Pre-requisites for Monitoring the AWS Cloud
The following pre-requisites are to be satisfied while you start monitoring the AWS Cloud models:
- Since the AWS Cloud can be monitored only in an agentless manner, at least one remote agent should be configured in the environment;
- The system hosting the remote agent should be configured with Internet connectivity;
- You should buy the capability to launch and monitor instances on the cloud;
-
eG Enterprise monitors the AWS cloud using AWS API. To access the API, the eG agent can use either of the following approaches.
-
Role-based approach: This is the default approach.In this case, the eG agent accesses the AWS API as a valid AWS account with the required monitoring permissions, and pulls the metrics of interest. To use this approach, the eG agent has to be configured with the following:
-
A valid AWS Account ID; to identify your AWS Account ID, do the following:
-
Login to the AWS management console. with your credentials.
-
Click on your IAM user/role on the top right corner of the AWS Console. You will see a drop-down menu containing the Account ID (see Figure 1).
-
-
A special AWS role created exclusively for monitoring purposes; to know how to create this role, refer to
The eG tests should be configured with the Account ID and the special role. This eG agent then uses this Account ID and role to make API requests and collect the relevant metrics.
-
-
Managed Identity based approach: Some administrators of the AWS cloud environments may not want to share their AWS Account OD for monitoring purpose. In this case, administrators can use the managed identity (trusted node) based approach.
-
Create a special role for monitoring purpose on the AWS Cloud. The AWS role can be created either manually or automatically. To know how to create a new role, refer to
-
Create a new EC2 instance or use an existing EC2 instance and assign the newly created role to that instance. To know how to assign the newly created role to an EC2 instance, refer to
-
Install an eG agent on the EC2 instance and use that eG agent as a remote agent to monitor the target AWS Cloud. To know more, refer to
-
-
Secret Key-based approach: Some AWS cloud environments may allow cloud API requests only if such requests are signed by a valid Access Key and Secret Key. Before attempting to monitor such a cloud environment therefore, you should do the following:
-
Obtain an AWS Access Key and Secret Key; to know how, refer to
-
Configure the eG tests with the AWS Access Key and AWS Secret Key so obtained.
-
-
-
Some tests require the AWS CloudWatch service to be enabled. This is a paid web service that enables you to monitor, manage, and publish various metrics, as well as configure alarm actions based on data from metrics. For enabling this service, you need to pay CloudWatch fees. Refer to the AWS web site for the fee details.
-
The eG agent periodically executes the AWS Lambda test to monitor each Lambda function and report on their errors/responsiveness. This test will run and report metrics only if Amazon CloudWatch Lambda Insights is enabled in the Lambda console. Amazon CloudWatch Lambda Insights collects and aggregates Lambda function runtime performance metrics and logs for your serverless applications. To know how to enable this feature, look up
-
The eG agent runs the AWS S3 (Simple Storage Service) Request Statistics test at configured intervals to track requests to each S3 bucket and measure the responsiveness of that bucket. However, this test will report metrics for an S3 bucket only if you enable Resource Metrics collection for that bucket in AWS. To know how to achieve this, refer to
-
At a specified frequency, the eG agent executes the AWS Billing by Service test on the cloud. This test alerts you if the estimated cost of using a service is about to exceed your budget, and thus enables you to initiate measures for avoiding cost overruns. To pull such billing metrics per service, the test uses Amazon CloudWatch. If billing alerts/metrics are not published to Amazon CloudWatch, then this test will not run. This is why, before attempting to run this test, you should make sure that CloudWatch is configured to receive billing alerts. The steps to be followed for achieving this are detailed in Enabling CloudWatch to Receive Billing Alerts.
-
To enable cloud administrators to easily view, analyze, and take action on right- sizing recommendations that AWS provides, the eG agent periodically runs the AWS Right-sizing Recommendation test. However, this test will run and report metrics only if the Rightsizing Recommendations feature is enabled in the AWS Cost Explorer. This feature automatically analyzes your Amazon EC2 resources and usage to show opportunities for how you can lower your spending. To know how to enable this feature, refer to
Note:
Currently, the Role-based approach to accessing and monitoring AWS is not available to the AWS Region component. If you have managed a component of type AWS Region, then the eG agent can access the AWS API and pull metrics for that component using the Secret Key-based approach only. In other words, you will have to obtain an access key and a secret key, and then configure the eG tests for the AWS Region component with those keys, in order to monitor that component. To know how to obtain the keys, refer to
Likewise, the requirements pertaining to the AWS Lambda Test, AWS S3 (Simple Storage Service) Request Statistics test, AWS Billing by Service test
The following requirements however are applicable to the AWS Region component as well:
-
At least one remote agent should be configured in the environment;
-
The system hosting the remote agent should be configured with Internet connectivity;
-
You should buy the capability to launch and monitor instances on the cloud;
-
Some tests require the AWS CloudWatch service to be enabled.
