Skip to main content

CloudWatch

Supported Versions

Type

Authentication Type

SaaS Deployments

CloudFormation, Webhook

Org Bearer Token

The core of this integration works by creating an SNS topic and subscribing to a BigPanda alerts endpoint. BigPanda then processes and correlates the data from CloudWatch to create and maintain up-to-date incidents in BigPanda. When an alarm closes in CloudWatch, the alert is closed in BigPanda. BigPanda can set the SNS topic for all configured alarms if desired upon initial configuration.

If the automatic sync is enabled, BigPanda periodically updates all alarms with the SNS topic to ensure that BigPanda receives data for any alarms created after the system was first integrated.

Open Integration Manager

The Open Integration Manager is available for use with this integration. For more information, see the Open Integration Manager documentation.

Payload size

Alert payloads must be 6MB or smaller. Larger payloads will fail to process with BigPanda. We recommend reviewing your configurations to ensure that only actionable, useful information is being sent to BigPanda.

Key Features

  • Uses the Amazon Simple Notification Service (SNS) to send CloudWatch Alarm data to BigPanda.

  • Correlates alarms from CloudWatch to help you understand and respond faster to issues with your AWS resources and applications.

  • Provides the option to automatically sync CloudWatch Alarms created after the initial configuration with BigPanda.

Data Model

BigPanda normalizes Alarm data from CloudWatch into tags. You can use tag values to filter the incident feed and to define filter conditions for Environments.

Default Tags

BigPanda Tag

CloudWatch Property

Attributes

object

AlarmName

Primary Property

check

Trigger.MetricName

Secondary Property (Default).

description

NewStateReason

alarm_description

AlarmDescription

Secondary Property if check is not present

timestamp

StateChangeTime

trigger_{{property}}

Trigger and Trigger.Dimensions

Trigger is an object of key, value pairs.

Trigger.Dimensions is an array of objects with name and value as the only two properties in each object.

Each key will have a prefix of trigger_

Install the Integration

The BigPanda CloudWatch integration is available as a basic CloudFormation template, or with Terraform module support.

Before You Integrate

  • Obtain a BigPanda Bearer Token

  • Obtain a CloudWatch Integration app key

  • The CloudFormation Stack requires an AWS User with permissions to create various resources across AWS for the Stack deployment to be successful.

AWS Permissions

These resources may include:

  • Lambda with IAM Role and Policy

  • CloudWatch Event Rule

  • AWS Custom Resource (invokes the Lambda that is created during Stack deployment

Using the CloudFormation Designer, you can see what the BigPanda CloudFormation template will create.

Infographic_CloudwatchIntegration

Create an App Key

Create an app key in BigPanda.

Integration specific

You'll need a separate app key for each integrated system.

https://files.readme.io/9865f2f-Integrations_App_Key_Creation.jpg

App Key Configuration in BigPanda

Basic CloudFormation Template

The integration leverages a CloudFormation template to create a CloudFormation Stack that deploys the necessary resources directly in your AWS instance

Create and Configure CloudFormation Stack

The CloudWatch integration leverages a CloudFormation Template that creates a Stack to deploy all necessary resources in your AWS instance

  1. Go to the CloudFormation service in your AWS Account Console.

  2. Select Create Stack followed by With new resources (standard).

  3. In the Specify Template section, select Amazon S3 URL.

  4. Copy and Paste the following URL: https://bp-bin.s3-us-west-2.amazonaws.com/integrations/cloudwatch/BigPandaCloudWatchStack.json

  5. Select Next

  6. Fill out the following parameters:

    • Stack Name: Unique identifier for the CloudFormation Stack

    • AppKey: Integration App Key. Default: <Your App Key>

    • BearerToken: Access Token. Default: <Your Org Bearer Token>

    • APIEndpoint: Base API URL. Default: https://integrations.bigpanda.io

    • DailyEventRule: If enabled, a CloudWatch Event Rule is created to trigger an AWS Lambda function. Default: false

    • SubscribeAll: If enabled, a Lambda Function will be created in the AWS Account that will have an associated IAM Role and Policy to retrieve a list of all CloudWatch Alarms and add the BigPanda Topic to them. Default: false

    • TopicName: If you would like to name the topic something other than the default: BigPanda_Topic

  7. After adding all your parameters, click Next.

  8. You can configure Stack options if desired, then click Next.

  9. Review the Stack, and click on Create Stack.

  10. Check the Stack details to confirm the Stack deployed successfully.

Manually add the Topic to CloudWatch Alarms

If the SubscribeAll parameter in the CloudFormation Stack was set to false, you will need to add the Topic to your Alarms manually. Follow the steps below.

  1. Go to CloudWatch in your AWS Account.

  2. Click on Alarms on the left hand side.

  3. Check an Alarm you want to edit. Then click on the Edit button.

  4. Click next to skip Step 1: Specify metric and conditions.

  5. Step 2: Configure Actions is where we will add the BigPanda Topic.

  6. Select add notification.

  7. Select the In Alarm Alarm State Trigger.

  8. Leave the Select an existing SNS topic option selected.

  9. Within the input field, you should be able to search for the BigPanda Topic.

  10. Follow steps 6-9 for the Alarm State Triggers OK and Insufficient Data.

  11. Once done, you can click on Update Alarm.

Terraform Support

A Terraform module is available for the CloudWatch integration. Refer to the module in the Terraform Registry for more information.

Before using the Terraform module, check for the following requirements:

  • Ensure the Terraform state file is saved at an appropriate location.

  • Terraform uses the current AWS region, which, unless specified, is the default region stored in AWS config file of the user running Terraform.

  • Ensure that the user running the terraform apply command has permissions to create an IAM role, policies, and other resources such as lambda function, SNS topic, SNS subscription, cloudwatch rule, and cloudformation stack.

  • The Terraform module requires five input variables:

    • api_endpoint

    • app_key

    • bearer_token

    • subscribe_all

    • daily_event_rule

The api_endpoint, app_key and bearer_token need to be retrieved from the Cloudwatch integration created in BigPanda. subscribe_all and daily_event_rule accept boolean values and need to be set to true to create appropriate Terraform resources.

Create the Infrastructure Using Terraform

The CloudWatch integration leverages a Terraform module to create the necessary infrastructure in your AWS instance.

  1. In the Terraform Registry, go to the BigPanda Cloudwatch module.

  2. From the Readme tab in the Registry, follow the instructions to create a main.tf file in your project’s working directory.

  3. In the main.tf file, fill in the information below for the module’s required input parameters:

    • app_key: Integration App Key

      Default: <Your App Key>

    • bearer_token: Access Token

      Default: <Your Org Bearer Token>

    • api_endpoint: Base API URL

      Default: https://integrations.bigpanda.io

    • daily_event_rule: When enabled, a CloudWatch Event Rule is created to trigger an AWS Lambda function.

      Default: true

    • subscribe_all: When enabled, a Lambda Function will be created in the AWS Account that will have an associated IAM Role and Policy to retrieve a list of all CloudWatch Alarms and add the BigPanda Topic to them.

      Default: true

  4. Ensure that the AWS region is appropriately set. By default, the region stored in the AWS config file is used.

  5. Ensure that the Terraform state file is saved at an appropriate remote data store such as Amazon S3 or Terraform Cloud.

  6. Ensure that the user running Terraform commands has permission to create an IAM role, IAM policy, lambda function, SNS topic, SNS subscription, Cloudwatch rule, and CloudFormation stack.

  7. Once the necessary changes have been made to the main.tf file, save it and run the commands below:

    terraform init
    terraform apply

  8. Review the plan to make sure that the AWS resources listed under the Resources tag in the Registry are getting created, then click yes on terraform apply output.

Manually Add the Topic to CloudWatch Alarms

If the subscribe_all parameter in the main.tf file was set to false, you will need to add the Topic to your Alarms manually. Follow the steps below.

  1. In your AWS account, go to CloudWatch.

  2. On the left side, click Alarms.

  3. Check an Alarm you want to edit, then click the Edit button.

  4. Click Next to skip Step 1: Specify metric and conditions. Step 2: Configure actions is where you can add the BigPanda Topic.

  5. Select Add notification.

  6. Select the In alarm Alarm state trigger.

  7. Leave the Select an existing SNS topic option selected.

  8. Within the input field, you can search for BigPanda_Topic.

  9. Repeat Steps 5-8 for the Alarm state triggers OK and Insufficient data.

  10. Once complete, click Update alarm.

Delete the Integration

Deleting an integration requires that you remove the integration in both the integrated system and BigPanda. We recommend that you first uninstall the integration on the integrated system to prevent traffic from being sent and rejected by BigPanda, since the app key will not exist once you delete the integration in BigPanda.

Caution during replacement

When replacing an existing integration with a new tool or system, we recommend configuring the new integration first to ensure no data is lost.

Deactivate Inbound Integration

If you want to stop sending data to BigPanda but don’t want to delete your integration, you can temporarily deactivate it.

To deactivate an inbound integration:

  1. In BigPanda, navigate to the Integrations tab and select the desired integration from the list. This will open integration details on the right side of the window.

  2. At the top of the integration details, click the Active/Inactive toggle next to the application name to change the status of the integration.

In the integrations list, inactive integrations will be marked with a gray bar.

Stop Sending Data to BigPanda

Since the resources for the integration are being managed by CloudFormation, we can uninstall the integration by deleting the CloudFormation Stack.

  1. Go to CloudFormation in your AWS Account.

  2. Locate and Select the BigPanda CloudWatch Stack that was deployed.

  3. Click on the Delete button in the upper right of the AWS Console. You may be prompted to keep some resources like the IAM Role or Policy, this can be skipped so that All Resources are deleted.

  4. Select Delete Stack.

  5. Confirm all resources were deleted.

CloudWatch Alarms

When the CloudFormation Stack is deleted and if the Lambda resource to add the BigPanda Topic to all Alarms is enabled, the function is invoked one last time to remove the BigPanda Topic from all CloudWatch Alarms

Delete the Integration in BigPanda

Take the following steps to delete the integration from BigPanda:

  1. In BigPanda, navigate to the Integrations tab and select the desired integration from the list.

  2. In the integration details on the right of the page, click the trash icon, then confirm you want to delete the integration. The integration will be removed immediately.

️Automatic alert resolution for deleted integrations

All active alerts from the integration will be resolved after deletion.

Data removal

This procedure does not remove any data from the integrated system.

In this section: