This page describes how to install Lenses via the AWS Marketplace.
The AWS Marketplace offering requires AWS MSK (Managed Apache Kafka) to be available. Optionally, AWS RDS (or any other PostgreSQL-compatible database) can be configured for Lenses to store its state.
The following AWS resources are created:
An EC2 instance that runs Lenses;
A SecurityGroup to allow network access to the Lenses UI;
A SecurityGroupIngress for Lenses to connect to MSK;
A CloudWatch LogGroup where Lenses stores its logs;
An IAM Role to allow the EC2 instance to store logs;
An IAM InstanceProfile to pass the role to the EC2 instance;
Optionally if enabled during deployment: an IAM Policy to allow the EC2 instance to emit CloudWatch metrics.
Deployment takes approximately three minutes.
Select CloudFormation Template, Lenses EC2 and your region.
Choose Launch CloudFormation.
Continue with the default options for creating the stack in the AWS wizard.
Fill in the parameters at Specify stack details.
Deployment Here the EC2 instance size and password for the Lenses admin user are set. A t2.large instance size is recommended;
Network Configuration This section controls the network settings of the Lenses EC2 instance. The ingress allows access to the Lenses UI only from particular IP addresses;
MSK Set the Security Group ID to that of your MSK cluster. A rule will be added to it so that Lenses can communicate with your cluster. You can find the ID by navigating in the AWS console to your MSK cluster and then under Properties -> Networking settings;
Monitoring Optionally produce the Lenses logs to CloudWatch;
Storage Lenses stores its state in a database locally on the EC2 instance’s disk or in a PostgreSQL database. Local storage is a development/quickstart option and is not suitable for production use. It is advised to use a Postgres database for smoother upgrades.
Review the stack.
Accept the terms and conditions and create the stack.
Once the stack has deployed, go to the Output tab and click on the FQDN link. If there are no outputs listed you might need to press the refresh button.
Login to Lenses with admin and the password value you have submitted for the parameter LensesAdminPassword.
Lenses supports connection to MSK brokers via IAM. If Lenses is deployed on an EC2 instance it will use the default credential chain loader to authenticate and connect to MSK.
The following Regions are supported:
us-east-1
;
us-east-2
;
us-west-1
;
us-west-2
;
ca-central-1
;
eu-central-1
;
eu-west-1
;
eu-west-2
;
eu-west-3
;
ap-southeast-1
;
ap-southeast-2
;
ap-south-1
;
ap-northeast-1
;
ap-northeast-2
;
sa-east-1
.
Please:
Do not use your AWS root user for deployment or operations;
Follow the least privileges principle when granting access to individual IAM user accounts;
Avoid allowing traffic to the Lenses UI from a broad CIDR block where a more specific block could be used.
AWS billing applies for the EC2 instance, CloudWatch logs and optionally CloudWatch metrics.
For the hourly billed version additional hourly charges apply, which depend on the instance size. For the Bring Your Own License (BYOL) you can get a free trial license here.
In case you run into problems, e.g. you cannot connect to Lenses, then the logs could provide more information. The easiest route to do this is to go to CloudWatch in the AWS console. Here, find the log group corresponding to your deployment (it has the same name as the deployment) and pick a log stream. The stream with the /lenses.log
suffix contains all log lines regardless of the log level; the stream with the /lenses-warn.log
suffix only contains warning-level logs.
If the above fails, for example, because the logs integration is broken, you can SSH into the EC2 instance. Lenses is installed into /opt/lenses
, the logs can be found under /opt/lenses/logs
for further inspection