This Sample Solution provides all required resources to deploy to the AWS cloud a fully functional SP-API application that implements the SP-API Error Monitoring use case end-to-end. Use this application to test the proposed solution, do changes and/or integrate it to your own product.
This sample solution implements an error monitoring and alerting workflow. API error response codes are captured from the logs and alert is sent when the volume of errors hits a specific threshold.
This solution consists of the following components,
- A Lambda function which includes code to execute SP-API calls that return 4xx errors.
- EventBridge Scheduler to trigger the Lambda function based on the defined schedule in app config to generate logs that will have 4xx errors.
- CloudWatch Metric Filters to identify the 4xx errors from the CloudWatch logs of Lambda execution.
- CloudWatch Metrics to monitor the sum of occurrences of 4xx errors.
- CloudWatch Alarm to send notification to the email id mentioned in the config file when the errors cross the threshold.
- Simple notification service to send email alerts to users
Lambda function includes sample code to execute SP-API calls that return 4xx errors and the event scheduler triggers the lambda function every few minutes as defined in the config. Cloudwatch metric filters created will filter the errors from the logs and trigger alerts when the volume of errors exceeds a defined threshold.
The pre-requisites for deploying the Sample Solution App to the AWS cloud are:
- Registering as a developer for SP-API, and registering an SP-API application
- An IAM user with permissions to create a new user, a policy, and attach it to the user
- If you don't have one, you can create it following the steps under Usage - 2. Configure Sample Solution App's IAM user
- The AWS CLI
- If not present, it will be installed as part of the deployment script
- NodeJS 14.15.0 or later
- Required by AWS CDK stack for the sample solution deployment.
- If not present, it will be installed as part of the deployment script.
- Maven
- Just for deploying a Java-based application
- If not present, it will be installed as part of the deployment script
- GitBash
- in case you use Windows in order to run the deployment script.
To allow the Sample Solution App to connect to SP-API, the config file has to be updated to match the set-up of your SP-API application.
- Open app.config file and replace all occurrences of
<dev_value>following the instructions below: - Update
ClientIdandClientSecretattribute values with Client Id and Client Secret of the SP-API application respectively - Update
RefreshTokenattribute value with the refresh token of the selling partner you will be using for testing - Update
EmailIdattribute with the email address you would like to receive email notifications on - Update
Scheduleattribute to the event bridge schedule that you would like to use. Sample value for testingrate(1 minute)
Note: While updating the config file, don't leave blank spaces before and after
=, and don't use quotation marks
ClientId=amzn1.application-oa2-client.abc123def456xyz789
ClientSecret=amzn1.oa2-cs.v1.abc123def456xyz789
RefreshToken=Atzr|IQEBLzAtAhexamplewVz2Nn6f2y-tpJX2DeX...
[email protected]
Schedule=rate(1 minute)
You have to set region code and marketplace id that matches your account in the code. By default it is set to US. If you want to change the values go to ErrorMonitoringHandler.java and enter the proper data. Available values can be found in Constants.java.
In order to execute the deployment script, an IAM user with the appropriate permissions is needed. To create a new IAM policy with the required permissions, follow the steps below.
- Open the AWS console
- Navigate to IAM Policies console
- Click Create policy
- Next to Policy editor, select JSON and replace the default policy with the JSON below
- Replace all usages of account id with your individual account id.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SPAPISampleAppIAMPolicy",
"Effect": "Allow",
"Action": [
"iam:CreateUser",
"iam:DeleteUser",
"iam:CreatePolicy",
"iam:DeletePolicy",
"iam:AttachUserPolicy",
"iam:DetachUserPolicy",
"iam:CreateAccessKey",
"iam:DeleteAccessKey",
"iam:GetRole",
"iam:CreateRole",
"iam:TagRole",
"iam:AttachRolePolicy",
"iam:PutRolePolicy",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:DetachRolePolicy",
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::851725361926:user/*",
"arn:aws:iam::851725361926:policy/*",
"arn:aws:iam::851725361926:role/*"
]
},
{
"Sid": "SPAPISampleAppCloudFormationPolicy",
"Effect": "Allow",
"Action": [
"cloudformation:*",
"ecr:*",
"ssm:*"
],
"Resource": [
"arn:aws:cloudformation:us-east-1:851725361926:stack/CDKToolkit/*",
"arn:aws:ecr:us-east-1:851725361926:repository/cdk*",
"arn:aws:ssm:us-east-1:851725361926:parameter/cdk-bootstrap/*",
"arn:aws:cloudformation:us-east-1:851725361926:stack/sp-api-app*"
]
},
{
"Sid": "SPAPISampleAppCloudFormationS3Policy",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::cdk*",
"arn:aws:s3:::sp-api-app-bucket*"
]
}
]
}
- Click Next
- Select a name for your policy. Take note of this value as you will need it in the next section.
- Review the changes and click Create policy
To create a new IAM user with the required permissions, follow the steps below.
- Open the AWS console
- Navigate to IAM Users console
- Click Create user
- Select a name for your user
- In the Set permissions page, select Attach policies directly
- In the Permissions policies, search for the policy created in I. Create IAM policy section. Select the policy, and click Next
- Review the changes and click Create user
Security credentials for the IAM user will be requested during the deployment script execution. To create a new access key pair, follow the steps below. If you already have valid access key and secret access key, you can skip this section.
- Open the AWS console
- Navigate to IAM Users console
- Select the IAM user created in II. Create IAM user
- Go to Security credentials tab
- Under Access keys, click Create access key
- In Access key best practices & alternatives page, select Command Line Interface (CLI)
- Acknowledge the recommendations, and click Next
- Click Create access key
- Copy
Access keyandSecret access key. This is the only time that these keys can be viewed or downloaded, and you will need them while executing the deployment script - Click Done
The deployment script will create a Sample Solution App in the AWS cloud. To execute the deployment script, follow the steps below.
- Identify the deployment script for the programming language you want for your Sample Solution App.
- For example, for the Java application the file is app/scripts/java/java-app.sh
- Execute the script from your terminal or Git Bash
- For example, to execute the Java deployment script in a Unix-based system or using Git Bash, run
bash java-app.sh
- For example, to execute the Java deployment script in a Unix-based system or using Git Bash, run
- Wait for the CDK stack creation to finish
- Navigate to CloudFormation console
- Wait for the stack named sp-api-app-<language>-random_suffix to show status
CREATE_COMPLETE
The deployment script creates a Sample Solution App in the AWS cloud. To test the sample solution, follow the steps below.
- Open the AWS console
- Navigate to CloudWatch console
- Click on All Metrics
- Select SP-API/4xxErrors under Custom namespaces
- Click on Metrics with no dimensions
- Select the first checkbox beside Metric name 4/4. This will select all 4 4xx error metrics
- Click on Graphed metrics
- With the 4 metrics selected, Select Statistic as Sum instead of Average
You will notice the number of 4xx errors that are being logged in the AWS CloudWatch. We have added Alarms in the sample solution to send alerts to the specified email id in the config when the 4xx errors cross a certain threshold. In order to view the CloudWatch Alarm and the threshold, follow these steps:
- Navigate to CloudWatch console
- Click on All Alarms
- Select one of the Alarms sp-api-app-random_suffix-4xxAlarm to view the Alarm details and the threshold which will trigger the email notification.
You can play around with the frequency and threshold of the 4xx errors you would like to monitor and the schedule of the EventBridge to trigger the Lambda function to run the setup. If you need to make changes to the EventBridge schedule, follow these steps:
- Change the schedule to minutes, hours or days in app config
In order to make changes to the 4xx error notification threshold, follow these steps:
- Go to the app-template.yaml file.
- Change the Period, EvaluationPeriod and Threshold for the 4xx Alarm: 400Alarm, 403Alarm, 404Alarm and 429Alarm
Period: 300
EvaluationPeriods: 1
Threshold: 5
The deployment script creates a number of resources in the AWS cloud which you might want to delete after testing the solution. To clean up these resources, follow the steps below.
- Identify the clean-up script for the programming language of the Sample Solution App deployed to the AWS cloud.
- For example, for the Java application the file is app/scripts/java/java-app-clean.sh
- Execute the script from your terminal or Git Bash
- For example, to execute the Java clean-up script in a Unix-based system or using Git Bash, run
bash java-app-clean.sh
- For example, to execute the Java clean-up script in a Unix-based system or using Git Bash, run
If you do not receive email notifications, follow the steps below to identify the root-cause and retry the workflow
- Open the AWS console
- Navigate to Lambda console
- Select the Lambda function created by the deployment script, named ErrorMonitoringLambdaFunction-random_suffix
- Click on Test tab
- Select Create new event
- Enter Event Name
- Keep the event JSON as it is and click on Save
- Once the Event JSON is saved, click on Test multiple times to trigger Lambda Function
- Click on Monitor tab and select View CloudWatch logs
- You will see CloudWatch logstreams created, select one of them to investigate if the Lambda function ran successfully and you are able to view the 4xx errors in the CloudWatch logs.