CloudWatch
Send monitoring events from CloudWatch to BigPanda.
Supported Versions | Type | Authentication Type |
---|---|---|
SaaS Deployments | CloudFormation, Webhook | Org Bearer Token |
The core of this integration works by creating an SNS topic and subscribing to a BigPanda alerts endpoint. BigPanda then processes and correlates the data from CloudWatch to create and maintain up-to-date incidents in BigPanda. When an alarm closes in CloudWatch, the alert is closed in BigPanda. BigPanda can set the SNS topic for all configured alarms if desired upon initial configuration.
If the automatic sync is enabled, BigPanda periodically updates all alarms with the SNS topic to ensure that BigPanda receives data for any alarms created after the system was first integrated.
Open Integration Manager
The Open Integration Manager is available for use with CloudWatch. For more information, see the Open Integration Manager documentation.
Payload Size
Alert payloads must be 6MB or smaller. Larger payloads will fail to process with BigPanda. We recommend reviewing your configurations to ensure that only actionable, useful information is being sent to BigPanda.
Key Features
- Uses the Amazon Simple Notification Service (SNS) to send CloudWatch Alarm data to BigPanda.
- Correlates alarms from CloudWatch to help you understand and respond faster to issues with your AWS resources and applications.
- Provides the option to automatically sync CloudWatch Alarms created after the initial configuration with BigPanda.
Data Model
BigPanda normalizes Alarm data from CloudWatch into tags. You can use tag values to filter the incident feed and to define filter conditions for Environments.
Default Tags
BigPanda Tag | CloudWatch Property | Attributes |
---|---|---|
object | AlarmName | Primary Property |
check | Trigger.MetricName | Secondary Property (Default). |
description | NewStateReason | |
alarm_description | AlarmDescription | Secondary Property if check is not present |
timestamp | StateChangeTime | |
trigger_{{property}} | Trigger and Trigger.Dimensions | Trigger is an object of key, value pairs.Trigger.Dimensions is an array of objects with name and value as the only two properties in each object.Each key will have a prefix of trigger_ |
Install the Integration
The BigPanda CloudWatch integration is available as a basic CloudFormation template, or with Terraform module support.
Before You Integrate
- Obtain a BigPanda Bearer Token
- Obtain a CloudWatch Integration app key
- The CloudFormation Stack requires an AWS User with permissions to create various resources across AWS for the Stack deployment to be successful.
AWS Permissions
These resources may include:
- Lambda with IAM Role and Policy
- CloudWatch Event Rule
- AWS Custom Resource (invokes the Lambda that is created during Stack deployment
Using the CloudFormation Designer, you can see what the BigPanda CloudFormation template will create.
Create an App Key
Create an app key in BigPanda.
Integration Specific
You'll need a separate app key for each integrated system.
Basic CloudFormation Template
The integration leverages a CloudFormation template to create a CloudFormation Stack that deploys the necessary resources directly in your AWS instance
Create and Configure CloudFormation Stack
The CloudWatch integration leverages a CloudFormation Template that creates a Stack to deploy all necessary resources in your AWS instance
-
Go to the CloudFormation service in your AWS Account Console.
-
Select Create Stack followed by With new resources (standard).
-
In the Specify Template section, select Amazon S3 URL.
-
Copy and Paste the following URL:
https://bp-bin.s3-us-west-2.amazonaws.com/integrations/cloudwatch/BigPandaCloudWatchStack.json
-
Select Next
-
Fill out the following parameters:
- Stack Name: Unique identifier for the CloudFormation Stack
- AppKey: Integration App Key. Default:
<Your App Key>
- BearerToken: Access Token. Default:
<Your Org Bearer Token>
- APIEndpoint: Base API URL. Default:
https://integrations.bigpanda.io
- DailyEventRule: If enabled, a CloudWatch Event Rule is created to trigger an AWS Lambda function. Default:
false
- SubscribeAll: If enabled, a Lambda Function will be created in the AWS Account that will have an associated IAM Role and Policy to retrieve a list of all CloudWatch Alarms and add the BigPanda Topic to them. Default:
false
- TopicName: If you would like to name the topic something other than the default:
BigPanda_Topic
-
After adding all your parameters, click Next.
-
You can configure Stack options if desired, then click Next.
-
Review the Stack, and click on Create Stack.
-
Check the Stack details to confirm the Stack deployed successfully.
Manually add the Topic to CloudWatch Alarms
If the SubscribeAll parameter in the CloudFormation Stack was set to false, you will need to add the Topic to your Alarms manually. Follow the steps below.
- Go to CloudWatch in your AWS Account.
- Click on Alarms on the left hand side.
- Check an Alarm you want to edit. Then click on the Edit button.
- Click next to skip Step 1: Specify metric and conditions.
- Step 2: Configure Actions is where we will add the BigPanda Topic.
- Select add notification.
- Select the In Alarm Alarm State Trigger.
- Leave the Select an existing SNS topic option selected.
- Within the input field, you should be able to search for the BigPanda Topic.
- Follow steps 6-9 for the Alarm State Triggers OK and Insufficient Data.
- Once done, you can click on Update Alarm.
Terraform Support
A Terraform module is available for the CloudWatch integration. Refer to the module in the Terraform Registry for more information.
Before using the Terraform module, check for the following requirements:
- Ensure the Terraform state file is saved at an appropriate location.
- Terraform uses the current AWS region, which, unless specified, is the default region stored in AWS config file of the user running Terraform.
- Ensure that the user running the terraform apply command has permissions to create an IAM role, policies, and other resources such as lambda function, SNS topic, SNS subscription, cloudwatch rule, and cloudformation stack.
- The Terraform module requires five input variables:
api_endpoint
app_key
bearer_token
subscribe_all
daily_event_rule
The api_endpoint
, app_key
and bearer_token
need to be retrieved from the Cloudwatch integration created in BigPanda. subscribe_all
and daily_event_rule
accept boolean values and need to be set to true
to create appropriate Terraform resources.
Create the Infrastructure Using Terraform
The CloudWatch integration leverages a Terraform module to create the necessary infrastructure in your AWS instance.
-
In the Terraform Registry, go to the BigPanda Cloudwatch module.
-
From the Readme tab in the Registry, follow the instructions to create a main.tf file in your project’s working directory.
-
In the
main.tf
file, fill in the information below for the module’s required input parameters:- app_key: Integration App Key
Default:
<Your App Key>
- bearer_token: Access Token
Default:
<Your Org Bearer Token>
- api_endpoint: Base API URL
Default:
https://integrations.bigpanda.io
- daily_event_rule: When enabled, a CloudWatch Event Rule is created to trigger an AWS Lambda function. Default: true
- subscribe_all: When enabled, a Lambda Function will be created in the AWS Account that will have an associated IAM Role and Policy to retrieve a list of all CloudWatch Alarms and add the BigPanda Topic to them. Default: true
- app_key: Integration App Key
Default:
-
Ensure that the AWS region is appropriately set. By default, the region stored in the AWS config file is used.
-
Ensure that the Terraform state file is saved at an appropriate remote data store such as Amazon S3 or Terraform Cloud.
-
Ensure that the user running Terraform commands has permission to create an IAM role, IAM policy, lambda function, SNS topic, SNS subscription, Cloudwatch rule, and CloudFormation stack.
-
Once the necessary changes have been made to the
main.tf
file, save it and run the commands below:terraform init
terraform apply
-
Review the plan to make sure that the AWS resources listed under the Resources tag in the Registry are getting created, then click yes on terraform apply output.
Manually Add the Topic to CloudWatch Alarms
If the subscribe_all parameter in the main.tf
file was set to false, you will need to add the Topic to your Alarms manually. Follow the steps below.
- In your AWS account, go to CloudWatch.
- On the left side, click Alarms.
- Check an Alarm you want to edit, then click the Edit button.
- Click Next to skip Step 1: Specify metric and conditions. Step 2: Configure actions is where you can add the BigPanda Topic.
- Select Add notification.
- Select the In alarm Alarm state trigger.
- Leave the Select an existing SNS topic option selected.
- Within the input field, you can search for BigPanda_Topic.
- Repeat Steps 5-8 for the Alarm state triggers OK and Insufficient data.
- Once complete, click Update alarm.
Delete the Integration
Deleting an integration requires that you remove the integration in both the integrated system and BigPanda. We recommend that you first uninstall the integration on the integrated system to prevent traffic from being sent and rejected by BigPanda, since the app key will not exist once you delete the integration in BigPanda.
Caution During Replacement
When replacing an existing integration with a new tool or system, we recommend configuring the new integration first to ensure no data is lost.
Deactivate Inbound Integration
If you want to stop sending data to BigPanda but don’t want to delete your integration, you can temporarily deactivate it.
To deactivate an inbound integration:
- In BigPanda, navigate to the Integrations tab and select the desired integration from the list. This will open integration details on the right side of the window.
- At the top of the integration details, click the Active/Inactive toggle next to the application name to change the status of the integration.
In the integrations list, inactive integrations will be marked with a gray bar.
Stop Sending Data to BigPanda
Since the resources for the integration are being managed by CloudFormation, we can uninstall the integration by deleting the CloudFormation Stack.
- Go to CloudFormation in your AWS Account.
- Locate and Select the BigPanda CloudWatch Stack that was deployed.
- Click on the Delete button in the upper right of the AWS Console. You may be prompted to keep some resources like the IAM Role or Policy, this can be skipped so that All Resources are deleted.
- Select Delete Stack.
- Confirm all resources were deleted.
CloudWatch Alarms
When the CloudFormation Stack is deleted and if the Lambda resource to add the BigPanda Topic to all Alarms is enabled, the function is invoked one last time to remove the BigPanda Topic from all CloudWatch Alarms
Delete the Integration in BigPanda
Take the following steps to delete the integration from BigPanda:
- In BigPanda, navigate to the Integrations tab and select the desired integration from the list.
- In the integration details on the right of the page, click the trash icon, then confirm you want to delete the integration. The integration will be removed immediately.
️Automatic Alert Resolution for Deleted Integrations
All active alerts from the integration will be resolved after deletion.
Data Removal
This procedure does not remove any data from the integrated system.
Updated about 2 months ago