How do I create an Amazon CloudWatch alarm that monitors cross account metrics?

4 minute read
1

I want to create an Amazon CloudWatch alarm that monitors cross account metrics.

Short description

Amazon CloudWatch cross-account observability allows you to monitor and troubleshoot applications that span multiple accounts within an AWS Region. Also, you can search, visualize, and analyze your metrics, logs, traces, and CloudWatch Application Insights applications in any of the linked accounts without account boundaries. These capabilities allow you to create an alarm on your metrics to monitor cross account metrics.

Resolution

To create a CloudWatch alarm that monitors cross account metrics, complete the following steps:

Set up a monitoring account

Note: Before you begin to set up a monitoring account, make sure that you have the necessary permissions.

Complete the following steps:

  1. Sign in to the account that you want to use as a monitoring account.
  2. Sign in to the CloudWatch console.
  3. In the left navigation pane, select Settings.
  4. Next to Monitoring account configuration, choose Configure:
    For Select data, choose whether the monitoring account can view logs, metrics, traces, and CloudWatch Application Insights. CloudWatch Applications Insights contains applications data from the source accounts that they are linked to.
    For List source accounts, enter the source accounts that you want the monitoring account to view. To identify the source accounts, enter individual account IDs.
    For Define a label to identify your source account, choose whether you want to use account names or email addresses to identify the source accounts. These are the accounts that you want to be viewed by the monitoring account.
  5. Select Configure.

Download a CloudFormation template or URL

To download a CloudFormation template or copy a URL to link source accounts to the monitoring account, complete the following steps:

  1. Sign in to the account that you want to use as a monitoring account.
  2. Sign in to the CloudWatch console.
  3. In the left navigation pane, select Settings.
  4. Next to Monitoring account configuration, choose Resources to link accounts.
  5. Choose Any account to receive a template or URL to set up individual accounts as source accounts.
  6. Choose either Download CloudFormation template or Copy URL.
  7. (Optional) Repeat steps 5-6 to download the CloudFormation template and the URL.

Link the source accounts

Note: Before you begin to link source accounts, make sure that you have the necessary permissions.

To use a CloudFormation template to link individual accounts to the monitoring account, see Use an AWS CloudFormation template to set up individual source accounts.

To use a URL to link individual accounts to the monitoring account, complete the following steps:

  1. Sign in to the account that you want to use as a source account.
  2. Enter the URL that you copied from the monitoring account in a new browser window. The CloudWatch settings page appears with pre-populated data filled in:
    For Select data, choose if this source account shares logs, metrics, traces, and CloudWatch Application Insights to the monitoring account.
    For Enter monitoring account configuration ARN, don't change the ARN.
    For the Define a label to identify your source account section, data is pre-filled with the label choice from the monitoring account. Optionally, choose Edit to update.
  3. Choose Link.
  4. Enter Confirm in the box and choose Confirm.

Create an alarm for the source account metric in the monitoring account

Complete the following steps:

  1. Sign in to the CloudWatch console.
  2. In the navigation pane, choose Alarms, and then choose Create Alarm. When you choose Select metric, you can view metrics from the source account and the destination account. Also, you can filter the metrics by account IDs and labels.
  3. Select the metric that you want to monitor.
  4. Enter the required values for statistic, period, and threshold. Then, configure the alarm actions.
  5. Enter an alarm name and create the alarm.

Related information

CloudWatch cross-account observability

New-Amazon CloudWatch Cross-Account Observability

Create a CloudWatch alarm based on a static threshold

AWS OFFICIAL
AWS OFFICIALUpdated 10 months ago