Make sure you’ve completed the Getting Started instructions prior to continuing.
To initialize StreamAlert:
$ python manage.py terraform init
This will perform the following:
- Create S3 buckets and encryption keys.
- Create AWS Lambda functions.
- Build declared infrastructure in the Terraform files.
- Deploy initial production AWS Lambda versions.
yes at each prompt.
As new rules, sources, or outputs are added to StreamAlert, new versions of the AWS Lambda functions must be deployed for changes to become effective.
To accomplish this,
manage.py contains a
lambda deploy command.
To deploy new changes for all AWS Lambda functions:
$ python manage.py lambda deploy --processor all
Optionally, to deploy changes for only a specific AWS Lambda function:
$ python manage.py lambda deploy --processor rule $ python manage.py lambda deploy --processor alert
To apply infrastructure level changes (additional Kinesis Shards, new CloudTrails, etc), run:
$ python manage.py terraform build
To speed up the Terraform run, the module name may be specified with the
$ python manage.py terraform build --target kinesis # tf_stream_alert_kinesis module $ python manage.py terraform build --target stream_alert # tf_stream_alert module
StreamAlert clusters contain a module to create CloudWatch Alarms for monitoring AWS Lambda invocation errors.
These ensure that the currently running code is reliable. To access these monitors, login to AWS Console and go to CloudWatch, and then click Alarms.
StreamAlert Lambda functions are invoked via a
production alias that can be easily rolled back
to point to the previous version:
$ ./manage.py lambda rollback --processor rule $ ./manage.py lambda rollback --processor alert $ ./manage.py lambda rollback --processor all
This is helpful to quickly revert changes to Lambda functions, e.g. if a bad rule was deployed.