Enable CloudWatch Metric Streams in On-Prem Deployments

Sysdig on-prem versions 6.1.1 and above can collect various types of CloudWatch Metric Streams from your AWS environment. This page outlines the pre-requisites and steps to enable this service in your on-prem deployment.


  • Public key certificate: AWS CloudWatch Metric Streams require a public signed-certificate to execute POST request to Sysdig endpoint over https and to validate the certificate. Self-signed certificates will not work.
  • AWS access key and AWS secret key. Sysdig installation uses the credentials to assume the role when you add the AWS account with the credentials.


  1. Determine your environment and follow the instructions as given in the On-Prem Installation documentation.

  2. Download the installer image.

    We recommend that you contact your Sysdig Technical Account Manager to help you with the installation that matches your distribution.

  3. Ensure that the directory with the certifcates and the values.yaml are at the same directory level. For example:

    $ ls
    certs   installer-darwin-amd65  values.yaml
    $ ls certs
    my.server.cert  my.server.key
  4. In the values.yaml file, configure parameters as follows:

      # this flag enables cloudwatch metric streams converter service 
        enabled: true
      # AWS secret key and access key that will be used by backend to assume role
      # if user adds account with role delegation
      secretKey: <AWS secret access key>
      accessKey: <AWS access key>
      # This is to avoid generating self-signed certificates and use custom certificates
      # path is relative to values.yaml file
        generate: false
        # In some cases this should be a full chain file
        # with certificate for particular URL plus intermediate certificate(s)
        # plus root certificate
        crt: certs/my.server.crt
        key: certs/my.server.key

    With the changes in the values.yaml file, the Installer will update the Sysdig backend to enable AWS Cloudwatch Metric Streams.

  5. Continue with the installation as given in On-Prem Installation documentation.