Amazon CloudWatch

Reading time: 0 minute(s) (0 words)

Amazon CloudWatch is a monitoring and observability service and a repository that aggregates data from more than 70 AWS data sources. CloudWatch also allows users to publish custom metrics from their services. Creating SLOs using this data is a powerful tool to monitor large portfolios of products.

Nobl9 integration with CloudWatch supports CloudWatch Metrics Insights. Leveraging Metrics Insights, Nobl9 users can retrieve metrics even faster and gain added flexibility in querying raw service level indicator (SLI) data to use for their SLOs.

Using CloudWatch as a Source in Nobl9, users can configure their SLOs by leveraging data in CloudWatch-specific groupings – i.e., by region, namespaces, and dimensions.

Amazon CloudWatch parameters and supported features in Nobl9

General support:

Release channel: Stable, Beta

Connection method: Agent, Direct

Replay and SLI Analyzer: Historical data limit 15 days

Event logs: Supported

Query checker: Not supported

Query parameters retrieval: Supported

Timestamp cache persistence: Supported

---

Query parameters:

Query interval: 1 min

Query delay: 1 min

Jitter: 15 sec

Timeout: 30 sec

---

Agent details and minimum required versions for supported features:

Plugin name: n9cloudwatch

Query delay environment variable: CW_QUERY_DELAY

Replay and SLI Analyzer: 0.65.0

Query parameters retrieval: 0.73.2

Timestamp cache persistence: 0.65.0

---

Additional notes:

Support for AWS cross-account observability

No support for high-resolution metrics and metrics that use more than one Unit

Learn more

AWS Cross-account observability

Nobl9 supports AWS cross-account observability AWS cross-account observability for CloudWatch through the AWS Account ID parameter that you can enter in Step 2 of the SLO wizard.

The AWS Account ID as an optional parameter for CloudWatch (direct or agent connection methods) if you'd like to access your SLO data from multiple accounts within a Region. It is a 12-digit identification number of your AWS account. Check AWS Documentation to learn more about the Account ID.

caution

AWS cross-account observability is available for Configuration and JSON metric types. SQL and SQL within JSON metrics for CloudWatch do not support AWS cross-account observability.

Nobl9 accepts only a numeric form of an AWS account ID (AWS account alias isn't accepted).

Authentication

Cross-Account IAM roles

You can activate cross-account access in AWS using the External ID and Nobl9 AWS Account ID. Copy these values in the Data source wizard. You need them to create an IAM role ARN with cross-account access.

note

You can retrieve External ID and Nobl9 AWS Account ID using sloctl aws-iam-ids direct [direct-name] command which returns External ID and Nobl9 AWS Account ID for the specific direct.

Image 1: Configuring IAM Role ARN in the Data source wizard

IAM role ARN creation

note

Check Cross Account Resource Access in IAM | AWS documentation to learn more.

Sign in to the AWS Management Console. Open the IAM console.

1. Choose Roles on the navigation pane.

The Roles section opens.

2. Click Create Role:

   

To create the access role, select a trusted entity first.

1. Choose AWS account role.

4. Choose Another AWS account. Paste the Nobl9 Account ID you copied in the Nobl9 Data source wizard.
   This is the account you're granting access to your resources.

5. Select Require External ID. Paste the Nobl9 External ID you copied in the Nobl9 Data source wizard.
   This option automatically adds a condition to the trust policy, allowing users to assume the role only if the request includes the correct sts:ExternalID.
   

6. Click Next.
7. Attach the CloudWatchReadOnlyAccess permission for your account:

8. Click Next and save the role. Then, copy its IAM Role ARN to the Data source wizard in Nobl9 UI.

Adding Amazon CloudWatch as a data source

To ensure data transmission between Nobl9 and Amazon CloudWatch, it may be necessary to list Nobl9 IP addresses as trusted.

💻ip allowlist

IP addresses to include in your allowlist for secure access:

If you're using app.nobl9.com instance:

• 18.159.114.21
• 18.158.132.186
• 3.64.154.26

If you're using us1.nobl9.com instance:

• 34.121.54.120
• 34.123.193.191
• 34.134.71.10
• 35.192.105.150
• 35.225.248.37
• 35.226.78.175
• 104.198.44.161

You can add the Amazon CloudWatch data source using the direct or agent connection methods.

Direct connection method

Nobl9 Web

Direct connection to CloudWatch requires users to enter their credentials which Nobl9 stores safely. To set up this type of connection:

1. Navigate to Integrations > Sources.
2. Click .
3. Click the required Source button.
4. Choose Direct.

5. Select one of the following Release Channels:

   • The stable channel is fully tested by the Nobl9 team. It represents the final product; however, this channel does not contain all the new features of a beta release. Use it to avoid crashes and other limitations.
   • The beta channel is under active development. Here, you can check out new features and improvements without the risk of affecting any viable SLOs. Remember that features in this channel can change.

6. Enter the IAM Role ARN.
   Check the instructions above for more details.

7. Select a Project.
   Specifying a project is helpful when multiple users are spread across multiple teams or projects. When the Project field is left blank, Nobl9 uses the default project.
8. Enter a Display Name.
   You can enter a user-friendly name with spaces in this field.
9. Enter a Name.
   The name is mandatory and can only contain lowercase, alphanumeric characters, and dashes (for example, my-project-1). Nobl9 duplicates the display name here, transforming it into the supported format, but you can edit the result.
10. Enter a Description.
    Here you can add details such as who is responsible for the integration (team/owner) and the purpose of creating it.
11. Specify the Query delay to set a customized delay for queries when pulling the data from the data source.

    • The default value in Amazon Cloudwatch integration for Query delay is 1 minute.

    info

    Changing the Query delay may affect your SLI data. For more details, check the Query delay documentation.
12. Enter a Maximum Period for Historical Data Retrieval.

    • This value defines how far back in the past your data will be retrieved when replaying your SLO based on this data source.
    • The maximum period value depends on the data source.
      Find the maximum value for your data source.
    • A greater period can extend the loading time when creating an SLO.
    • The value must be a positive integer.
13. Enter a Default Period for Historical Data Retrieval.

    • It is used by SLOs connected to this data source.
    • The value must be a positive integer or 0.
    • By default, this value is set to 0. When you set it to >0, you will create SLOs with Replay.
14. Click Add Data Source.

note

The value for the Maximum Period for Data Retrieval for CloudWatch Configurations queries is 15 days.

caution

Replay for CloudWatch doesn't support SQL and JSON queries.

If you set the Default Value Historical Data Retrieval to >0, you won’t be able to use JSON and SQL queries.

sloctl

1. Create a YAML definition to set up a direct connection with Amazon CloudWatch. For this, refer to the following example:

YAML definition for the direct connection method

apiVersion: n9/v1alpha
kind: Direct
metadata:
  name: cloud-watch
  displayName: CloudWatch Direct
  project: default
spec:
  description: Example CloudWatch Direct
  releaseChannel: stable
  cloudWatch:
    roleARN: arn:aws:iam::123456578901:role/awsCrossAccountProdCloudwatch-prod-app
  historicalDataRetrieval:
    maxDuration:
      value: 15
      unit: Day
    defaultDuration:
      value: 7
      unit: Day
    triggeredBySloCreation:
      value: 7
      unit: Day
    triggeredBySloEdit:
      value: 7
      unit: Day
  queryDelay:
    value: 2
    unit: Minute

Field	Type	Description
queryDelay.unit mandatory	enum	Specifies the unit for the query delay. Possible values: Second | Minute. • Check query delay documentation for default unit of query delay for each source.
queryDelay.value mandatory	numeric	Specifies the value for the query delay. • Must be a number less than 1440 minutes (24 hours). • Check query delay documentation for default unit of query delay for each source.
logCollectionEnabled optional	boolean	Optional. Defaults to false. Set to true if you'd like your direct to collect event logs. Contact us to activate it.
releaseChannel mandatory	enum	Specifies the release channel. Accepted values: beta | stable.
Source-specific fields
cloudwatch.roleARN mandatory	string	See authentication section above for more details.
Replay-related fields
historicalDataRetrieval optional	n/a	Optional structure related to configuration related to Replay. ❗ Use only with supported sources. • If omitted, Nobl9 uses the default values of value: 0 and unit: Day for maxDuration and defaultDuration.
maxDuration.value optional	numeric	Specifies the maximum duration for historical data retrieval. Must be integer ≥ 0. See Replay documentation for values of max duration per data source.
maxDuration.unit optional	enum	Specifies the unit for the maximum duration of historical data retrieval. Accepted values: Minute | Hour | Day.
defaultDuration.value optional	numeric	Specifies the default duration for historical data retrieval. Must be integer ≥ 0 and ≤ maxDuration.
defaultDuration.unit optional	enum	Specifies the unit for the default duration of historical data retrieval. Accepted values: Minute | Hour | Day.

caution

If you set the value for the Default Value Historical Data Retrieval to >0, you won’t be able to use JSON and SQL queries. Refer to the replay documentation for more details.

2. Apply your YAML definition using the sloctl apply command.

Agent connection method

Nobl9 Web

Follow the instructions below to create your CloudWatch agent connection. Refer to the section above for the description of the fields.

1. Navigate to Integrations > Sources.
2. Click .
3. Click the required Source button.
4. Choose Agent.

5. Select one of the following Release Channels:

   • The stable channel is fully tested by the Nobl9 team. It represents the final product; however, this channel does not contain all the new features of a beta release. Use it to avoid crashes and other limitations.
   • The beta channel is under active development. Here, you can check out new features and improvements without the risk of affecting any viable SLOs. Remember that features in this channel can change.

6. Select a Project.
   Specifying a project is helpful when multiple users are spread across multiple teams or projects. When the Project field is left blank, Nobl9 uses the default project.
7. Enter a Display Name.
   You can enter a user-friendly name with spaces in this field.
8. Enter a Name.
   The name is mandatory and can only contain lowercase, alphanumeric characters, and dashes (for example, my-project-1). Nobl9 duplicates the display name here, transforming it into the supported format, but you can edit the result.
9. Enter a Description.
   Here you can add details such as who is responsible for the integration (team/owner) and the purpose of creating it.
10. Specify the Query delay to set a customized delay for queries when pulling the data from the data source.

    • The default value in Amazon Cloudwatch integration for Query delay is 1 minute.

    info

    Changing the Query delay may affect your SLI data. For more details, check the Query delay documentation.
11. Enter a Maximum Period for Historical Data Retrieval.

    • This value defines how far back in the past your data will be retrieved when replaying your SLO based on this data source.
    • The maximum period value depends on the data source.
      Find the maximum value for your data source.
    • A greater period can extend the loading time when creating an SLO.
    • The value must be a positive integer.
12. Enter a Default Period for Historical Data Retrieval.

    • It is used by SLOs connected to this data source.
    • The value must be a positive integer or 0.
    • By default, this value is set to 0. When you set it to >0, you will create SLOs with Replay.
13. Click Add Data Source.
Deploy your agent in a Kubernetes cluster or Docker container.

note

The value for the Maximum Period for Data Retrieval for CloudWatch Configurations queries is 15 days.

caution

Replay for CloudWatch doesn't support SQL and JSON queries.

If you set the Default Value Historical Data Retrieval to >0, you won’t be able to use JSON and SQL queries.

sloctl

1. Create a YAML definition to set up an agent connection with Amazon CloudWatch. For this, refer to the following example:

YAML definition for the agent connection method

apiVersion: n9/v1alpha
kind: Agent
metadata:
  name: cloud-watch
  displayName: CloudWatch Agent
  project: default
spec:
  description: Example CloudWatch Agent
  releaseChannel: beta
  cloudWatch: {}
  historicalDataRetrieval:
    maxDuration:
      value: 15
      unit: Day
    defaultDuration:
      value: 7
      unit: Day
  queryDelay:
    value: 2
    unit: Minute

Field	Type	Description
queryDelay.unit mandatory	enum	Specifies the unit for the query delay. Possible values: Second | Minute. • Check query delay documentation for default unit of query delay for each source.
queryDelay.value mandatory	numeric	Specifies the value for the query delay. • Must be a number less than 1440 minutes (24 hours). • Check query delay documentation for default unit of query delay for each source.
releaseChannel mandatory	enum	Specifies the release channel. Accepted values: beta | stable.
Replay-related fields
historicalDataRetrieval optional	n/a	Optional structure related to configuration related to Replay. ❗ Use only with supported sources. • If omitted, Nobl9 uses the default values of value: 0 and unit: Day for maxDuration and defaultDuration.
maxDuration.value optional	numeric	Specifies the maximum duration for historical data retrieval. Must be integer ≥ 0. See Replay documentation for values of max duration per data source.
maxDuration.unit optional	enum	Specifies the unit for the maximum duration of historical data retrieval. Accepted values: Minute | Hour | Day.
defaultDuration.value optional	numeric	Specifies the default duration for historical data retrieval. Must be integer ≥ 0 and ≤ maxDuration.
defaultDuration.unit optional	enum	Specifies the unit for the default duration of historical data retrieval. Accepted values: Minute | Hour | Day.

1. Apply your YAML definition using the sloctl apply command.
2. Deploy your agent in a Kubernetes cluster or Docker container.

CloudWatch API rate limits

For GetMetricData API, CloudWatch has limit of 50TPS per Region set by default. This is the maximum number of operation requests you can make per second. For more information, refer to the CloudWatch service quotas | CloudWatch documentation.

CloudWatch has minimum query and store period - one second. By default, CloudWatch stores data with a 1-minute period.

CloudWatch retains metric data differently for various store period. For more information, refer to the GetMetricData | CloudWatch documentation.

Known limitations

CloudWatch SQL query is available in all AWS Regions, except China.

Useful links

For a more in-depth look, consult additional resources:

Put Metric DataCloudWatch docsGet Metric DataCloudWatch docsAmazon CloudWatch ConceptsCloudWatch docsCloudWatch Statistics DefinitionsCloudWatch docsAWS Regional EndpointsCloudWatch docsCloudWatch Metrics InsightsCloudWatch docsCloudWatch Service QuotasCloudWatch docsAgent metricsAgentCreating SLOs via TerraformTerraformCreating agents via TerraformTerraform