Enable CloudWatch Metric Streams in On-Prem Deployments
Prerequisites
- Public key certificate: AWS CloudWatch Metric Streams require a public signed-certificate to execute
POST
request to Sysdig endpoint over https and to validate the certificate. Self-signed certificates will not work. - AWS access key and AWS secret key. Sysdig installation uses the credentials to assume the role when you add the AWS account with the credentials.
Installation
Determine your environment and follow the instructions as given in the On-Prem Installation documentation.
Download the installer image.
We recommend that you contact your Sysdig Technical Account Manager to help you with the installation that matches your distribution.
Ensure that the directory with the certifcates and the
values.yaml
are at the same directory level. For example:$ ls certs installer-darwin-amd65 values.yaml $ ls certs my.server.cert my.server.key
In the
values.yaml
file, configure parameters as follows:sysdig: .... # this flag enables cloudwatch metric streams converter service cloudwatchMetricConverter: enabled: true # AWS secret key and access key that will be used by backend to assume role # if user adds account with role delegation secretKey: <AWS secret access key> accessKey: <AWS access key> # This is to avoid generating self-signed certificates and use custom certificates # path is relative to values.yaml file certificate: generate: false # In some cases this should be a full chain file # with certificate for particular URL plus intermediate certificate(s) # plus root certificate crt: certs/my.server.crt key: certs/my.server.key
With the changes in the
values.yaml
file, the Installer will update the Sysdig backend to enable AWS Cloudwatch Metric Streams.Continue with the installation as given in On-Prem Installation documentation.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.