AWS CloudWatch integration

Moogsoft Express can collect both standard and custom metrics from AWS CloudWatch. Express performs sigma-based anomaly detection on all metrics immediately after ingestion. You can also configure this integration to collect AWS alarms as events.


It is good practice to create only one integration per AWS account.

Before You Begin

This integration was validated with AWS CloudWatch on February 24, 2020. Before you start to set up your integration, ensure you have met the following requirements:

  • You have an active AWS account.

  • You have the necessary permissions to create permissions and roles in AWS.

Define the AWS Role and Permission

Do the following:

  1. Log in to the AWS Console and go to Services > IAM.

  2. Go to Policies and define a new permissions policy as follows:

    1. Click Create Policy and click the JSON tab.

    2. Copy and paste the following JSON object into the edit field.

          "Version": "2012-10-17",
          "Statement": [
                  "Action": [
                  "Effect": "Allow",
                  "Resource": "*"
    3. Click Review Policy, enter a policy name, and then click Create Policy.

  3. Go to the main Roles page and define a new role as follows:

    1. Under Select type of trusted entity, choose Another AWS account.

    2. For Account ID, do the following:

      1. Open a separate browser window and Go to the Express UI > Integrations > CloudWatch page.

      2. If you are not in the Setup page, click Add a CloudWatch Account.

      3. Copy and paste the Moogsoft Account ID into the AWS role.

        This is the Moogsoft account that will receive data from CloudWatch.

      4. Leave this browser window open.

    3. In the AWS Console, under Options, enable Require external ID.

    4. To determine the External ID:

      1. Go back to the Express UI > Integrations > AWS CloudWatch > Add a CloudWatch Account page.

      2. If the External ID field is empty, click Generate External ID.

      3. Copy and paste this ID into the External ID field in the AWS Console.


      Leave this page open and do not refresh it until you finish this entire workflow. If you refresh the page, this ID will get updated. For the integration to work, this ID must be the same in both AWS and Express.

    5. Do not enable Require MFA.

    6. Click Next: Permissions and add the policy you created previously.

Setting up the AWS CloudWatch integration in Express

To configure the AWS CloudWatch integration:

  1. Return to the Express UI > CloudWatch setup page where you copied the External ID.

  2. In the Setup tab, define the integration as follows:

    • AWS Account ID — Enter your AWS account ID.

    • AWS Role — The role you defined previously.

    • AWS External ID — This should match the External ID you generated previously for the AWS role.

  3. Click the Test button (top right) to verify that Express can connect to your AWS account.

  4. Specify the other CloudWatch integration settings as follows:

    • Region — Select the AWS regions from which you want to collect data.

    • AWS Services — Select the AWS services for which you want to collect data.

    • Collect CloudWatch Alarms — Enable this if you want to collect alarms in addition to standard CloudWatch metrics. Express ingests alarms as events and converts them to alerts.

    • Collect Custom Metrics — Enable this if you want to collect any custom metrics you are sending to AWS CloudWatch.

  5. Click the Save button (top right) to save your integration settings.

  6. Optionally, you can go to the Configuration tab and edit anomaly detection settings for individual metrics.