English – Page 10

The Secret Variable is a feature of the One Platform that ensures the
security of confidential variables used in application monitoring,
services, and cloud configurations. These confidential variables are
registered in the platform with a business name and can be used to
replace information that should not be publicly visible to other users
in the organization.

The Secret Variable is not editable and contains sensitive
information such as passwords, which are not visible for querying in the
platform.

The user-chosen business name for the security of confidential
information is available to all users to apply in health checks,
headers, and other fields by using the command “{{” or clicking on the
key symbol that appears in the right corner of the field. By doing so,
you can view the list of created variables.

To configure the Secret Variable on the platform, click on the arrow
next to the organization’s name on the top bar and click on the button
with the pencil icon to enter your organization or click here.

Once inside your organization, you will find “Tokens and Secrets
Variables.” Click on the plus sign (+) button next to the name “Secret
Variable,” and a dialog box will open. In this box, you enter the name
of the variable (without the brackets ({{)) that will be used publicly
by your team of users. Then, fill in the confidential information you
want to encrypt and keep the value secret.

After filling in all the fields, click on the “Save” button to create
the configuration. In a few seconds, your Secret Variable will be
created and will be shown as in the image below:

Note: After creating the Secret Variable, it is not possible to edit it. To make modifications, you will need to delete it and create a new one.

Note: If the name “Secret” is too large, select the text by
double-clicking it and then pressing the “Tab” key. This will make the
delete icon applicable, allowing you to remove a secret.

Using a Secret Variable:

In the Application:

Adding or removing a Secret Variable can be done when creating your resilience matrix or editing it later, as needed.

Access the “Products” section in the platform.
Select the desired product.
Enter the resilience matrix of the specific application you want to configure.
Click on the pencil icon to configure the application settings.

Click on the key symbol or type “{{” within the field, and the list
of variables registered in the organization will be displayed. Select
the Secret Variable you desire, and it can be used in the URL for health
checks or in the header or value fields.

Add-On:

To register the Secret Variable via add-on, follow these steps:

Access the desired application.
Below, you will find all the add-ons added to this application.
Registering the Secret Variable via add-on is similar to application
configuration. Click on the add-on name (or the left arrow), and the
settings will expand for changes.
Click on the key symbol available in the indicated fields or use “{{” to open the list of variables and enter where necessary.
You can add them during the add-on creation or later.
Once you’ve made the desired changes, click on “Save” to finalize the configuration.

To create an AWS policy in the platform, follow these steps:

First, log in to the AWS Console using this link.
Once you are logged in, navigate to the IAM (Identity and Access Management) service.
In the IAM dashboard, click on “Policies” in the left-hand menu.
Click on the “Create policy” button to create a new policy.
Select the “JSON” tab.
Copy and paste the provided JSON code below into the policy editor.

Policy Content

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowRunInstances",
            "Effect": "Allow",
            "Action": "ec2:RunInstances",
            "Resource": [
                "arn:aws:ec2:*::image/*",
                "arn:aws:ec2:*::snapshot/*",
                "arn:aws:ec2:*:*:subnet/*",
                "arn:aws:ec2:*:*:network-interface/*",
                "arn:aws:ec2:*:*:security-group/*",
                "arn:aws:ec2:*:*:key-pair/*"
            ]
        },
        {
            "Sid": "AllowEc2WithRestrictions",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateVolume",
                "ec2:RunInstances"
            ],
            "Resource": [
                "arn:aws:ec2:*:*:volume/*",
                "arn:aws:ec2:*:*:instance/*"
            ],
            "Condition": {
                "StringEquals": {
                    "aws:RequestTag/Owner": "1p-agent"
                },
                "ForAllValues:StringEquals": {
                    "aws:TagKeys": [
                        "Owner",
                        "Name",
                        "Environment"
                    ]
                }
            }
        },
        {
            "Sid": "AllowFunctionsWithRestrictions",
            "Effect": "Allow",
            "Action": [
                "ec2:TerminateInstances",
                "ec2:StopInstances",
                "ec2:RebootInstances",
                "ec2:StartInstances",
                "ec2:DeleteSecurityGroup",
                "ec2:AuthorizeSecurityGroupEgress",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:RevokeSecurityGroupIngress",
                "ec2:RevokeSecurityGroupEgress",
                "ec2:UpdateSecurityGroupRuleDescriptionsIngress",
                "ec2:UpdateSecurityGroupRuleDescriptionsEgress"
            ],
            "Resource": [
                "arn:aws:ec2:*:*:instance/*",
                "arn:aws:ec2:*:*:security-group/*"
            ],
            "Condition": {
                "StringEquals": {
                    "ec2:ResourceTag/Owner": "1p-agent"
                }
            }
        },
        {
            "Sid": "AllowFunctions1p",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateTags",
                "ec2:CreateSecurityGroup",
                "ec2:Describe*",
                "rds:Describe*",
                "elasticache:Describe*",
                "cloudwatch:ListMetrics",
                "cloudwatch:GetMetricStatistics"
            ],
            "Resource": "*"
        },
        {
            "Sid": "Manage1pAccessKeys",
            "Effect": "Allow",
            "Action": [
                "iam:get*"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        },
        {
            "Sid": "SsmAllRegionsToAMis",
            "Effect": "Allow",
            "Action": "ssm:*",
            "Resource": [
                "arn:aws:s3:::*",
                "arn:aws:ssm:*:*:opsmetadata/*",
                "arn:aws:ec2:*:*:instance/*",
                "arn:aws:ssm:*:*:parameter/*"
            ]
        }
    ]
}

After creating the policy, follow the steps below to create a user named “1p-agent” and attach the policy to that user in the IAM service of the AWS Console:

Click on this link to access the AWS Console.
Click in “Policy actions”, then “Attach”.
Attach the policy to the user “1p-agent”.

The policy you created allows the following actions:

EC2: Provisioning, controlling, and administering instances with the specified tag “1P”. The agent does not use KeyPair.
RDS, ElastiCache, EC2, IAM, CloudWatch, and S3: It grants permissions to List and Get requests types for these services.
EKS (Amazon Elastic Kubernetes Service) Full Access (optional): If
you included this permission, it provides full access to the Amazon EKS
service, allowing the user to manage Kubernetes clusters and related
resources.

With your product created, we can now register applications that are
part of this product to begin monitoring. With these applications, we
can observe various metrics, such as deployment records, degradation
alarms, latency graphs, and more. Additionally, we can register
dependencies for each application, which we’ll cover in the next section
of this tutorial.

To create an application, follow these steps:

Fill in the “Application name” field with the name of the application you want to monitor.
In the “Healthcheck URL” field, enter the URL you wish to monitor.
The platform considers a status of 200 as UP, and any other status code
is considered as Down.
If you want to create a secret variable, click on the “key” button inside the field, and assign a name and value to the secret.
Next, select the desired HTTP method (GET or POST) from the options in the “Method” drop-down menu.
If required, choose the desired type of TLS (Transport Layer Security) by clicking on the “TSL Renegotiation” box.
If you need to bypass the SSL certificate (Secure Sockets Layer), you can click on the “Skip SSL” box.
Optionally, you can assign a header and value by filling in the designated fields.
To perform a double check, you can specify a string to be checked
within the URL. The healthcheck will consider the application as UP if
it receives a status code of 200 and finds the specified string as
valid. Fill in the “Validation String” field for this purpose.
Set the “Interval in seconds” to determine the time interval (in seconds) for performing the health check.
In “Timeout in seconds,” define the maximum allowed time for a timeout.
For generating incidents, specify the number of consecutive failures
required to trigger an incident in the “Failures to generate incident”
field.

Once you have completed these steps, click on “Finish Application” to finalize the creation of the application.

Note: For security reasons, it is not permitted to enter an IP in the
healthcheck field. To monitor an IP, you need to enter it in a secret
and use it in healthcheck

Monitoring the Application

Now, we will demonstrate how to monitor your product and evaluate the
established metrics for the application. Please follow the steps below:

In this area, you can find information about the application you are
monitoring. You have the option to edit the application by clicking on
the pencil icon or delete it by clicking on the trash can icon.
Below the information area, there are two buttons with additional functionalities:
- “Register Deploy”: This allows you to manually or automatically
  register deployment events such as rollback or hotfix. You can use this
  feature to keep track of deployment activities related to your
  application.
- “Response Time Degradation”: This button activates the alarm for
  response time degradation. It uses percentages to assign values and
  alert you when the response time exceeds the specified threshold.
In the metrics environment, you can view and set the Error Budget
percentage according to your needs. This feature helps you monitor and
manage the budgeted errors within your application’s performance.
The Latency Graph allows you to visualize and zoom in on latency
data, including percentiles such as p50, p90, and p95, giving you
insights into your application’s response time distribution.
To add a dependency, click on the “+” button. If you want to search for an existing dependency, you can type its name in the search field.
Finally, there is a flag to enable or disable monitoring for the application.

After configuring your cloud, create a digital product for monitoring on the platform:

Start by filling in the “Product name” field with your preferred name
and provide a description of the product in the “Descriptions” field.
If you wish, you can add a logo or image to the product by clicking
on the “Drag an image here or select on your computer” button.
To monitor the product, you need to create a team that will receive
alerts and associate it with the product. Click on the “+” button,
assign a name to the team, and click “Create team.”
Once the team is created, click on the “Save and create application”
button to save your product details and proceed with the installation.

To create a postmortem on One Platform, you must go to the Postmortem Center, in the left side menu of the platform.

After entering the center, click
on “New postmortem”. In the form, fill in the Title field with the title
you want to put in your postmortem and below enter the information
about the postmortem you want to document. Afterwards, link to an
incident generated by the platform.

After displaying all the necessary information, click on “Save
postmortem”. Postmortems created are saved in the Postmortem Center.

To view a postmortem, simply click on the desired postmortem and you
will have access to all the information, as well as knowing who wrote
the postmortem and the incident it is related to.

Clicking on the postmortem actions, we have 3 options:

– Edit postmortem (directs to the postmortem editing screen)

– Delete postmortem (delete the postmortem)

– Export to PDF (export the postmortem to a PDF file)

When an incident is linked to a postmortem, a button for the postmortem will appear on the incident screen.

Thinking about how to make our
customers’ lives easier with the incident journey, ElvenWorks is
launching the Manual Incident, an incident that can be opened by you at
any time. Through this new feature, you can manage incidents whose
origin is not monitored by the platform, with all the necessary
information so that the team to be notified is aware of what is
happening.

In the Incident Center, in the side menu, click on the “+ New Incident” button, located in the top right corner.

On the manual incident
configuration screen, choose a name for the incident and report its
cause. Select a day and time when the incident occurred and its status:
Alarmed, Acknowledged and Resolved. When the incident is opened with the
Resolved status, the “Time to Acknowledged” and “Time to Resolve”
metrics will be reset to zero.

After choosing your status, choose
the severity of the incident between: SEV-1 – Critical, SEV-2 – High,
SEV-3 – Moderate, SEV-4 – Low, SEV-5 – Informational and Not classified.

If desired, link the incident to a source that is monitored by the platform, being able to choose one or more applications.

Choose the teams you want to
notify. If you want to create a team through this page, click on “+
Team” and you will be directed to the creation screen. When you finish
creating a new team, click on the reload symbol for the team to appear
in the list. If you choose not to link any team, this incident will not
be notified.

As soon as you click on “Create
new incident”, a notification will be sent to the channels of the teams
involved, if configured, informing you about the opening of the
incident.

If you want to edit or delete the manual incident, click on the three dots in front of the incident name.

The webhook credentials are determined by the organization in the
platform. To access them, click on the arrow next to the organization’s
name on the top bar and click on the button with the pencil icon next to
‘Settings’ to enter your organization. Once inside your organization,
you will find ‘Integration Tokens’ and ‘Secrets Variables.’ Click on the
plus sign (+) button next to the name ‘Integration Tokens.

A message box will appear, where you should choose the type of
webhook that will be registered (Hits/Failure and Deploy) and give it a
name for identification as your credential.

After filling in the fields, click on ‘Generate Integration Token’ and wait for it to process.

Hits/Failure Credential

Once the process is complete, your credential will be created, and you will see an image like the one below:

Click on the button with the paper icon to have the curl command
copied to your clipboard. In case of consulting, editing, or removing,
your token will be registered within your organization in the platform.

After copying the curl command, you can paste and execute the command in the terminal of your choice.

Your API activation token will be generated, similar to the image below:

Deploy Credential

After following the steps to create credentials and choosing the type
“deploy” for the webhook, the message box will be closed, and your
credentials page will be refreshed, showing only the description of the
credential, as shown in the image below:

The token generated by the credential is registered on the
application page in your product. Additionally, you will have a token
for each application you want to update.

Editing Webhook Credentials

To access your list of credentials and edit an already created token,
click on the icon represented by a pencil to edit the credential. This
allows you to modify the settings or details of the webhook credential
as needed.

After enabling editing, you will see a message box displaying the
current credential with its name and token. Click on “Generate
Integration Token” and wait for the platform to generate a new
credential. Once the new credential is created, you need to redo the
previous steps to execute the command in any terminal of your choice and
obtain the new token.

WARNING:

After generating a new credential, the old token will become invalid.
If needed, you can also change the name of the credential. However,
please be aware that new credentials will be generated every time the
name is changed.

The Maintenance Window feature is designed to ensure that the metrics available in
each application are not affected by a scheduled maintenance period.
During this maintenance window, the application is taken offline for a
specified duration to receive updates or perform other maintenance
tasks.

This functionality is available for all types of monitoring in
the platform and can be manually configured by accessing the
application’s settings through the tools icon located next to the
application’s name.

How to configure a Maintenance Window:

Click on the tools icon next to the application’s name.
A settings window will open, allowing you to set the start and end time for the planned maintenance window.
Define the days and time period during which the maintenance window is scheduled.
Once you have selected the days and specified the start and end times, click on “Save” to finalize the configuration.

The Maintenance Window will
automatically start at the chosen time and day. To confirm that it is
set up correctly, check if the tools icon displays an orange dot,
indicating that the configuration is active. If you need to edit,
delete, or confirm the settings, click on the tools icon again.

If the maintenance is completed
before the scheduled end time and you want to finish the Maintenance
Window manually, you have the option to do so by clicking on the “End
maintenance” link, located in the top orange bar that appears as soon as
your Maintenance Window begins.

Your customers will have visibility of your scheduled maintenance through the Status Page.

In the side menu, click on Environment.

Click on New, select the Cloud, fill in the Name and Tag. Then click on Save.

Click on the icon

Select the Kubernetes tab.

There are two types of update options when the agent is installed through of Kubernetes: Auto update (where the agent is updated automatically) and Manual update (where the agent is not updated automatically).

Choose one of the two update options and once you select the desired option, a box will appear containing the Yaml designated by the platform. Copy the Yaml, deploy it to Kubernetes and the agent will be installed.

Once the installation is completed, you can continue with the configuration of monitoring for your environment.

The ElvenWorks platform gives you the possibility to use various
cloud providers, not only the most commonly used ones like AWS and
Azure. To use a custom cloud provider of your preference, you must first
set up the cloud within the platform by following the tutorial below.

On the left sidebar, click on “Clouds,” and in the upper right
corner, click on the “NEW” button. In the “Cloud Provider” field, select
the “Custom” option and define a name for the cloud you are
configuring. The name of the cloud does not necessarily need to be
associated with your digital product’s cloud. After naming it, click on
“Save” to complete the registration of your cloud.