CloudWatch Monitoring

Sysdig provides AWS monitoring capabilities to help you surveil the health and performance of your AWS infrastructure in one location. You can collect both general metadata and various types of CloudWatch metrics from your AWS environment for this purpose.

For CloudWatch Monitoring, use one of the following methods to connect an AWS account to Sysdig:

  • CloudWatch Metric Streams. You can do this in the following ways:

    • Use the CloudFormation template that Sysdig provides.

      Sysdig recommends using CloudFormation because it automatically creates all the resources required and it allows for setting up metric streams in multiple AWS regions simultaneously. See Use the CloudFormation Template.

    • Use your own CloudFormation template. See Case 2: Use the AWS Console.

    • Manually enter an AWS access key and secret key, and rotate them as needed. See Connect Manually.

    • Configure AWS Role Delegation. Role delegation is an alternative to the existing integration methods using the access keys. This method is considered secure as sharing developer access keys with third-parties is not recommended by Amazon. See Connect Manually.

  • Use AWS CloudWatch APIs. You can do this in the following ways:

After you connect an AWS account, data will become visible in the Sysdig Monitor UI after a 10-15 minute delay.

Connect an AWS Account

  1. Log in to Sysdig Monitor as an Admin.

  2. In the left-hand sidebar, select Integration > Cloud Accounts.

    The Cloud Accounts page is displayed.

  3. Select Add Account > AWS.

    The Connect AWS Account wizard appears.

  4. Select Cloud Watch Monitoring.

    You can add a new account or choose an existing account.

  5. Depending on your feature section, select the appropriate integration method.

    • CloudWatch Metric Streams

      • Use CloudFormation Template: Sysdig provides a CloudFormation template you can easily fill in. Select this option to open an AWS console for creating a stack. You will be given a pre-populated template to help you set up a stack to forward the data to Sysdig. Continue with Use the CloudFormation Template.
      • Configure Manually: Set up metric streams with the AWS console. Continue with Connect Manually.

    • CloudWatch API

  6. Complete the installation and click Confirm.

Connect with CloudWatch Metric Streams

You can connect an AWS account using CloudWatch Metric Streams either by using the CloudFormation template provided by Sysdig, or manually setting up all the metric streams resources by yourself.

Use the CloudFormation Template

On Sysdig Monitor UI

  1. On the Connect Cloud Accounts page, select CloudWatch Metric Streams.
  2. Click Use CloudFormation Template. You are redirected to log in to your AWS account. Continue with On AWS Console.

On AWS Console

Sysdig provides a CloudFormation Template to create stack corresponding to CloudWatch Metric Streams. The metric stream you create feeds data to Sysdig in each region specified in the template, and the role you specified run and monitor the metric stream.

  1. Ensure that you are logged in to your AWS account.

  2. The following information, except CreateNewRole, will be populated in the QuickCreate page. Change if necessary.

    • Stack Name: This is the unique name to identify the stack you create.
      • Cloud Watch Monitoring: The default name is Sysdig-CloudwatchMetricStream.
      • Cost and Usage Reporting: The default name is Sysdig-PrivateBilling.
    • API Key: Your Sysdig API key.
    • SysdigSite: The Sysdig Monitor URL associated with your region is auto-populated. Edit if you want to change the Sysdig URL.
    • Regions: The regions where you want to enable metric streaming. Enter them in a comma-separated list.
    • Sysdig AWS Account ID: The Sysdig AWS account ID that will assume MonitoringRole to check status of CloudWatch metric stream.
    • Sysdig External ID: Your Sysdig External ID which will be used when assuming roles in the account
    • CreateNewRole: Select true if you are creating a new role. If you are using an existing role, select false.
    • MonitoringRoleName: The default role name is SysdigCloudwatchIntegrationMonitoringRole. You can specify a different role if you wish to.

  3. Click Acknowledge that AWS CloudFormation might create IAM resources with custom names.

  4. Click Create Stack. Expect a 10-15 minute delay to complete the creating the stack.

Connect Manually

Case 1: Use the Sysdig CloudFormation Template

If you’ve already deployed the Sysdig CloudWatch Streams CloudFormation Template and are receiving metric streams, you can manually associate your AWS account for verifying the status of your CloudWatch Streams and namespace sources.

In the Sysdig Monitor UI

  1. On the New AWS Account screen, select one of the methods:

    • Role Delegation: Specify the following:

      • Account ID: Your AWS account ID.
      • Role: The name you entered for MonitoringRoleName. This role will be used by Sysdig to monitor status of the stream. The Parameter tab on the Stack details page gives you the MonitoringRoleName. For more information on Role Delegation, see Role Delegation.

    • Access Key: Specify the following:

  2. Click Confirm.

Case 2: Use the AWS Console

You can choose to set up CloudWatch Metric Streams manually instead of using the Sysdig CloudFormation template. To do so, perform the following steps for each AWS region.

On AWS Console

  1. Log in to your AWS account.

  2. Create Kinesis Data Firehose Delivery Stream:

    1. Specify the following:

      • Source: Select Direct PUT or Other Sources.
      • Destination: Select HTTP endpoint.

    2. Specify the destination settings:

      • HTTP endpoint URL: Enter https://<your-sysdig-URL>/api/awsmetrics/v1/input.

      Based on your Sysdig URL associated with your region, replace <your-sysdig-URL> with one of the following:

      • app.sysdigcloud.com
      • us2.app.sysdig.com
      • eu1.app.sysdig.com

      For more information on regions, see SaaS Regions and IP Ranges.

      • Access key: Enter your Sysdig Monitor API Token. For more information, see Retrieve the Sysdig API Token.

      • Content encoding: Select Disabled.

      • Retry duration: Enter 60 seconds.

      • HTTP Buffer hints: Specify the following:

        • Buffer size: Enter 5MB.
        • Buffer interval: Enter 60 seconds.

    3. Specify the backup settings:

      • Source record backup in Amazon S3: Select Failed data only and choose an appropriate S3 bucket for backup.
      • HTTP Buffer hints: Specify the following:
        • Buffer size: Enter 5MB.
        • Buffer interval: Enter 60 seconds.
      • S3 compression: Select GZIP.

    4. For advanced settings, select Enable error logging.

    5. Click Create delivery stream.

  3. Create a new CloudWatch Metric Stream:

    1. Specify the following:
      • Metrics to be streamed: Either select all CloudWatch metrics, or choose specific namespaces with Include or Exclude lists.
    2. Specify the Configuration:
      • Choose Select an existing Firehose owned by your account and specify the Kinesis Data Firehose delivery stream created earlier for sending the metrics to Sysdig.
      • Service access to write to Kinesis Data Firehose: Select Create and use a new service role.
      • Change the output format: Select OpenTelemetry 0.7.
    3. Specify a meaningful name for the new metric stream.
    4. Click Create metric stream.

In the Sysdig Monitor UI

Log in to Sysdig Monitor, and add a new account by using Role Delegation or Access Key. Ensure that you configure the IAM Policy while setting up CloudWatch Metric Streams.

Use CloudWatch API

  1. On the Connect Cloud Accounts page, select one of the methods:

    • Role Delegation: Specify the following:

      • Account ID: Your AWS account ID.
      • Role: The name you entered for MonitoringRoleName. This role will be used by Sysdig to monitor status of the stream. The Parameter tab on the Stack details page gives you the MonitoringRoleName. For more information, see Role Delegation.

    • Access Key: Specify the following:

      • Access Key ID: Your AWS access key ID.
      • Secret Access Key: The secret access key associated with your account.

    For more information, see Integrate AWS Account and CloudWatch Metrics.

  2. Click Confirm.