-e AWS_SECRET_ARN="<AWS_SECRET_ARN>" \
nobl9/agent:0.82.2
Creating SLOs with Amazon Redshiftβ
Nobl9 Webβ
Follow the instructions below to create your SLOs with Amazon Redshift in the UI:
-
Navigate to Service Level Objectives.
-
Click .
-
Select a Service.
It will be the location for your SLO in Nobl9. -
Select your Amazon Redshift data source.
-
Enter a Region (mandatory).
Use one of the regional endpoints that are listed here. -
Enter a Cluster ID (mandatory).
It is an identifier of your Amazon Redshift cluster that is a part of your Redshift secret. For more details on Redshift, secrets go here. For exampleredshift-cluster-1
. -
Enter a Database name (mandatory).
It is the name of your Amazon Redshift database. For exampledev
. -
Select the Metric type:
- Threshold metric: a single time series is evaluated against a threshold.
- Ratio metric: two-time series for comparison for good events and total events.
For ratio metrics, select the Data count method: incremental or non-incremental.
-
Enter a Query or Good query and Total query:
-
Query example for the Threshold metric (Raw metric):
Query:SELECT value as n9_value, timestamp as n9_time FROM httpstatuscodes WHERE timestamp BETWEEN :n9date_from AND :n9date_to
-
Query example for the Ratio metric (count metric):
Good query:SELECT value as n9value, timestamp as n9date FROM httpstatuscodes WHERE timestamp BETWEEN :n9date_from AND :n9date_to
Total query:SELECT value as n9value, timestamp as n9date FROM sinusoid WHERE timestamp BETWEEN :n9date_from AND :n9date_to
SLI values for good and totalWhen choosing the query for the ratio SLI (countMetrics
), keep in mind that the values ββresulting from that query for both good and total:- Must be positive.
- While we recommend using integers, fractions are also acceptable.
- If using fractions, we recommend them to be larger than
1e-4
=0.0001
. - Shouldn't be larger than
1e+20
.
-
- Define the Time Window for your SLO:
- Rolling time windows constantly move forward as time passes. This type can help track the most recent events.
- Calendar-aligned time windows are usable for SLOs intended to map to business metrics measured on a calendar-aligned basis.
- Configure the Error budget calculation method and Objectives:
- Occurrences method counts good attempts against the count of total attempts.
- Time Slices method measures how many good minutes were achieved (when a system operates within defined boundaries) during a time window.
- You can define up to 12 objectives for an SLO.
Similar threshold values for objectivesTo use similar threshold values for different objectives in your SLO, we recommend differentiating them by setting varying decimal points for each objective.
For example, if you want to use threshold value1
for two objectives, set it to1.0000001
for the first objective and to1.0000002
for the second one.
Learn more about threshold value uniqueness. - Add the Display name, Name, and other settings for your SLO:
- Name identifies your SLO in Nobl9. After you save the SLO, its name becomes read-only.
Use only lowercase letters, numbers, and dashes. - Create Composite SLO: with this option selected, you create a composite SLO 1.0. Composite SLOs 1.0 are deprecated. They're fully operable; however, we encourage you to create new composite SLOs 2.0.
You can create composite SLOs 2.0 withsloctl
using the provided template. Alternatively, you can create a composite SLO 2.0 with Nobl9 Terraform provider. - Set Notifications on data. With it, Nobl9 will notify you in the cases when SLO won't be reporting data or report incomplete data for more than 15 minutes.
- Add alert policies, labels, and links, if required.
Up to 20 items of each type per SLO is allowed.
- Name identifies your SLO in Nobl9. After you save the SLO, its name becomes read-only.
- Click CREATE SLO
sloctlβ
- rawMetric
- countMetric
Hereβs an example of Amazon Redshift using a rawMetric
(threshold metric)
apiVersion: n9/v1alpha
kind: SLO
metadata:
name: redshift-raw
displayName: Redshift Raw SLO
project: redshift
spec:
description: Redshift SLO Description
service: redshift
indicator:
metricSource:
name: redshift
project: redshift
budgetingMethod: Occurrences
objectives:
- target: 0.8
value: 0.8
op: lte
rawMetric:
query:
redshift:
region: eu-central-1
clusterId: n9-dev-tooling-redshift
databaseName: dev
query: SELECT value as n9value, timestamp as n9date FROM sinusoid WHERE
timestamp BETWEEN :n9date_from AND :n9date_to
displayName: average
- target: 0.9
value: 0.9
op: lte
rawMetric:
query:
redshift:
region: eu-central-1
clusterId: n9-dev-tooling-redshift
databaseName: dev
query: SELECT value as n9value, timestamp as n9date FROM sinusoid WHERE
timestamp BETWEEN :n9date_from AND :n9date_to
displayName: so-so
timeWindows:
- calendar:
startTime: "2020-11-14 11:00:00"
timeZone: Etc/UTC
count: 1
isRolling: false
unit: Day
Hereβs an example of Amazon Redshift using countMetric
(ratio metric):
apiVersion: n9/v1alpha
kind: SLO
metadata:
name: redshift-count
displayName: Redshift Count SLO
project: redshift
spec:
description: Redshift Count Description
service: redshift
indicator:
metricSource:
name: redshift
project: redshift
budgetingMethod: Occurrences
timeWindows:
- unit: Day
count: 7
isRolling: true
objectives:
- countMetrics:
incremental: false
good:
redshift:
clusterId: n9-dev-tooling-redshift
databaseName: dev
query: SELECT value as n9value, timestamp as n9date FROM httpstatuscodes
WHERE value = '200' AND timestamp BETWEEN :n9date_from AND :n9date_to
region: eu-central-1
total:
redshift:
clusterId: n9-dev-tooling-redshift
databaseName: dev
query: SELECT value as n9value, timestamp as n9date FROM httpstatuscodes
WHERE timestamp BETWEEN :n9date_from AND :n9date_to
region: eu-central-1
displayName: ""
target: 0.99
value: 1
The Amazon Redshift SLO requires the following fields:
-
region
-
clusterID
-
databaseName
-
Refer to Creating SLOs on the Nobl9 Web section for more details on these fields.
n9date and n9value:
Amazon Redshift SQL query needs to return two values - n9date
and n9value
:
-
n9date
is the timestamp for the data. -
n9value
is a float containing the actual metric.Note that Amazon RedShift accepts these values in the following format:
-
:n9date_from
-
:n9date_to
This allows users to enter virtually any query.
-
Querying the Amazon Redshift serverβ
To call the AWS Redshift Data API, Nobl9 runs the aws redshift-data execute-statement
command that is executed once per minute. Nobl9 queries for data from the previous minute.
Amazon Redshift API rate limitsβ
The following rate limits apply to the Amazon Redshift API:
-
The maximum query result size is 100 MB. If a call returns more than 100 MB of response data, the call is ended.
-
The maximum retention time for query results is 24 hours.
-
The maximum query statement size is 100 KB.
-
The Data API is available to query single-node and multiple-node clusters of the following node types:
- dc2.large
- dc2.8xlarge
- ds2.xlarge
- ds2.8xlarge
- ra3.xlplus
- ra3.4xlarge
- ra3.16xlarge
-
The cluster must be in a virtual private cloud (VPC) based on the Amazon VPC service.