Skip to main content

Amazon CloudWatch

Reading time: 0 minute(s) (0 words)

Amazon CloudWatch is a monitoring and observability service and a repository that aggregates data from more than 70 AWS data sources. CloudWatch also allows users to publish custom metrics from their services. Creating SLOs using this data is a powerful tool to monitor large portfolios of products.

Nobl9 integration with CloudWatch supports CloudWatch Metrics Insights. Leveraging Metrics Insights, Nobl9 users can retrieve metrics even faster and gain added flexibility in querying raw service level indicator (SLI) data to use for their SLOs.

Using CloudWatch as a Source in Nobl9, users can configure their SLOs by leveraging data in CloudWatch-specific groupings – i.e., by region, namespaces, and dimensions.

Amazon CloudWatch parameters and supported features in Nobl9
General support:
Release channel: Stable, Beta
Connection method: Agent, Direct
Replay and SLI Analyzer: Supported
Event logs: Supported
Query checker: Not supported
Query parameters retrieval: Supported
Timestamp cache persistence: Supported
Query parameters:
Query interval: 1 min
Query delay: 1 min
Jitter: 15 sec
Timeout: 30 sec
Agent details and minimum required versions for supported features:
Environment variable: CW_QUERY_DELAY
Plugin name: n9cloudwatch
Replay and SLI Analyzer: 0.65.0
Maximum historical data retrieval period: 15 days
Query parameters retrieval: 0.73.2
Timestamp cache persistence: 0.65.0
Additional notes:
Support for AWS cross-account observability
No support for high-resolution metrics and metrics that use more than one Unit
Learn more Opens in a new tab

AWS Cross-account observability​

Nobl9 supports AWS cross-account observability AWS cross-account observability for CloudWatch through the AWS Account ID parameter that you can enter in Step 2 of the SLO wizard.

The AWS Account ID as an optional parameter for CloudWatch (direct or agent connection methods) if you'd like to access your SLO data from multiple accounts within a Region. It is a 12-digit identification number of your AWS account. Check AWS Documentation to learn more about the Account ID.

caution

AWS cross-account observability is available for Configuration and JSON metric types. SQL and SQL within JSON metrics for CloudWatch do not support AWS cross-account observability.

Nobl9 accepts only a numeric form of an AWS account ID (AWS account alias isn't accepted).

Authentication​

Cross-Account IAM roles​

You can activate cross-account access in AWS using the External ID and Nobl9 AWS Account ID. Copy these values in the Data source wizard. You need them to create an IAM role ARN with cross-account access.

note

You can retrieve External ID and Nobl9 AWS Account ID using sloctl aws-iam-ids direct [direct-name] command which returns External ID and Nobl9 AWS Account ID for the specific direct.

CloudWatch IAM ARN config
Image 1: Configuring IAM Role ARN in the Data source wizard

IAM role ARN creation​

note

Check Cross Account Resource Access in IAM | AWS documentation to learn more.

Sign in to the AWS Management Console. Open the IAM console.

  1. Choose Roles on the navigation pane.

The Roles section opens.

  1. Click Create Role:

    Create AWS role

To create the access role, select a trusted entity first.

  1. Choose AWS account role.
AWS Account ID

  1. Choose Another AWS account. Paste the Nobl9 Account ID you copied in the Nobl9 Data source wizard.
    This is the account you're granting access to your resources.

  2. Select Require External ID. Paste the Nobl9 External ID you copied in the Nobl9 Data source wizard.
    This option automatically adds a condition to the trust policy, allowing users to assume the role only if the request includes the correct sts:ExternalID.

AWS Account ID
  1. Click Next.
  2. Attach the CloudWatchReadOnlyAccess permission for your account:
ACloudWatch read only access
  1. Click Next and save the role. Then, copy its IAM Role ARN to the Data source wizard in Nobl9 UI.

Adding Amazon CloudWatch as a data source​

To ensure data transmission between Nobl9 and Amazon CloudWatch, it may be necessary to list Nobl9 IP addresses as trusted.

πŸ’»ip allowlist
IP addresses to include in your allowlist for secure access:

If you're using app.nobl9.com instance:
  • 18.159.114.21
  • 18.158.132.186
  • 3.64.154.26
If you're using us1.nobl9.com instance:
  • 34.121.54.120
  • 34.123.193.191
  • 34.134.71.10
  • 35.192.105.150
  • 35.225.248.37
  • 35.226.78.175
  • 104.198.44.161

You can add the Amazon CloudWatch data source using the direct or agent connection methods.

Direct connection method​

Nobl9 Web​

Direct connection to CloudWatch requires users to enter their credentials which Nobl9 stores safely. To set up this type of connection:

  1. Navigate to Integrations > Sources.
  2. Click .
  3. Click the required Source button.
  4. Choose Direct.
  1. Select one of the following Release Channels:
    • The stable channel is fully tested by the Nobl9 team. It represents the final product; however, this channel does not contain all the new features of a beta release. Use it to avoid crashes and other limitations.
    • The beta channel is under active development. Here, you can check out new features and improvements without the risk of affecting any viable SLOs. Remember that features in this channel can change.

  2. Enter the IAM Role ARN.
    Check the instructions above for more details.

  1. Select a Project.
    Specifying a project is helpful when multiple users are spread across multiple teams or projects. When the Project field is left blank, Nobl9 uses the default project.
  2. Enter a Display Name.
    You can enter a user-friendly name with spaces in this field.
  3. Enter a Name.
    The name is mandatory and can only contain lowercase, alphanumeric characters, and dashes (for example, my-project-1). Nobl9 duplicates the display name here, transforming it into the supported format, but you can edit the result.
  4. Enter a Description.
    Here you can add details such as who is responsible for the integration (team/owner) and the purpose of creating it.
  5. Specify the Query delay to set a customized delay for queries when pulling the data from the data source.
    • The default value in Amazon Cloudwatch integration for Query delay is 1 minute.
    info
    Changing the Query delay may affect your SLI data. For more details, check the Query delay documentation.
  6. Enter a Maximum Period for Historical Data Retrieval.
    • This value defines how far back in the past your data will be retrieved when replaying your SLO based on this data source.
    • The maximum period value depends on the data source.
      Find the maximum value for your data source.
    • A greater period can extend the loading time when creating an SLO.
      • The value must be a positive integer.
  7. Enter a Default Period for Historical Data Retrieval.
    • It is used by SLOs connected to this data source.
    • The value must be a positive integer or 0.
    • By default, this value is set to 0. When you set it to >0, you will create SLOs with Replay.
  8. Click Add Data Source.
note

The value for the Maximum Period for Data Retrieval for CloudWatch Configurations queries is 15 days.

caution

Replay for CloudWatch doesn't support SQL and JSON queries.

If you set the Default Value Historical Data Retrieval to >0, you won’t be able to use JSON and SQL queries.

sloctl​

The YAML for setting up a direct connection with CloudWatch looks like this:

apiVersion: n9/v1alpha
kind: Direct
metadata:
  name: cloudwatch-direct
  displayName: CloudWatch direct
  project: cloudwatch-direct
spec:
  description: Direct integration with CloudWatch
  sourceOf:
    - Metrics
  releaseChannel: stable
  queryDelay:
    unit: Minute
    value: 720
  cloudWatch:
    roleARN: ""
  logCollectionEnabled: false # boolean, defaults to 'false'. Set to true if you'd like your source to collect logs. Available for data sources connected using the direct method only. Reach out to support@nobl9.com to activate it.
  historicalDataRetrieval:
    maxDuration:
      value: 15 # Max duration for CloudWatch β‰₯ 15 days
      unit: Day
    defaultDuration:
      value: 0
      unit: Day
FieldTypeDescription
queryDelay.unit
mandatory
enumSpecifies the unit for the query delay. Possible values: Second | Minute.
β€’ Check query delay documentation for default unit of query delay for each source.
queryDelay.value
mandatory
numericSpecifies the value for the query delay.
β€’ Must be a number less than 1440 minutes (24 hours).
β€’ Check query delay documentation for default unit of query delay for each source.
logCollectionEnabled
optional
booleanOptional. Defaults to false. Set to true if you'd like your direct to collect event logs. Contact us to activate it.
releaseChannel
mandatory
enumSpecifies the release channel. Accepted values: beta | stable.
Source-specific fields
cloudwatch.roleARN
mandatory
stringSee authentication section above for more details.
Replay-related fields
historicalDataRetrieval
optional
n/aOptional structure related to configuration related to Replay.
❗ Use only with supported sources.
β€’ If omitted, Nobl9 uses the default values of value: 0 and unit: Day for maxDuration and defaultDuration.
maxDuration.value
optional
numericSpecifies the maximum duration for historical data retrieval. Must be integer β‰₯ 0. See Replay documentation for values of max duration per data source.
maxDuration.unit
optional
enumSpecifies the unit for the maximum duration of historical data retrieval. Accepted values: Minute | Hour | Day.
defaultDuration.value
optional
numericSpecifies the default duration for historical data retrieval. Must be integer β‰₯ 0 and ≀ maxDuration.
defaultDuration.unit
optional
enumSpecifies the unit for the default duration of historical data retrieval. Accepted values: Minute | Hour | Day.
caution

If you set the value for the Default Value Historical Data Retrieval to >0, you won’t be able to use JSON and SQL queries. Refer to the replay documentation for more details.

Agent connection method​

Nobl9 Web​

Follow the instructions below to create your CloudWatch agent connection. Refer to the section above for the description of the fields.

  1. Navigate to Integrations > Sources.
  2. Click .
  3. Click the required Source button.
  4. Choose Agent.
  1. Select one of the following Release Channels:
    • The stable channel is fully tested by the Nobl9 team. It represents the final product; however, this channel does not contain all the new features of a beta release. Use it to avoid crashes and other limitations.
    • The beta channel is under active development. Here, you can check out new features and improvements without the risk of affecting any viable SLOs. Remember that features in this channel can change.
  1. Select a Project.
    Specifying a project is helpful when multiple users are spread across multiple teams or projects. When the Project field is left blank, Nobl9 uses the default project.
  2. Enter a Display Name.
    You can enter a user-friendly name with spaces in this field.
  3. Enter a Name.
    The name is mandatory and can only contain lowercase, alphanumeric characters, and dashes (for example, my-project-1). Nobl9 duplicates the display name here, transforming it into the supported format, but you can edit the result.
  4. Enter a Description.
    Here you can add details such as who is responsible for the integration (team/owner) and the purpose of creating it.
  5. Specify the Query delay to set a customized delay for queries when pulling the data from the data source.
    • The default value in Amazon Cloudwatch integration for Query delay is 1 minute.
    info
    Changing the Query delay may affect your SLI data. For more details, check the Query delay documentation.
  6. Enter a Maximum Period for Historical Data Retrieval.
    • This value defines how far back in the past your data will be retrieved when replaying your SLO based on this data source.
    • The maximum period value depends on the data source.
      Find the maximum value for your data source.
    • A greater period can extend the loading time when creating an SLO.
      • The value must be a positive integer.
  7. Enter a Default Period for Historical Data Retrieval.
    • It is used by SLOs connected to this data source.
    • The value must be a positive integer or 0.
    • By default, this value is set to 0. When you set it to >0, you will create SLOs with Replay.
  8. Click Add Data Source.
note

The value for the Maximum Period for Data Retrieval for CloudWatch Configurations queries is 15 days.

caution

Replay for CloudWatch doesn't support SQL and JSON queries.

If you set the Default Value Historical Data Retrieval to >0, you won’t be able to use JSON and SQL queries.

sloctl​

The YAML for setting up an agent connection to CloudWatch looks like this:

apiVersion: n9/v1alpha
kind: Agent
metadata:
  name: agent-cloudwatch-data-source
  displayName: My Amazon CloudWatch data source
  project: my-project
spec:
  description: Amazon CloudWatch data source agent connection
  sourceOf:
    - Metrics
  releaseChannel: stable
  queryDelay:
    unit: Minute
    value: 720
  cloudWatch: {}
  historicalDataRetrieval:
    maxDuration:
      value: 15
      unit: Day
    defaultDuration:
      value: 0
      unit: Day
FieldTypeDescription
queryDelay.unit
mandatory
enumSpecifies the unit for the query delay. Possible values: Second | Minute.
β€’ Check query delay documentation for default unit of query delay for each source.
queryDelay.value
mandatory
numericSpecifies the value for the query delay.
β€’ Must be a number less than 1440 minutes (24 hours).
β€’ Check query delay documentation for default unit of query delay for each source.
releaseChannel
mandatory
enumSpecifies the release channel. Accepted values: beta | stable.
Replay-related fields
historicalDataRetrieval
optional
n/aOptional structure related to configuration related to Replay.
❗ Use only with supported sources.
β€’ If omitted, Nobl9 uses the default values of value: 0 and unit: Day for maxDuration and defaultDuration.
maxDuration.value
optional
numericSpecifies the maximum duration for historical data retrieval. Must be integer β‰₯ 0. See Replay documentation for values of max duration per data source.
maxDuration.unit
optional
enumSpecifies the unit for the maximum duration of historical data retrieval. Accepted values: Minute | Hour | Day.
defaultDuration.value
optional
numericSpecifies the default duration for historical data retrieval. Must be integer β‰₯ 0 and ≀ maxDuration.
defaultDuration.unit
optional
enumSpecifies the unit for the default duration of historical data retrieval. Accepted values: Minute | Hour | Day.
warning

You can deploy only one agent in one YAML file by using the sloctl apply command.

Agent deployment​

When you add the data source, Nobl9 automatically generates a Kubernetes configuration and a Docker command line for you to use to deploy the agent. Both of these are available in the web UI, under the Agent Configuration section. Be sure to swap in your credentials (e.g., if you are using AWS Access Key ID and Secret Access Key, replace AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY in the following deployment descriptions).

caution

Ensure AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY variables are set appropriately if you are using Access/Secret Keys. If these variables are not set, a Default Credential Provider Chain will be used.

If you use Kubernetes, you can apply the supplied YAML config file to a Kubernetes cluster to deploy the agent. It will look something like this:

# DISCLAIMER: This deployment description contains only the fields necessary for the purpose of this demo.
# It is not a ready-to-apply k8s deployment description, and the client_id and client_secret are only exemplary values.

apiVersion: v1
kind: Secret
metadata:
  name: agent-cloudwatch-data-source
  namespace: my-namespace
type: Opaque
stringData:
  aws_access_key_id: <AWS_ACCESS_KEY_ID>
  aws_secret__access_key: <AWS_SECRET_ACCESS_KEY>
  client_id: "unique_user_id"
  client_secret: "unique_client_secret"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: agent-cloudwatch-data-source
  namespace: my-namespace
spec:
  replicas: 1
  selector:
    matchLabels:
      nobl9-agent-name: agent-cloudwatch-data-source
      nobl9-agent-project: my-project
      nobl9-agent-organization: my-organization
  template:
    metadata:
      labels:
        nobl9-agent-name: agent-cloudwatch-data-source
        nobl9-agent-project: my-project
        nobl9-agent-organization: my-organization
    spec:
      containers:
        - name: agent-container
          image: nobl9/agent:0.88.0-beta
          resources:
            requests:
              memory: "350Mi"
              cpu: "0.1"
          env:
            - name: N9_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  key: client_id
                  name: agent-cloudwatch-data-source
            - name: N9_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  key: client_secret
                  name: agent-cloudwatch-data-source
            - name: AWS_ACCESS_KEY_ID
              valueFrom:
                secretKeyRef:
                  key: aws_access_key_id
                  name: agent-cloudwatch-data-source
            - name: AWS_SECRET_ACCESS_KEY
              valueFrom:
                secretKeyRef:
                  key: aws_secret_access_key
                  name: agent-cloudwatch-data-source
            # The N9_METRICS_PORT is a variable specifying the port to which the /metrics and /health endpoints are exposed.
            # The 9090 is the default value and can be changed.
            # If you don’t want the metrics to be exposed, comment out or delete the N9_METRICS_PORT variable.
            - name: N9_METRICS_PORT
              value: "9090"

Creating SLOs with CloudWatch​

Using Amazon CloudWatch, you can create SLOs by:

  • Entering standard threshold and ratio metrics

  • Entering an SQL query

  • Entering multiple queries through JSON

All three methods are available both in the UI and through applying YAML (see the Creating CloudWatch SLOs - YAML section).

Nobl9 Web​

Follow the instructions below to create your SLOs with CloudWatch in the UI:

  1. Navigate to Service Level Objectives.
  2. Click .
  3. Select a Service.
    It will be the location for your SLO in Nobl9.
  4. Select your Amazon CloudWatch data source.
  5. Modify Period for Historical Data Retrieval, when necessary.
    • This value defines how far back in the past your data will be retrieved when replaying your SLO based on Amazon CloudWatch.
    • A longer period can extend the data loading time for your SLO.
    • Must be a positive whole number up to the maximum period value you've set when adding the Amazon CloudWatch data source.
  6. Select the Metric type:
    • Threshold metric: a single time series is evaluated against a threshold.
    • Ratio metric: two-time series for comparison for good events and total events.
      For ratio metrics, select the Data count method: incremental or non-incremental.
SLI values for good and total
When choosing the query for the ratio SLI (countMetrics), keep in mind that the values ​​resulting from that query for both good and total:
  • Must be positive.
  • While we recommend using integers, fractions are also acceptable.
    • If using fractions, we recommend them to be larger than 1e-4 = 0.0001.
  • Shouldn't be larger than 1e+20.
  1. Configure the metric.
    CloudWatch allows you to create your query in the following ways:
    • Enter standard threshold and ratio metrics (click Configurations)
    • Enter an SQL query
    • Enter a multiple query through JSON

Read Entering CloudWatch Query for detailed instructions.

  1. Define the Time Window for your SLO:
  2. Configure the Error budget calculation method and Objectives:
    • Occurrences method counts good attempts against the count of total attempts.
    • Time Slices method measures how many good minutes were achieved (when a system operates within defined boundaries) during a time window.
    • You can define up to 12 objectives for an SLO.

      • Similar threshold values for objectives
      To use similar threshold values for different objectives in your SLO, we recommend differentiating them by setting varying decimal points for each objective.
      For example, if you want to use threshold value 1 for two objectives, set it to 1.0000001 for the first objective and to 1.0000002 for the second one.
      Learn more about threshold value uniqueness.
  3. Add the Display name, Name, and other settings for your SLO:
    • Name identifies your SLO in Nobl9. After you save the SLO, its name becomes read-only.
      Use only lowercase letters, numbers, and dashes.
    • Create Composite SLO: with this option selected, you create a composite SLO 1.0. Composite SLOs 1.0 are deprecated. They're fully operable; however, we encourage you to create new composite SLOs 2.0.
      You can create composite SLOs 2.0 with sloctl using the provided template. Alternatively, you can create a composite SLO 2.0 with Nobl9 Terraform provider.
    • Set Notifications on data. With it, Nobl9 will notify you in the cases when SLO won't be reporting data or report incomplete data for more than 15 minutes.
    • Add alert policies, labels, and links, if required.
      Up to 20 items of each type per SLO is allowed.
  4. Click CREATE SLO.

    5. SLO configuration use case
    Check the SLO configuration use case for a real-life SLO example.

Entering CloudWatch query​

Both, Ratio and Threshold metrics for a standard CloudWatch metric use the same parameters. For the Ratio Metric, choose one of the following metric types:

  • Good Metric, meaning a ratio of good requests and total requests
  • Bad Metric, meaning a ratio of bad requests and total requests
    and define the parameters separately.

  1. Enter an Account ID (optional).
    2. Use Account ID to access your SLO data from multiple accounts within a Region. An AWS account ID is a 12-digit identification number of your AWS account. Check AWS Documentation to learn more.

    note

    AWS cross-account observability is available for configuration-type metrics only. This field is supported only through the Beta release channel.

  2. Add a Region.
    3. It is a region code in AWS. Use one of the regional codes that are listed here.

  3. Add a Namespace (mandatory, max. number of characters 255).
    4. A namespace can contain alphanumeric characters, period, a hyphen, underscore, forward slash, hash, or colon. A Namespace is a container for CloudWatch metrics. For further details, see CloudWatch Concepts | Amazon CloudWatch Documentation.

  4. Add a Metric Name (mandatory, max. number of characters 255).

  5. Add Statistic function.
    6. Statistic functions are aggregations of metric data over specified periods. For example, you can use Maximum, Minimum, Sum, Average. To see all statistics are supported by CloudWatch for metrics, go to Statistics Definition | Amazon CloudWatch Documentation.

  6. Add Dimensions (optional, list).
    7. A dimension is a name/value pair that is part of the identity of a metric. Users can assign a max. of 10 dimensions to a metric.

    • Add a Name (mandatory, max. number of characters 255, don't trim whitespaces). The name of the dimension. Dimension names must contain only ASCII characters and must include at least one non-whitespace character.

    • Add a Value required (max. number of characters 255). It is the value of the dimension. Dimension values must contain only ASCII characters and must include at least one non-whitespace character.

sloctl​

Standard configuration​

Here’s an example of CloudWatch using a rawMetric (threshold metric):

apiVersion: n9/v1alpha
kind: SLO
metadata:
  name: cloudwatch-occurrences-threshold
  project: cloudwatch
spec:
  budgetingMethod: Occurrences
  description: ""
  indicator:
    metricSource:
      name: cloudwatch
  service: cloudwatch-service
  objectives:
    - target: 0.8
      op: lte
      rawMetric:
        query:
          cloudwatch:
            #accountID: "123456789012" optional
            region: eu-central-1
            namespace: AWS/RDS
            metricName: ReadLatency
            stat: Average
            dimensions:
              - name: DBInstanceIdentifier
                value: <identifier_of_your_db_instance> # replace with value that corresponds to your DBInstanceIdentifier
      value: 0.0004
  timeWindows:
    - calendar:
        startTime: "2020-11-14 12:30:00"
        timeZone: Etc/UTC
      count: 1
      isRolling: false
      unit: Day
---
apiVersion: n9/v1alpha
kind: SLO
metadata:
  name: cloudwatch-timeslices-threshold
  project: cloudwatch
spec:
  budgetingMethod: Timeslices
  description: ""
  indicator:
    metricSource:
      name: cloudwatch
  service:  cloudwatch-service
  objectives:
    - target: 0.8
      op: lte
      rawMetric:
        query:
          cloudwatch:
            #accountID: "123456789012" optional
            region: eu-central-1
            namespace: AWS/RDS
            metricName: ReadLatency
            stat: Average
            dimensions:
              - name: DBInstanceIdentifier
                value: <identifier_of_your_db_instance> # replace with value that corresponds to your DBInstanceIdentifier
      value: 0.0004
      timeSliceTarget: 0.5
  timeWindows:
    - calendar:
        startTime: "2020-11-14 12:30:00"
        timeZone: Etc/UTC
      count: 1
      isRolling: false
      unit: Day

Important notes:

Both ratio and threshold metrics for CloudWatch use the same parameters.
For ratio metric, define these parameters separately for the good/bad metric and total metric.

  • region is required. It is a region code in AWS. Use one of the regional codes listed here.

  • namespace is required (string, max. number of characters 255). It can contain alphanumeric characters, period ., hyphen -, underscore _, forward slash /, hash #, or colon :. A namespace is a container for CloudWatch metrics. For further details, see CloudWatch Concepts | Amazon CloudWatch documentation. Example: AWS/ApplicationELB.

  • metricName is required (string, max. number of characters 255).

  • stat is required. stats are aggregations of metric data over specified periods of time. To see what statistics are supported by CloudWatch for metrics, go to Statistics Definitions | Amazon CloudWatch documentation. Examples: Sum, Average, p95, TC(0.005:0.030).

  • dimensions field is optional (list). A dimension is a name/value pair that is part of the identity of a metric. Users can assign a max. of 10 dimensions to a metric.

    • name is required (string, max. number of characters 255). Dimension names must contain only ASCII characters and must include at least one non-whitespace character.

    • value is required (string, max. number of characters 255). Dimension values must contain only ASCII characters and must include at least one non-whitespace character.

Using CloudWatch SQL query​

Here’s an example of CloudWatch SQL query using rawMetric (threshold metric):

apiVersion: n9/v1alpha
kind: SLO
metadata:
  name: cloudwatch-occurrences-threshold-via-sql
  project: cloudwatch
spec:
  budgetingMethod: Occurrences
  description: ""
  indicator:
    metricSource:
      name: cloudwatch
  service: cloudwatch-service
  objectives:
    - target: 0.8
      op: lte
      rawMetric:
        query:
          cloudwatch:
            region: us-east-1
            sql: 'SELECT AVG(CPUUtilization)FROM "AWS/EC2"'
      value: 0.0004
  timeWindows:
    - calendar:
        startTime: "2021-10-01 12:30:00"
        timeZone: Etc/UTC
      count: 1
      isRolling: false
      unit: Day

Important notes:

Both ratio and threshold metrics for CloudWatch use the same parameters.
For ratio metric, define these parameters separately for the good/bad metric and total metric.

When using SQL query, only these fields are required:

  • region is mandatory. It is a regional code in AWS. Use one of the regional codes listed here. Note: CloudWatch SQL query is available in all AWS Regions, except China.

  • sql is mandatory. It is an SQL query to compare, aggregate, and group metrics by labels to gain real-time operational insights.

Multiple-metric SLO with JSON​

Here’s an example of CloudWatch JSON query using rawMetric (threshold metric):

apiVersion: n9/v1alpha
kind: SLO
metadata:
  name: cloudwatch-rawmetric-via-json
  project: cloudwatch
spec:
  budgetingMethod: Occurrences
  description: ""
  indicator:
    metricSource:
      kind: Agent
      name: cloudwatch
      project: cloudwatch
  objectives:
    - displayName: ""
      op: lte
      rawMetric:
        query:
          cloudWatch:
            json: |-
              [
                  {
                      "Id": "e1",
                      "Expression": "m1 / m2",
                      "Period": 60
                  },
                  {
                      "Id": "m1",
                      "MetricStat": {
                          "Metric": {
                              "Namespace": "AWS/ApplicationELB",
                              "MetricName": "HTTPCode_Target_2XX_Count",
                              "Dimensions": [
                                  {
                                      "Name": "LoadBalancer",
                                      "Value": "app/main-default-appingress-350b/904311bedb964754"
                                  }
                              ]
                          },
                          "Period": 60,
                          "Stat": "Sum"
                      },
                      "ReturnData": false
                  },
                  {
                      "Id": "m2",
                      "MetricStat": {
                          "Metric": {
                              "Namespace": "AWS/ApplicationELB",
                              "MetricName": "RequestCount",
                              "Dimensions": [
                                  {
                                      "Name": "LoadBalancer",
                                      "Value": "app/main-default-appingress-350b/904311bedb964754"
                                  }
                              ]
                          },
                          "Period": 60,
                          "Stat": "Sum"
                      },
                      "ReturnData": false
                  }
              ]
            region: eu-central-1
      target: 0.8
      value: 0.9
  service: cloudwatch-service
  timeWindows:
    - count: 1
      isRolling: true
      period:
        begin: "2021-11-10T14:49:37Z"
        end: "2021-11-10T15:49:37Z"
      unit: Hour

Important notes:

Both ratio and threshold metrics for CloudWatch use the same parameters.
For ratio metric, define these parameters separately for the good/bad metric and total metric.

When using multiple queries (JSON) it is important to remember about:

  • region field is mandatory. It is a regional code in AWS. Use one of the regional codes listed here.

  • json field is mandatory. It is a JSON query that lets you query multiple CloudWatch metrics and use math expressions to create new time series based on these metrics.

The following JSON validation applies:

  • The JSON query must be valid.

  • The JSON query should be an array of metrics.

  • Only one ReturnData field can be set to true (when it is not set, by default it is true), and the rest of the ReturnData fields in other metrics has to be set explicitly to false.

  • The Period field in MetricStat is required, and it has to be equal to 60, if MetricStat' does not exist, the Period field should be set in the base object to 60.

For further details on CloudWatch metric math functions, go to Using Metric Math | Amazon CloudWatch documentation.

Querying the CloudWatch server​

Once the SLO is set up, Nobl9 queries the CloudWatch server every 60 seconds.

CloudWatch API rate limits​

For GetMetricData API, CloudWatch has limit of 50TPS per Region set by default. This is the maximum number of operation requests you can make per second. For more information, refer to the CloudWatch service quotas | CloudWatch documentation.

CloudWatch has minimum query and store period - one second. By default, CloudWatch stores data with a 1-minute period.

CloudWatch retains metric data differently for various store period. For more information, refer to the GetMetricData | CloudWatch documentation.

Known limitations​

CloudWatch SQL query is available in all AWS Regions, except China.

For a more in-depth look, consult additional resources:
Put Metric DataCloudWatch docsGet Metric DataCloudWatch docsAmazon CloudWatch ConceptsCloudWatch docsCloudWatch Statistics DefinitionsCloudWatch docsAWS Regional EndpointsCloudWatch docsCloudWatch Metrics InsightsCloudWatch docsCloudWatch Service QuotasCloudWatch docsAgent metricsAgentCreating SLOs via TerraformTerraformCreating agents via TerraformTerraform
Last updated on
On this page