Skip to main content

AWS CloudWatch Monitoring

You can forward metrics from AWS CloudWatch to Sysdig Monitor using AWS Metric Streams or the CloudWatch API. This provides cloud account visibility over AWS services, such as Lambda, Elastic Load Balancers (ELB) and Simple Storage Service (S3). You can configure CloudWatch integration using CloudFormation or Terraform.
Forwarding CloudWatch Metric Streams to Sysdig Monitor offers more granular data, lower latency, and better scalability, though it requires additional AWS resources that incur AWS charges. On the other hand, using the CloudWatch API is easier to set up but delivers less granular data with higher latency, which may not be ideal for troubleshooting.
Metric StreamsCloudWatch APIs
Monitors all the AWS services including custom namespacesMonitors a limited set of AWS services (ELB, ALB, RedshiftCluster, EBS, DynamoDB, EC2, ElastiCache, EMR, RDS, and SQS)
1-minute metric granularity5-minute metric granularity
No API polling is needed, eliminating the potential for API throttlingAWS CloudWatch API must be polled for metrics, leading to potential API throttling
CloudWatch Metric Streams can be provisioned with Terraform or CloudFormation. In both cases, the following resources are created in your AWS environment:
  • aws_cloudwatch_log_group.sysdig_stream_logs
  • aws_cloudwatch_log_stream.http_log_stream
  • aws_cloudwatch_log_stream.s3_backup
  • aws_cloudwatch_metric_stream.sysdig_metric_stream_all_namespaces
  • aws_iam_role.service_role
  • aws_iam_role.sysdig_cloudwatch_integration_monitoring_role
  • aws_iam_role.sysdig_cloudwatch_metric_stream_role
  • aws_iam_role_policy.cloud_monitoring_policy
  • aws_kinesis_firehose_delivery_stream.sysdig_metric_kinesis_firehose
  • aws_s3_bucket.sysdig_stream_backup_bucket

Provision AWS CloudWatch Metric Streams with Terraform

For details on provisioning AWS CloudWatch Metric Streams, see the Sysdig Monitor Terraform Repository.

Provision AWS CloudWatch Metric Streams with CloudFormation

  1. Log in to Sysdig Monitor as an Admin.
  2. In the left sidebar, select Integrations > Cloud Accounts.
    The Cloud Accounts page appears.
  3. Select Add Account > AWS > CloudWatch Monitoring > CloudWatch Metric Streams.
  4. Open Use CloudFormation Template to load a CloudFormation stack that provisions CloudWatch Metric Streams.

Connect Sysdig Monitor to the AWS CloudWatch API

Sysdig Monitor recommends using role delegation to poll the CloudWatch API in your AWS account. To enable this, Sysdig Monitor must be allowed to assume an IAM role in your AWS account with the necessary permissions. For instructions to set up cross-account IAM role delegation, see Enable AWS Role Delegation with API.Alternatively, you can provide an IAM access key and secret key with the same permissions.
{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Action": [
               "autoscaling:Describe*",
               "cloudwatch:Describe*",
               "cloudwatch:Get*",
               "cloudwatch:List*",
               "dynamodb:ListTables",
               "dynamodb:Describe*",
               "ec2:Describe*",
               "ecs:Describe*",
               "ecs:List*",
               "elasticache:DescribeCacheClusters",
               "elasticache:ListTagsForResource",
               "elasticloadbalancing:Describe*",
               "rds:Describe*",
               "rds:ListTagsForResource",
               "sqs:ListQueues",
               "sqs:GetQueueAttributes",
               "sqs:ReceiveMessage"
           ],
           "Effect": "Allow",
           "Resource": "*"
       }
   ]
}

Enable CloudWatch Metric Streams in On-Prem Deployments

Sysdig on-prem versions 6.1.1 and above can collect various types of CloudWatch Metric Streams from your AWS environment. This page outlines the prerequisites and steps to enable this service in your on-prem deployment.

Prerequisites

  • Public key certificate: AWS CloudWatch Metric Streams require a publicly signed certificate to execute a POST request to the Sysdig endpoint over HTTPS and to validate the certificate. Self-signed certificates will not work.
  • AWS access key and AWS secret key. Sysdig installation uses the credentials to assume the role when you add the AWS account with the credentials.

Installation

  1. Determine your environment and follow the instructions as given in the On-Prem Installation documentation.
  2. Download the installer image.
    We recommend that you contact your Sysdig Technical Account Manager to help you with the installation that matches your distribution.
  3. Ensure that the directory with the certificates and the values.yaml are at the same directory level. For example:
$ ls
certs   installer-darwin-amd64  values.yaml

$ ls certs
my.server.cert  my.server.key
  1. In the values.yaml file, configure parameters as follows:
sysdig:
  ....
  # this flag enables cloudwatch metric streams converter service
  cloudwatchMetricConverter:
    enabled: true

  # AWS secret key and access key that will be used by backend to assume role
  # if user adds account with role delegation
  secretKey: <AWS secret access key>
  accessKey: <AWS access key>

  # This is to avoid generating self-signed certificates and use custom certificates
  # path is relative to values.yaml file
  certificate:
    generate: false

    # In some cases this should be a full chain file
    # with certificate for particular URL plus intermediate certificate(s)
    # plus root certificate
    crt: certs/my.server.crt
    key: certs/my.server.key
With the changes in the values.yaml file, the Installer will update the Sysdig backend to enable AWS CloudWatch Metric Streams.Starting from on-premises version 7.4.0, the values.yaml schema has changed. See the release notes for more details.

YAML Configuration (version 7.4.0 and later)

cloudwatchMetricStreamsConverter:
  enabled: true
global:
  accessKey: <AWS access key>
  secretKey: <AWS secret access key>
  certificate:
    generate: false
    crt: certs/my.server.crt
    key: certs/my.server.key
  1. Continue with the on-premises installation.