使用配置采样、组和加密设置Amazon X-RayAPI - Amazon X-Ray
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

使用配置采样、组和加密设置Amazon X-RayAPI

Amazon X-Ray 提供用于配置采样规则、组规则和加密设置的 API。

加密设置

使用PutEncryptionConfig要指定Amazon Key Management Service(Amazon KMS) 用于加密的密钥。

注意

X-Ray 不支持非对称 KMS 密钥.

$ aws xray put-encryption-config --type KMS --key-id alias/aws/xray { "EncryptionConfig": { "KeyId": "arn:aws:kms:us-east-2:123456789012:key/c234g4e8-39e9-4gb0-84e2-b0ea215cbba5", "Status": "UPDATING", "Type": "KMS" } }

对于密钥 ID,您可以使用别名(如示例中所示)、密钥 ID 或 Amazon 资源名称 (ARN)。

使用 GetEncryptionConfig 获取当前配置。当 X-Ray 应用设置时,状态将从UPDATINGACTIVE.

$ aws xray get-encryption-config { "EncryptionConfig": { "KeyId": "arn:aws:kms:us-east-2:123456789012:key/c234g4e8-39e9-4gb0-84e2-b0ea215cbba5", "Status": "ACTIVE", "Type": "KMS" } }

要停止使用 KMS 密钥并使用默认加密,请将加密类型设置为NONE.

$ aws xray put-encryption-config --type NONE { "EncryptionConfig": { "Status": "UPDATING", "Type": "NONE" } }

采样规则

您可以管理采样规则在您的账户中使用 X-Ray API。有关添加和管理标签的更多信息,请参阅为 X-Ray 采样规则和组添加标签.

利用 GetSamplingRules 获取所有采样规则。

$ aws xray get-sampling-rules { "SamplingRuleRecords": [ { "SamplingRule": { "RuleName": "Default", "RuleARN": "arn:aws:xray:us-east-2:123456789012:sampling-rule/Default", "ResourceARN": "*", "Priority": 10000, "FixedRate": 0.05, "ReservoirSize": 1, "ServiceName": "*", "ServiceType": "*", "Host": "*", "HTTPMethod": "*", "URLPath": "*", "Version": 1, "Attributes": {} }, "CreatedAt": 0.0, "ModifiedAt": 1529959993.0 } ] }

默认规则应用于与其他规则不匹配的所有请求。它是最低优先级的规则,不能删除。但是,您可以使用 UpdateSamplingRule 更改速率和容器大小。

例 的 API 输入UpdateSamplingRule— 10000-默认t.json
{ "SamplingRuleUpdate": { "RuleName": "Default", "FixedRate": 0.01, "ReservoirSize": 0 } }

以下示例使用之前的文件作为输入,将默认规则更改为没有存储库的百分比。标签是可选的。如果选择添加标签,则需要标签密钥,标签值是可选的。要从取样规则中删除现有标签,请使用UntagResource

$ aws xray update-sampling-rule --cli-input-json file://1000-default.json --tags [{"Key": "key_name","Value": "value"},{"Key": "key_name","Value": "value"}] { "SamplingRuleRecords": [ { "SamplingRule": { "RuleName": "Default", "RuleARN": "arn:aws:xray:us-east-2:123456789012:sampling-rule/Default", "ResourceARN": "*", "Priority": 10000, "FixedRate": 0.01, "ReservoirSize": 0, "ServiceName": "*", "ServiceType": "*", "Host": "*", "HTTPMethod": "*", "URLPath": "*", "Version": 1, "Attributes": {} }, "CreatedAt": 0.0, "ModifiedAt": 1529959993.0 },

利用 CreateSamplingRule 创建更多采样规则。当您创建规则时,大多数规则字段都是必填字段。以下示例将创建两条规则。这第一条规则为 ScoreKeep 示例应用程序设定了基本费率。它匹配 API 提供的所有与更高优先级规则不匹配的请求。

例 的 API 输入UpdateSamplingRule— 9000-base-scorekeep.json
{ "SamplingRule": { "RuleName": "base-scorekeep", "ResourceARN": "*", "Priority": 9000, "FixedRate": 0.1, "ReservoirSize": 5, "ServiceName": "Scorekeep", "ServiceType": "*", "Host": "*", "HTTPMethod": "*", "URLPath": "*", "Version": 1 } }

第二条规则也适用于 ScoreKep,但它具有更高的优先级,更具体。该规则为轮询请求设置了非常低的采样率。这些是客户端每隔几秒钟发出的 GET 请求,以检查游戏状态的变化。

例 的 API 输入UpdateSamplingRule— 5000 个轮询分数 keep.json
{ "SamplingRule": { "RuleName": "polling-scorekeep", "ResourceARN": "*", "Priority": 5000, "FixedRate": 0.003, "ReservoirSize": 0, "ServiceName": "Scorekeep", "ServiceType": "*", "Host": "*", "HTTPMethod": "GET", "URLPath": "/api/state/*", "Version": 1 } }

标签是可选的。如果选择添加标签,则需要标签密钥,标签值是可选的。

$ aws xray create-sampling-rule --cli-input-json file://5000-polling-scorekeep.json --tags [{"Key": "key_name","Value": "value"},{"Key": "key_name","Value": "value"}] { "SamplingRuleRecord": { "SamplingRule": { "RuleName": "polling-scorekeep", "RuleARN": "arn:aws:xray:us-east-1:123456789012:sampling-rule/polling-scorekeep", "ResourceARN": "*", "Priority": 5000, "FixedRate": 0.003, "ReservoirSize": 0, "ServiceName": "Scorekeep", "ServiceType": "*", "Host": "*", "HTTPMethod": "GET", "URLPath": "/api/state/*", "Version": 1, "Attributes": {} }, "CreatedAt": 1530574399.0, "ModifiedAt": 1530574399.0 } } $ aws xray create-sampling-rule --cli-input-json file://9000-base-scorekeep.json { "SamplingRuleRecord": { "SamplingRule": { "RuleName": "base-scorekeep", "RuleARN": "arn:aws:xray:us-east-1:123456789012:sampling-rule/base-scorekeep", "ResourceARN": "*", "Priority": 9000, "FixedRate": 0.1, "ReservoirSize": 5, "ServiceName": "Scorekeep", "ServiceType": "*", "Host": "*", "HTTPMethod": "*", "URLPath": "*", "Version": 1, "Attributes": {} }, "CreatedAt": 1530574410.0, "ModifiedAt": 1530574410.0 } }

要删除采样规则,请使用 DeleteSamplingRule

$ aws xray delete-sampling-rule --rule-name polling-scorekeep { "SamplingRuleRecord": { "SamplingRule": { "RuleName": "polling-scorekeep", "RuleARN": "arn:aws:xray:us-east-1:123456789012:sampling-rule/polling-scorekeep", "ResourceARN": "*", "Priority": 5000, "FixedRate": 0.003, "ReservoirSize": 0, "ServiceName": "Scorekeep", "ServiceType": "*", "Host": "*", "HTTPMethod": "GET", "URLPath": "/api/state/*", "Version": 1, "Attributes": {} }, "CreatedAt": 1530574399.0, "ModifiedAt": 1530574399.0 } }

您可以使用 X-Ray API 管理您账户中的组。组是由筛选条件表达式定义的跟踪的集合。您可以使用组生成其他服务图并提供 Amazon CloudWatch 指标。请参阅从获取数据Amazon X-Ray以了解有关通过 X-Ray API 使用服务图和指标的更多详细信息。有关组的更多信息,请参阅配置组. 有关添加和管理标签的更多信息,请参阅为 X-Ray 采样规则和组添加标签.

使用 CreateGroup 创建一个组。标签是可选的。如果选择添加标签,则需要标签密钥,标签值是可选的。

$ aws xray create-group --group-name "TestGroup" --filter-expression "service(\"example.com\") {fault}" --tags [{"Key": "key_name","Value": "value"},{"Key": "key_name","Value": "value"}] { "GroupName": "TestGroup", "GroupARN": "arn:aws:xray:us-east-2:123456789012:group/TestGroup/UniqueID", "FilterExpression": "service(\"example.com\") {fault OR error}" }

使用获取所有现有群组GetGroups.

$ aws xray get-groups { "Groups": [ { "GroupName": "TestGroup", "GroupARN": "arn:aws:xray:us-east-2:123456789012:group/TestGroup/UniqueID", "FilterExpression": "service(\"example.com\") {fault OR error}" }, { "GroupName": "TestGroup2", "GroupARN": "arn:aws:xray:us-east-2:123456789012:group/TestGroup2/UniqueID", "FilterExpression": "responsetime > 2" } ], "NextToken": "tokenstring" }

使用更新组UpdateGroup. 标签是可选的。如果选择添加标签,则需要标签密钥,标签值是可选的。要从组中删除现有标签,请使用UntagResource.

$ aws xray update-group --group-name "TestGroup" --group-arn "arn:aws:xray:us-east-2:123456789012:group/TestGroup/UniqueID" --filter-expression "service(\"example.com\") {fault OR error}" --tags [{"Key": "Stage","Value": "Prod"},{"Key": "Department","Value": "QA"}] { "GroupName": "TestGroup", "GroupARN": "arn:aws:xray:us-east-2:123456789012:group/TestGroup/UniqueID", "FilterExpression": "service(\"example.com\") {fault OR error}" }

删除组DeleteGroup.

$ aws xray delete-group --group-name "TestGroup" --group-arn "arn:aws:xray:us-east-2:123456789012:group/TestGroup/UniqueID" { }