CloudWatch

CloudWatch provides monitoring to AWS resources and applications. CloudWatch Alarms get normalized into BigPanda Alerts for future correlation with other alerts.

Supported Versions:
SaaS Deployments
Type:
CloudFormation, Webhook

Key Features

  • Uses the Amazon Simple Notification Service (SNS) to send CloudWatch Alarm data to BigPanda.
  • Correlates alarms from CloudWatch to help you understand and respond faster to issues with your AWS resources and applications.
  • Provides the option to automatically sync CloudWatch Alarms created after the initial configuration with BigPanda. More on this feature below

How It Works

The core of this integration works by creating an SNS topic and subscribing to a BigPanda alerts endpoint. BigPanda then processes and correlates the data from CloudWatch to create and maintain up-to-date incidents in BigPanda. When an alarm closes in CloudWatch, the alert is closed in BigPanda. BigPanda can set the SNS topic for all configured alarms if desired upon initial configuration.

If the automatic sync is enabled, BigPanda periodically updates all alarms with the SNS topic to ensure that BigPanda receives data for any alarms created after the system was first integrated. More on this feature below.

Data Model

BigPanda normalizes Alarm data from CloudWatch into tags. You can use tag values to filter the incident feed and to define filter conditions for Environments.

Default Tags

BigPanda TagCloudWatch PropertyAttributes
objectAlarmNamePrimary Property
checkTrigger.MetricNameSecondary Property (Default).
descriptionNewStateReason
alarm_descriptionAlarmDescriptionSecondary Property if check is not present
timestampStateChangeTime
trigger_{{property}}Trigger and Trigger.DimensionsTrigger is an object of key, value pairs.

Trigger.Dimensions is an array of objects with name and value as the only two properties in each object.

Each key will have a prefix of trigger_

Managing The Integration

The integration leverages a CloudFormation template to create a CloudFormation Stack that deploys the necessary resources directly in your AWS instance

Prerequisites

  • BigPanda Bearer Token
  • CloudWatch Integration app key
  • The CloudFormation Stack requires an AWS User with permissions to create various resources across AWS for the Stack deployment to be successful.

📘

AWS Permissions

These resources may include:

  • Lambda with IAM Role and Policy
  • CloudWatch Event Rule
  • AWS Custom Resource (invokes the Lambda that is created during Stack deployment)

At an overview, using the CloudFormation Designer we can see what the BigPanda CloudFormation template will create.

Installation

  1. Go to CloudFormation in your AWS Account
  2. Select Create Stack followed by "With new resources (standard)"
  3. In the Specify Template section, select Amazon S3 URL
  4. Copy and Paste the following URL
    https://bp-bin.s3-us-west-2.amazonaws.com/integrations/cloudwatch/BigPandaCloudWatchStack.json
  5. Select Next
  6. Provide a name for the CloudFormation Stack
  7. Fill out the parameters that are displayed. *More information on these parameters below

Configuration

Here is what you can expect to see when creating the Stack

  • AppKey: CloudWatch integration app key
  • BearerToken: BigPanda Bearer token
  1. DailyEventRule: If enabled, a CloudWatch Event Rule is created to trigger an AWS Lambda function (This function is described below).
    note: If you enter true for this parameter, the SubscribeAll parameter needs to be true as well
  2. SubscribeAll: If enabled, a Lambda Function will be created in the AWS Account that will have an associated IAM Role and Policy to retrieve a list of all CloudWatch Alarms and add the BigPanda Topic to them.
    note: If DailyEventRule is set to false while this parameter is set to true, the invocation of the Lambda function will only occur once.
  • TopicName: (default: BigPanda_Topic) If you would like to name the topic something other than the default

📘

Creating a Stack in Multiple AWS Regions

There are two options to deploy a Stack in multiple regions.

  • Create a Stack set. This approach will use the app key from the parameters for all regions deployed.
  • Create a Stack in each AWS region. This approach will allow you to use different app keys if you would like a distinction in your BigPanda Console.

Manual Subscription

Alternatively, you can create the Topic and Subscription manually if you would prefer not to leverage the CloudFormation Stack.

  1. You can follow the instructions here to create an SNS Topic and Subscription.
  2. When creating the Subscription, use https for the protocol
  3. For the endpoint, use the following: https://inbound.bigpanda.io/cloudwatch/alerts?access_token=BEARER_TOKEN&app_key=INTEGRATION_APP_KEY
  4. Make sure to replace BEARER_TOKEN and INTEGRATION_APP_KEY with your BigPanda Bearer token and CloudWatch integration app key respectively.
  5. Once these two resources are created, you can now add the BigPanda Topic to any CloudWatch Alarm

🚧

Creating the Subscription

Make sure to leave the Enable raw message delivery unchecked

Uninstalling the integration

Since the resources for the integration are being managed by CloudFormation, we can uninstall the integration by deleting the CloudFormation Stack

  1. Go to CloudFormation in your AWS Account
  2. Locate and Select the BigPanda CloudWatch Stack that was deployed.
  3. Click on the Delete button in the upper right of the AWS Console.
    note: You may be prompted to keep some resources like the IAM Role or Policy, this can be skipped so that All Resources are deleted
  4. Select Delete Stack
  5. Confirm all resources were deleted

🚧

CloudWatch Alarms

When the CloudFormation Stack is deleted and if the Lambda resource to add the BigPanda Topic to all Alarms is enabled, the function is invoked one last time to remove the BigPanda Topic from all CloudWatch Alarms

Updated 5 months ago

CloudWatch


CloudWatch provides monitoring to AWS resources and applications. CloudWatch Alarms get normalized into BigPanda Alerts for future correlation with other alerts.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.