Learn how to send AWS data to Wavefront.

Amazon Web Services (AWS), is a collection of cloud-computing services that provide an on-demand computing platform. The Wavefronts Amazon Web Services integration allows you to ingest metrics directly from AWS.

AWS Integration Data Types

The AWS integration ingests three types of data:

  • CloudWatch - retrieves AWS metric and dimension data.
  • CloudTrail - retrieves EC2 event information and creates Wavefront System events that represent the AWS events.
  • AWS Metrics+ - retrieves additional metrics using AWS APIs other than CloudWatch. Data include EBS volume data and EC2 instance metadata like tags. You can investigate billing data and the number of reserved instances. Be sure to enable AWS+ metrics because it allows Wavefront to optimize its use of Cloudwatch, and saves money on Cloudwatch calls as a result.

For information how to monitor AWS data ingestion, see AWS Integration.

AWS Integration Options

Adding an AWS integration requires establishing a trust relationship between Amazon and Wavefront by sharing account IDs and an external ID. The external ID can be generated by Wavefront or your company can provide a custom external ID. If you use a Wavefront external ID you set up all types of data—CloudWatch, CloudTrail, and AWS Metrics+—at once. If you want to use a custom external ID, you must set up each type of data individually. Here are the requirements and consequences of each option:

  • Wavefront External ID - Integrate CloudWatch, Cloudtrail, and AWS Metrics+ data. Choose this option if:
    • You are an administrator for your company’s AWS account.
    • You want to integrate CloudWatch, CloudTrail, and AWS Metrics+ data into Wavefront at the same time.
    • You can use an external ID that is generated by Wavefront.
    • You want Wavefront AWS dashboards.
  • Custom External ID - Integrate each type of data individually. Choose this option if:
    • You are not an administrator for your company’s AWS account, but you will be gathering required information from an administrator.
    • You want to integrate CloudWatch, CloudTrail, and AWS Metrics+ data into Wavefront, but not at the same time.
    • You want to use a custom external ID that is generated by your company.
    • You can build your own AWS dashboards.

Adding an AWS Integration

  1. In Wavefront, click Integrations in the task bar.
  2. In the Featured section, click the Amazon Web Services tile.
  3. Click the Setup tab.
  4. Click Set Up Amazon Integration.
  5. Follow the instructions in the right panel to give Wavefront read-only access to your Amazon account.
  6. Configure the integration properties:
    • Name - Name to identify the integration.
    • Role ARN - Role ARN from Amazon account.
    • Bucket Name - The S3 bucket containing CloudTrail logs. In your AWS account, go to CloudTrail >Trails to see the bucket name.
    • Prefix - A log file prefix specified when you created the CloudTrail.
  7. Click Connect. The integration is added to the Amazon Web Services Integrations list. If you want to configure whitelists and refresh rate for the CloudWatch integration, click the CloudWatch link in the Types column and follow the instructions in Configuring CloudWatch Data Ingestion.

Adding AWS Data Types Individually

This tasks explains how to grant Wavefront read-only access to your Amazon account. You can instead give more limited access, as shown in the following table:

Integration Description Required Permissions
CloudWatch Retrieves AWS metric and dimension data

ListMetrics
GetMetricStatistics

CloudTrail
Retrieves EC2 event information and creates Wavefront System events

List and Get permissions on the S3 bucket where the logs are delivered.

AWS Metrics+ Retrieves additional metrics using AWS APIs DescribeVolumes
DescribeInstances
DescribeReservedInstances

To give Wavefront read-access to your Amazon account:

  1. In your Amazon Identity & Access Management settings, grant Wavefront read-only access to your Amazon account.
    1. Select Roles and click Create new role. The role creation wizard starts.
    2. Select Role for cross-account access.
    3. Select Provide access between your AWS account and a 3rd party AWS account.
    4. Enter Wavefront account info:
      • Account ID - 301213811993
      • External ID - External ID generated by your company.
      • Require MFA - unchecked
    5. Click Next Step.
    6. On the Attach Policy screen, select the ReadOnlyAccess checkbox and click Next Step.
    7. For Role name, enter wavefront and click Create role.
    8. Click the wavefront role.
    9. Copy the Role ARN value.
  2. In Wavefront, click Integrations in the task bar.
  3. In the Featured section, click the Amazon Web Services tile.
  4. Click the Setup tab.
  5. Click the Advanced link.
  6. Select Add Integration > <Integration Option>, where <Integration Option> is Register [CloudWatch | CloudTrail | AWS Metrics+].
  7. Configure the integration properties:
    • Common
      • Name - Name to identify the integration.
      • Role ARN - Role ARN from Amazon account.
      • External ID - External ID generated by your company.
    • CloudTrail
      • Bucket Name - The S3 bucket that contains CloudTrail logs. In AWS, go to CloudTrail >Trails to see the bucket name.
      • Prefix - A log file prefix specified when you created the CloudTrail.
    • CloudWatch
  8. Click Save. The selected integration(s) are created and added to the Cloud Integrations list.

Enabling and Disabling AWS Integrations

Wavefront automatically disables integrations that are experiencing errors due to invalid credentials. To enable an integration after the credential has been corrected or to manually disable an integration:

  1. In Wavefront, click Integrations in the task bar.
  2. In the Featured section, click the Amazon Web Services tile.
  3. Click the Setup tab.
  4. Click the Advanced link.
  5. In the row that contains the integration that you want to enable or disable, select action_menu.png > [Enable | Disable].

Deleting AWS Integrations

To delete one or more integrations:

  • Select the checkboxes next to one or more integrations and click .
  • In the row containing the integration you want to delete, select action_menu.png > Delete. Click Delete to confirm the delete action.

CloudWatch Data

Wavefront retrieves AWS metric and dimension data from AWS services using the AWS CloudWatch API. The complete list of metrics and dimensions that can be retrieved from AWS CloudWatch is available at Amazon CloudWatch Metrics and Dimensions Reference. In addition, you can publish custom AWS metrics that can also be ingested by the CloudWatch integration.

Configuring CloudWatch Data Ingestion

You can configure which instances and volumes to ingest metrics from, which metrics to ingest, and the rate at which Wavefront fetches metrics. To configure CloudWatch ingestion:

  1. In Wavefront, click Integrations in the task bar.
  2. In the Featured section, click the Amazon Web Services tile.
  3. Click the Setup tab.
  4. In the Types column, click the CloudWatch link in the row of the integration you want to configure.
  5. Configure ingestion properties:
    • Instance and Volume Whitelist fields - Whitelist instances and volumes by specifying EC2 tags (as <key>=<value> pairs) defined on the instances and volumes. For example, organization=<yourcompany>. When specified as a comma-separated list, the tags are OR’d. To use instance and volume whitelisting, you must also add an AWS Metrics+ integration because the AWS tags are imported from the EC2 service. If you don’t specify any tags, Wavefront imports metrics from all instances and volumes.
    • Metric Whitelist field - Whitelist metrics by specifying a regular expression. The regular expression must be a complete match of the entire metric name. For example, if you only want CloudWatch data for elb and rds (which come under aws.rds), then use a regular expression such as: ^aws.(elb|rds).*$. If you do not specify a regular expression, all CloudWatch metrics are retrieved.
    • Point Tag Whitelist - Whitelist AWS point tags by specifying a regular expression. If you do not specify a regular expression, no point tags are added to metrics.
    • Service Refresh Rate - Number of minutes between requesting metrics. Default: 5.
  6. Click Save.

Sources

Wavefront automatically sets each metric’s source field and adds source tags to each AWS source.

Metric Source Field

Wavefront sets the value of the AWS metric source field by service:

  • EC2 - the value of the hostname, host, or name EC2 tags, if the tags exist and you have an EC2 integration. Otherwise, the source is set to the Amazon instance ID.
  • EBS - the Amazon instance ID of the EC2 instance the volume is attached to.
  • All other services - the value of the first CloudWatch dimension. The supported dimensions appear at the bottom of the Amazon service metric documentation topic. For example, see Amazon EC2 Dimensions.

Source Tags

AWS sources are assigned source tags that identify their originating service: wavefront.aws.<service>. For example: wavefront.aws.ec2, wavefront.aws.ebs, etc.)

Point Tags

Wavefront adds the following point tags to CloudWatch metrics:

  • accountId - the Amazon account that reported the metric.
  • Region - The region in which the service is running. Added to EC2 and EBS metrics only.
  • CloudWatch dimensions. The dimensions vary by service. For example, for AWS S3, the BucketName dimension is added as a point tag.

CloudWatch Pricing

Standard AWS CloudWatch pricing applies each time Wavefront requests metrics using the CloudWatch API. For pricing information, see AWS | Amazon CloudWatch | Pricing. After selecting a region, you can find the current expected price under Amazon CloudWatch API Requests. In addition, custom metrics have a premium price; see the Amazon CloudWatch Custom Metrics section of the pricing page. To limit cost, by default Wavefront queries the API every 5 minutes. However, you can change the request rate, which will change the cost.

As an alternative to using the CloudWatch API for EC2 metrics, you can collect these metrics using a Telegraf collector on each AWS instance. In this case, to prevent CloudWatch from requesting those metrics, you should set the Metric Whitelist property to allow all metrics except EC2. For example:

^aws.(billing|instance|sqs|sns|reservedInstance|ebs|route53.health|ec2.status|elb|s3).*$

By default, on a new Wavefront trial, Wavefront limits the number of unique metrics that can be retrieved from CloudWatch to 10K to cap the AWS CloudWatch bill.

Configuring Billing Metrics

The AWS Billing and Cost Management service sends billing metrics to CloudWatch. You configure AWS to produce aws.billing.* metrics by checking the Receive Billing Alerts checkbox on the Preferences tab in the AWS Billing and Cost Management console:

aws billing

Wavefront reports the single metric aws.billing.estimatedcharges. The source field and ServiceName point tag identify the AWS services. For the total estimated charge metric, source is set to usd and ServiceName is empty. Wavefront also provides the point tags accountId, Currency, LinkedAccount, and Region. Billing metrics are typically reported every 4 hours.

CloudTrail Data

Wavefront retrieves CloudTrail event information stored in JSON-formatted log files in an S3 bucket. The integration parses the files for all events that result from an operation that is not a describe, get, or list, and creates a Wavefront System event. The EC2 operations include: [Run|Start|Stop|Terminate|Monitor|Unmonitor]Instances, [Attach|Detach]Volume, DeleteNetworkInterface, AuthorizeSecurityGroupIngress, CreateSecurityGroup, RequestSpotInstances, CancelSpotInstanceRequests, ModifyInstanceAttribute, CreateTags, [Create|Delete]KeyPair, and DeregisterImage.

In the Events browser the events are named AWS Action: <Operation> and have the event tag aws.cloudtrail.ec2. For example:

aws start instance

AWS Metrics+ Data

AWS Metrics+ are metrics retrieved using AWS metrics API calls other than CloudWatch. Unless otherwise indicated, Wavefront sets the value of the AWS Metrics+ source field to the AWS instance ID. If an EBS volume is detached, its source field is set to the volume ID. The metrics include:

  • aws.instance.price - EC2 instances and how much they cost per hour. This metric includes the point tags availabilityZone, instanceID, instanceLifecycle, instanceType, and operatingSystem.
  • aws.reservedinstance.count - Number of reserved instances in each availability zone by each instance type. This metric includes the point tags availabilityZone, instanceID, instanceType, and operatingSystem. This metric appears only if your account has reserved instances.
  • EBS metrics - EBS metrics include the point tags instanceID, Region, State, Status, volumeId, and volumeType (see Amazon EBS Volume Types). The Status can be attached, detaching, or attaching. The State can be available (detached) or in-use (attached).
    • aws.ebs.volumesize - The volume size of the elastic block store.
    • aws.ebs.volumeiops - The volume I/O operations of the elastic block store.
  • SQS - AWS SQS metrics retrieved every minute from the SQS service.
    • aws.sqs.approximatenumberofmessagesnotvisible - The number of messages that are “in flight.” Messages are considered in flight if they have been sent to a client but have not yet been deleted or have not yet reached the end of their visibility window.
    • aws.sqs.approximatenumberofmessagesdelayed - The number of messages in the queue that are delayed and not available for reading immediately. This can happen when the queue is configured as a delay queue or when a message has been sent with a delay parameter.
    • aws.sqs.approximatenumberofmessages aliased to the CloudWatch metric aws.sqs.approximatenumberofmessagesvisible - The number of messages available for retrieval from the queue.
  • Pricing Metrics - capture the current pricing of EC2 instances. These metrics are available as a preview and subject to change. These metrics have the point tags instanceType, operatingSystem, Region, purchaseOption (All Upfront, Partial Upfront, No Upfront), leaseContractLength (1 or 3 years), and offeringClass (standard or convertible)). The source field is set to the display name of the region. For example, if Region=us-west2, then source=us west (oregon).
    • ~sample.aws.ec2.on-demand.price.hourly - the hourly price (in US$) of an on-demand instance.
    • ~sample.aws.ec2.reserved.price.upfront - the up-front payment (in US$) for a reservation. This metric reports 0 when purchaseOption is No Upfront.
    • ~sample.aws.ec2.reserved.price.hourly - the hourly payment (in US$) for a reservation. This metric reports 0 when the purchaseOption is All Upfront.

Viewing AWS Metrics

You can view AWS metrics by selecting Browse > Metrics and searching for metrics beginning with aws.:

aws metrics

You can drill into the folder for a specific service and click a metric to navigate to a chart that displays that set of data. For example, clicking clicking the folder aws.ec2., then the metric aws.ec2.cpuutilization, and then refining the query by the Region point tag and the topk function yields the following chart:

aws cpu utilization

AWS Aggregate Metrics

All AWS metrics return the following aggregate metrics: average, maximum, minimum, sample count, and sum. To view the aggregate metrics,

  1. Search for a specific metric, for example aws.ec2.cpuutilization:

    aws cpu utilization folder

  2. Click the metric folder, for example aws.ec2.cpuutilization., to display the aggregate metrics:

    aws cpu utilization aggregate metrics

AWS Dashboards

If you set up an Amazon Web Services integration, Wavefront installs AWS overview dashboards Summary, Pricing, and Billing and the AWS service-specific dashboards: EC2, ECS, ELB, DynamoDB, Lambda, and Redshift. All AWS dashboards have a tag ~integration.aws.<service>. For example: ~integration.aws.ec2, ~integration.aws.lambda, etc.