Performance Monitoring with X-Ray
Substation dynamically enables X-Ray for performance monitoring if an AWS_XRAY_DAEMON_ADDRESS
environment variable is found.
If the AWS account's X-Ray data is not encrypted, then use this pattern to encrypt it. The ARN produced by xray_key
(or the ARN of a previously created encryption key) must be added as a kms_read and kms_write resource on all Lambda IAM policies.
resource "aws_kms_key" "xray_key" {
description = "KMS used for server-side encryption of X-Ray data"
enable_key_rotation = true
}
resource "aws_kms_alias" "xray_key_alias" {
name = "alias/xray"
target_key_id = aws_kms_key.xray_key.key_id
}
# Applying this configuration can take several minutes
resource "aws_xray_encryption_config" "xray_encryption_config" {
type = "KMS"
key_id = aws_kms_key.xray_key.arn
}
Updated over 1 year ago