Epsagon's integration to Amazon Web Services (AWS) provides:
- Get performance metrics, insights, and alerts for:
- ECS and Fargate clusters.
- Lambda functions.
- AppSync APIs.
- Show logs from CloudWatch Logs for any trace or resource.
- Show CloudWatch Metrics and events from any other AWS service.
- Integrate into EventBridge to get Epsagon alerts.
The integration doesn't require any manual setups. It is based on a predefined CloudFormation template that can be deployed using a simple, built-in AWS wizard.
Epsagon also provides the ability to deploy the stack through Terraform. For more information read here
To start the deployment:
- Go to the AWS integration section in your Epsagon settings page.
- Click on the deploy button, a new AWS tab will be opened. If you're not logged in, make sure to log in to the desired account.
- The CloudFormation quick create stack screen will open.
- Mark "I acknowledge that AWS CloudFormation might create IAM resources with custom names.", and click "create stack".
- Wait for stack creation, should take between 10-30 seconds. You can hit the refresh button until you get a green CREATE_COMPLETE.
- Go back to the AWS integration section, and hit the refresh button. You should see your newly integrated AWS account in the table.
- ECS clusters, Lambda functions, and AppSync APIs should get populated in the next several minutes across your dashboard.
Integrate multiple AWS accounts
With Epsagon, you can integrate as many AWS accounts that you want. Just follow the deployment process on each account that you wish to integrate.
Step by step instructions with screenshots:
To help you remember if a trace, a resource or an alert comes from the production, staging, QA, dev or any other environment, you can alias (name) an integrated AWS account.
To do that, go to the AWS integration section in your Epsagon settings page, and just set or edit the name of any account in the table by clicking the edit icon:
The stack creates a role with the following policies and permissions:
[ // Read data and correlate logs from CloudWatch "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess", // Lambda monitoring "arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess", // Enriching data on Step Functions "arn:aws:iam::aws:policy/AWSStepFunctionsReadOnlyAccess", // Enriching data from X-Ray "arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess", // Showing metrics for AWS resources from CloudWatch Metrics and Events "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess", // AppSync monitoring "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs", "arn:aws:iam::aws:policy/AWSAppSyncAdministrator" ]
[ // Subscribing logs directly from CloudWatch Logs to Epsagon "logs:PutSubscriptionFilter", "logs:DeleteSubscriptionFilter", // Enabling auto-tracing for Lambda functions through Epsagon "lambda:UpdateFunctionConfiguration", // Enriching AWS Batch jobs data "batch:Describe*", // ECS monitoring "ecs:Describe*", "ecs:List*", // EC2 metadata for ECS monitoring "ec2:Describe*", "ec2:Get*", "application-autoscaling:Describe*", "autoscaling:Describe*", "elasticloadbalancing:Describe*", "iam:PassRole" ]
If needed, we can customize the permissions to fit your needs. Contact us for more information.
If you encounter any issue or error during the setup please contact us through the help widget.
Updated 2 months ago