Skip to main content

Configure the AWS CloudWatch LAM

CloudWatch is the monitoring tool for Amazon Web Services (AWS), its applications and other cloud resources. AWS CloudWatch is useful for tracking metrics, collecting log files, setting alarms, and reacting to changes in your AWS resources. It monitors resources including Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances.

You can install a basic AWS CloudWatch integration in the UI. See AWS CloudWatch for UI integration steps.

The AWS integration fetches alarms and events from the AWS CloudWatch. The workflow of gathering alarms/events from AWS and publishing it to Moogsoft Enterprise is as follows:

Before you begin

The AWS CloudWatch integration has been validated with aws-java-sdk v1.11. Before you start to set up your integration, ensure you have met the following requirements:

  • You have the access key ID and secret access key for your AWS CloudWatch account.

  • You have access to retrieve data from AWS CloudWatch.

Additionally, you can provide optional configuration details. See the LAM and Integration Reference for a description of all properties.

Configure the LAM

Edit the configuration file to control the behavior of the AWS CloudWatch LAM. You can find the file at $MOOGSOFT_HOME/config/aws_lam.conf.

The configuration file contains a JSON object. At the first layer of the object, the LAM has a parameter called config, and the object that follows config has all the necessary information to control the LAM.

See AWS CloudWatch LAM Reference and LAM and Integration Reference for a full description of all properties. Some properties in the file are commented out by default; remove the '#' character to enable them.LAM and Integration Reference

  1. Configure authentication:

    • access_key_id or encrypted_access_key_id: AWS account access key ID.

    • secret_access_key or encrypted_secret_access_key: AWS account secret access key.

  2. If you want to connect through a proxy server, configure the host, port, user, and password or encrypted password properties in the proxy section for the target.

  3. Optionally configure filtering to determine which alerts and events the LAM fetches. See AWS CloudWatch LAM Reference for the options.

  4. Configure the LAM behavior:

    • polling_interval: Polling time interval, in seconds, between the requests after which the event data is fetched from the AWS.

    • max_retries: Maximum number of retry attempts to reconnect with AWS server in case of a connection failure.

    • retry_interval: Time interval between two successive retry attempts.

    • retry_recovery: Specifies the behavior of the LAM when it re-establishes a connection after a failure.

    • timeout: Timeout value in seconds, which will be used to timeout a connection, socket and request.

    • exclude_protected_regions: When set to true, US Government and Chinese regions are excluded when "aws_all_regions" is used in either the alarms or events filter. By default, all regions are included.

  5. Configure the SSL properties if you want to encrypt communications between the LAM and the REST connection:

    • ssl: Whether to use SSL certification.

    • ssl_keystore_file_path: Enter the path of the keystore file. This is the path where the generated keystore file is copied, for example. /usr/local/aws_ssl/keystore.jks.

    • ssl_keystore_password: Enter the password of keystore. It is the same password that was entered when the keystore was generated.

  6. Optionally configure the LAM identification and capture logging details:

    • name: Maps to $Laminstancename, so that the agent field indicates events Moogsoft Enterprise ingests from this LAM.

    • capture_log: Name and location of the LAM's capture log file, which it writes to for debugging purposes.

  7. Optionally configure severity conversions. See Severity Reference for further information and "Conversion Rules" in Tokenize Source Event Data for details on conversions in general.

  8. Optionally configure the process logging details:

    • configuration_file: Name and location of the LAM's process log configuration file. See Configure Logging for more information.Configure Logging

Example

An example AWS CloudWatch LAM configuration is as follows:

monitor:
{
    name: "AWS Monitor",
    class: "CAwsMonitor",
    role_arn: "",
    role_session_validity: 3600,
    access_key_id: "",
    #encrypted_access_key_id: "",            
    secret_access_key: "",
    #encrypted_secret_access_key: "",
    proxy:
    {
         host: "localhost",
         port: 8181,
         user: "user",
         password: "pass",
         #encrypted_password: "ieytOFRUdLpZx53nijEw0rOh07VEr8w9lBxdCc7229o="
    },
    exclude_protected_regions: true,

    filter:
    {
        alarms:
        { 
            "aws_all_regions":
            {
                #alarm_name_prefix: "",
                alarms_to_monitor: ["alarm1", "alarm2"]
            },
        
            "us-west-2":
            {
                alarm_name_prefix: "alarm",
                alarms_to_monitor: ["3", "4"]
            }
    
        events:
        {
            "aws_all_regions":
            {
                filter_pattern: "scheduled",
                log_group_to_monitor: ["/aws/lambda/event1"]
            },
               
            "ap-south-1":
            {
                #filter_pattern: "",
                log_group_to_monitor: ["/aws/lambda/event2", "/aws/lambda/event3"]
            }
        }
    }

    polling_interval: 60,
    max_retries: -1,
    retry_interval: 60,
    retry_recovery:
    {
        recovery_interval: 20,
        max_lookback: -1
    },
    timeout: 120
},

Configure for High Availability

Configure the AWS CloudWatch LAM for high availability if required. See High Availability Overview for details.

Start and stop the LAM

Restart the AWS CloudWatch LAM to activate any changes you make to the configuration file or LAMbot.

The LAM service name is awslamd.

See Control Moogsoft Enterprise Processes for the commands to start, stop and restart the LAM.