AWS CloudWatch¶

Creating read-only AWS credentials¶

Before you start using the integration, we recommend setting up a new read-only AWS user.

Step 1. Login to AWS IAM Management Console

Step 2. Create a New User

1. Select ‘Generate Access Token for each user’
2. Download CSV of credentials

Step 3. View details of New User created.

1. Under Permission select the Inline Policy dropdown creation link
2. Select Custom Policy
3. Paste the below custom policy

(If you’re not using a service, feel free to omit it):

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "dynamodb:ListTables",
        "ec2:DescribeInstances",
        "ec2:DescribeVolumes",
        "ecs:ListClusters",
        "ecs:DescribeClusters",
        "elasticache:describeCacheClusters",
        "elasticbeanstalk:DescribeEnvironments",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeTags",
        "elasticmapreduce:ListClusters",
        "rds:DescribeDBInstances",
        "ses:GetSendQuota",
        "ses:GetSendStatistics",
        "sqs:ListQueues",
        "lambda:ListFunctions"
     ],
      "Resource": "*"
    }
  ]
}

You can then add your User to a Group and generate an Access Key for the user (or use the Access Key generated when you created the User) to use in the Librato AWS integration.

Importing your CloudWatch metrics to Librato.¶

Prerequisite to start using this integration is that you have a Librato account. If you do not already have one, sign up for a free trial - it only requires an email address.

After you sign in to your Librato account, you will see a welcome screen that will guide you through the process of setting up your CloudWatch integration.

Select the “Amazon Web Services” option and proceed to the next step. After providing a title for your new integration you will be prompted to enter the read-only AWS Access Key ID and Secret Access Key you created earlier. Select an AWS Region and check the AWS Services you’re interested in tracking.

You can import metrics from as many instances as you want but as a precautionary measure we have set a limit to 250 instances. If you want that limit removed just send us an email to support@librato.com.

NOTE: Once the integration is saved, it can take 10-15 minutes to start seeing metrics in our system. Then we will query back the previous 1 hour of data and all subsequent data.

Adding multiple AWS accounts¶

To add multiple AWS account just click on the “Add a new AWS CloudWatch Integration”. An empty form will appear. Save the form when you done and you will see a new integration show up in the list.

AWS Spaces and Charts¶

Once your credentials are set up and saved you will immediately see Spaces and charts we’ve automatically curated for each service. They are created as templates using the dynamic source feature. Simply enter a source in the dynamic source field, such as the server id or a wildcard ( * for all), and the graphs are created.

Filtering Metrics¶

Librato supports the ability to filter by tag for EBS and EC2 resources. In the Cloudwatch integration, the EBS and EC2 service types have an additional input option next to each service type (when checked). This input is a toggle for two states: all or filtered.

The default state is all, which is to collect all resource metrics from CloudWatch for the respective service type. If you click on the link it will toggle to filtered; in this state we whitelist metrics coming from resources with the following tag applied:

librato:import=true

… where “librato:import” is the key and “true” is the value. For example, if you are using the EC2 command line tool you would apply the tag to an instance like:

ec2tag <instance id> -t librato:import=true

Or in the AWS Console:

Stop Importing CloudWatch Metrics¶

To stop importing CloudWatch metrics, either hit the delete button to remove your IAM credentials or un-check the AWS Regions and AWS Services boxes and save.

After Setup Is Complete¶

After you have completed your setup, you should start seeing metrics flow into your account within 10-15 minutes. If that is not the case, check the Integrations page for any errors that may be present. The error message will give you a hint on what needs to be corrected. If you need help please send us an email.

Metric Namespaces¶

Depending on the CloudWatch services you have selected, Librato will create metrics in the namespaces following the pattern:

AWS.<service-name>

Predefined Spaces¶

Changing Predefined Spaces¶

The predefined Spaces we curate are immutable. In order create editable versions, you will have to use our Copy Spaces feature to clone them. Clones are customizable, so now you can create spaces with CloudWatch metrics from several services mixed with custom metrics so that all critical metrics are in one place.

EC2 Instance Tags¶

Librato’s CloudWatch integration provides support for EC2 instance tags. If you set either librato:displayName or Name on an instance, we’ll automatically use that value as a source display name. In the case both tags are set, librato:displayName takes precedence. Any changes to the tag’s value will be detected and applied automatically.

You can search or wildcard match on either the original instance ID or the human-readable name specified in one of these tags. Whichever value matches your search will be used in the display.

How this works: The CloudWatch integration uses source names of the format zone.instance-id for EC2 metrics as the actual source and then, as a separate step, creates a mapping of that zone.instance-id => name, where name is the value of the tag “Name” on the instance itself. We then use our sources/:name API to set the source name.

That then becomes what you see in the UI.

Elastic Beanstalk¶

To learn how to enable the Elastic Beanstalk service in your Librato CloudWatch Integration so that you can import all of your enhanced health metrics into your Librato account and preconfigured AWS Elastic Beanstalk space read: AWS CloudWatch: Elastic Beanstalk enhanced health metrics

EBS Volume Tags¶

Librato will retrieve the “Name” tag from an EBS volume (via the ec2-describe-volumes API) and use that as the source display name. For example, a VolumeId of vol-012e34e5 in us-east-1 with a Name tag of My Files will result in a Librato source name of us-east-1.vol-012e34e5 and a source display name of My Files. You can then filter volumes either by VolumeId or by Name tag.

Custom Metrics¶

Librato is a platform designed for custom metrics. You can use any of the pre-integrated collection agents or language bindings to add metrics to Librato and then add them to your AWS service graphs or Spaces. For example you can run Librato Agent on your AWS instances to pull in memory and other metrics that CloudWatch doesn’t provide.

You can also pull in CloudWatch custom metrics by checking the box under AWS Service in your AWS Configuration. To learn more about CloudWatch custom metrics, see Amazon’s “Publish Custom Metrics” article. Keep in mind that if you pull in CloudWatch custom metrics you will not only be charged by Amazon but also by Librato. Amazon currently charges $0.30 per custom metric per month and Librato’s cost for 5min metrics is $0.05 per month. As Librato was designed for custom metrics, you might consider sending the metrics directly to Librato’s RESTful API, thereby saving cost and gaining control over the metric resolution.

NOTE: Once a new custom metric is added to Cloudwatch, it may take up to 30 minutes to appear in Librato. This is because we maintain a cached enumerated list in Librato, that expires every 30 minutes.

A note on custom metrics and CloudWatch “dimensions”: Librato is currently only able to import CloudWatch custom metrics with a single dimension, therefore any custom metrics with multiple dimensions will be ignored.  The reason for this is that we translate the dimension “Value” directly into a Librato source name, and the ordering of CloudWatch dimensions is unspecified, which prevents us from naming sources in a predictable way.

As an example, the following metric will not be imported:

 {
    "Namespace": "Custom",
    "Dimensions": [
        {
            "Name": "MyTag1",
            "Value": "foo"
        },
        {
            "Name": "MyTag2",
            "Value": "bar"
        }
    ],
    "MetricName": "MyCustomMetric"
}

We are working to find the best solution to this problem which will likely include a user-specified set of tags and ordering.  Please contact support@librato.com if you have questions on this.

A note on custom metrics and source names: If you’re using the AWS monitoring scripts to send custom metrics, the source names for EC2 custom metrics are not likely to match the source names we import from the standard “AWS/EC2” namespace.  We retrieve the Availability Zone so that the source becomes zone.instance_id.  For example, the source for a custom metric might show i-12345 while the same instance will show a source of us-east-1a.i-12345 for AWS.EC2.CPUUtilization. This results in not being able to correlate sources across metrics, and is probably worth fixing on your installation.

Reporting Intervals¶

Depending on the service, CloudWatch metrics are reported at either a 5 minute frequency or a 1 minute frequency. If you want EC2 data at a 1 minute frequency, you’ll need to enable “Detailed Monitoring” (see http://aws.amazon.com/cloudwatch/details). Note that ELB, RDS and ElastiCache have 1 minute intervals by default. Using the AWS credentials you have provided, Librato will poll your CloudWatch metrics every 5 minutes and then write the resulting data into your Librato account, including data that is at 1 minute intervals.

FAQ:¶