AWS CloudWatch
Hosted Graphite provides an Amazon AWS CloudWatch add-on available in the Add-Ons page of your account. This add-on syncs the metrics from the specified AWS services/regions into your account.
To connect to your CloudWatch account, you need to set up Identity and Access Management (IAM) access keys in your AWS Account, with the appropriate permissions to allow Hosted Graphite to connect and collect your metrics.
Contents
Let’s create a policy that we will later attach to the user.
- In the IAM Dashboard, click on Policies (on the left) or Customer Managed Policies in under IAM Resources, then click on Create Policy.
- Switch to the JSON tab, replace the existing text with the policy provided below, and click ‘Review policy‘.
- Give the policy a name (Eg: HG_policy) and a description (optional).
- Save the policy by clicking ‘Create Policy‘.
{
"Statement": [
{
"Sid": "PermissionsForMetrics",
"Effect": "Allow",
"Action": [
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"rds:DescribeDBInstances",
"route53:ListHealthChecks",
"sqs:ListQueues",
"elasticache:DescribeCacheClusters",
"elasticloadbalancing:DescribeLoadBalancers",
"kinesis:ListStreams",
"redshift:DescribeClusters",
"elasticmapreduce:ListClusters",
"elasticmapreduce:DescribeCluster",
"cloudfront:ListDistributions"
],
"Resource": [
"*"
]
},
{
"Sid": "PermissionsForTags",
"Effect": "Allow",
"Action": [
"elasticache:ListTagsForResource",
"elasticloadbalancing:DescribeTags",
"cloudfront:ListTagsForResource",
"route53:ListTagsForResource",
"kinesis:ListTagsForStream",
"rds:ListTagsForResource",
"lambda:ListFunctions",
"iam:GetUser"
],
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
}
With the policy set up, we’ll create a user to attach the policy to. We’ll use the Access Key/Secret Key tokens to give Hosted Graphite permission to import CloudWatch metric data.
- In the IAM Console, click on ‘Users‘ on the left or under IAM Resources. Then select ‘Add User‘.
- Give the user a name (Eg: HG_addon) and ‘Programmatic access‘ for the Access type.
- Click ‘Next: Permissions‘ and click the ‘Attach existing policies directly‘ button at the top.
- Search for the policy we just created and attach it by clicking the corresponding checkbox, then press ‘Next: Review‘.
- Click on ‘Create User‘ and copy the Access Key and Secret Key into the relevant fields on the add-on set-up page here. Optionally, you can download a copy of this account information, but keep it safe as this information can be sensitive.
