burncloud-aws 0.1.1

burncloud-aws
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

# CLAUDE.md

This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.

## Build and Development Commands

### Core Commands
- **Build project**: `cargo build`
- **Deploy Lambda monitoring**: `cargo run --bin deploy_lambda`
- **Test Bedrock API call**: `cargo run --bin test_bedrock_call`
- **Quick debug**: `cargo run --bin quick_debug`
- **Test detailed logging**: `cargo run --bin test_detailed_logging`
- **Setup CloudWatch alarms**: `cargo run --bin cloudwatch_alarm_setup`
- **Setup SNS-Lambda integration**: `cargo run --bin sns_lambda_setup`
- **Test SNS alarms**: `cargo run --bin test_sns_alarm`

### Development Workflow
- **Check compilation**: `cargo check`
- **Run tests**: `cargo test`
- **Format code**: `cargo fmt`
- **Lint code**: `cargo clippy`

## Architecture Overview

This is a comprehensive AWS Bedrock monitoring system with multi-layer data storage and real-time alerting.

### Complete Monitoring Pipeline
1. **CloudTrail****EventBridge****Lambda****Redis** (API call monitoring)
2. **CloudWatch Metrics****Alarms****SNS****Lambda****Redis** (threshold monitoring)
3. **Lambda****CloudWatch Logs** (detailed request/response logging)

### Core Components
1. **AWS Deployment Infrastructure** (`src/aws_deploy.rs`): Complete AWS stack deployment including Lambda, IAM, CloudWatch, SNS, EventBridge, and CloudTrail
2. **Enhanced Lambda Function**: Embedded Python code with Redis, CloudWatch Logs, SNS event handling, and data sanitization
3. **Configuration Management** (`src/config.rs`): Environment variables and AWS credentials
4. **Redis Integration** (`src/redis_client.rs`): Time-series data storage on www.burncloud.com:6666

### Binary Targets
Essential tools for development and testing:
- `deploy_lambda`: Full stack deployment
- `test_bedrock_call`: Direct Bedrock API testing
- `quick_debug`: Redis connectivity and Lambda function testing
- `test_detailed_logging`: Comprehensive CloudWatch Logs testing
- `cloudwatch_alarm_setup`: Creates 7 CloudWatch alarms for throttling/errors
- `sns_lambda_setup`: Configures SNS-to-Lambda triggers
- `test_sns_alarm`: SNS alarm event simulation

### AWS Services Architecture
- **AWS Lambda**: `bedrock-monitor-function` with enhanced Python runtime
- **CloudWatch**: Metrics, Alarms (7 alarm types), and Logs (standard + detailed)
- **SNS**: `bedrock-throttling-alerts` topic for alarm notifications
- **EventBridge**: `bedrock-api-monitor-rule` for CloudTrail events
- **CloudTrail**: API call auditing and management event monitoring
- **IAM**: `lambda-bedrock-monitor-role-*` with comprehensive permissions

### Data Storage Strategy
- **Redis**: Real-time status counts and detailed request records
- **CloudWatch Logs Standard**: Lambda execution logs and print statements
- **CloudWatch Logs Detailed**: `/aws/lambda/bedrock-monitor-function/detailed` with structured JSON logs
- **CloudWatch Metrics**: Numerical data for alerting (InvocationThrottles, errors, etc.)

### Configuration Requirements
`.env` file requires:
- AWS credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION=ap-northeast-1)
- Redis configuration (REDIS_HOST=www.burncloud.com, REDIS_PORT=6666, REDIS_PASSWORD)
- Logging level (RUST_LOG=info)

### Monitoring Data Flow
1. **API Call**: Bedrock API → CloudTrail → EventBridge → Lambda
2. **Threshold Alert**: CloudWatch Metrics → Alarm → SNS → Lambda
3. **Detailed Logging**: Lambda → CloudWatch Logs (structured JSON with data sanitization)
4. **Real-time Storage**: All data stored in Redis with time-series keys

### Key Lambda Function Capabilities
- **Multi-event Processing**: EventBridge, SNS, and direct invocation support
- **Intelligent Logging**: Full detail for errors, summary for success, partial for others
- **Data Sanitization**: Automatic removal of API keys, tokens, emails, phone numbers, credit cards
- **Redis Integration**: Comprehensive data storage with expiration and indexing
- **CloudWatch Logs**: Structured JSON logging with automatic log group/stream management

## Testing Strategy
- **Unit Testing**: Each binary can be run independently
- **Integration Testing**: `test_detailed_logging` covers all event types and data sanitization
- **End-to-End Testing**: `test_bedrock_call` validates the complete monitoring chain
- **Debug Tools**: `quick_debug` for rapid connectivity and function validation

## Implementation Notes
- Minimal dependencies with comprehensive AWS SDK integration
- Chinese language responses and documentation per project requirements
- Production-ready with error handling, retries, and graceful degradation
- Security-focused with data sanitization and IAM least-privilege principles
- Cost-optimized with intelligent logging levels and Redis expiration policies