CloudWatch

​

Overview

​

Key Features:

• Webhook Integration: Facilitates automatic subscription to AWS SNS topics linked with CloudWatch alarms, ensuring that Keep is notified of all relevant alarms.
• Support for Custom SNS Topics: Allows the use of both pre-existing SNS topics and the specification of custom SNS topics for alarm notifications.
• Broad Monitoring Scope: Utilizes CloudWatch’s comprehensive alarm system to monitor application and infrastructure health.
• Adaptable Authentication: Accommodates both permanent and temporary AWS credentials to suit various security and operational requirements.

​

Connecting with the Provider

• An AWS account with permissions to access CloudWatch and SNS services.
• A configured Keep account with API access.
• Appropriate AWS IAM permissions for the CloudWatch provider.

​

Setting Up the Integration

​

Authentication

• region: AWS region (required: True, sensitive: False)
• access_key: AWS access key (Leave empty if using IAM role at EC2) (required: False, sensitive: True)
• access_key_secret: AWS access key secret (Leave empty if using IAM role at EC2) (required: False, sensitive: True)
• session_token: AWS Session Token (required: False, sensitive: True)
• cloudwatch_sns_topic: AWS Cloudwatch SNS Topic [ARN or name] (required: False, sensitive: False)
• protocol: Protocol to use for the webhook (required: True, sensitive: False)

• cloudwatch:DescribeAlarms: Required to retrieve information about alarms. (mandatory) (Documentation)
• cloudwatch:PutMetricAlarm: Required to update information about alarms. This mainly use to add Keep as an SNS action to the alarm. (Documentation)
• sns:ListSubscriptionsByTopic: Required to list all subscriptions of a topic, so Keep will be able to add itself as a subscription. (Documentation)
• logs:GetQueryResults: Part of CloudWatchLogsReadOnlyAccess role. Required to retrieve the results of CloudWatch Logs Insights queries. (Documentation)
• logs:DescribeQueries: Part of CloudWatchLogsReadOnlyAccess role. Required to describe the results of CloudWatch Logs Insights queries. (Documentation)
• logs:StartQuery: Part of CloudWatchLogsReadOnlyAccess role. Required to start CloudWatch Logs Insights queries. (Documentation)
• iam:SimulatePrincipalPolicy: Allow Keep to test the scopes of the current user/role without modifying any resource. (Documentation)

​

In workflows

steps:
    - name: Query cloudwatch
      provider: cloudwatch
      config: "{{ provider.my_provider_name }}"
      with:
        log_group: {value}
        log_groups: {value}
        remove_ptr_from_results: {value}
        query: {value}
        hours: {value}

• retrieve_cloudwatch_logs.yaml
• slack_basic.yml
• slack_basic_cel.yml

​

Steps:

1. Configure AWS IAM Roles: Ensure the IAM role used by the CloudWatch provider has permissions for cloudwatch:DescribeAlarms, cloudwatch:PutMetricAlarm, sns:ListSubscriptionsByTopic, and other relevant actions.
2. Specify Authentication Details: In the Keep platform, enter the AWS Access Key, Secret, and Region details in the CloudWatch provider configuration.
3. Set Up SNS Topic (Optional): If using a custom SNS topic, specify its ARN or name in the provider configuration. Keep will use this topic to listen for alarm notifications.
4. Activate the Provider: Finalize the setup in Keep to start receiving CloudWatch alarms.

​

Troubleshooting

• Ensure the AWS credentials provided have the correct permissions and are not expired.
• Verify that the SNS topics are correctly configured to send notifications to Keep.
• Check the CloudWatch alarms to ensure they are active and correctly configured to trigger under the desired conditions.

​

Webhook Integration Modifications

• cloudwatch:DescribeAlarms

​

Useful Links

• AWS CloudWatch Documentation
• AWS SNS Documentation