Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Amazon Introduces Cloudwatch Cross Account Alarms to Consolidate Management

Amazon Introduces Cloudwatch Cross Account Alarms to Consolidate Management

This item in japanese

Amazon CloudWatch recently announced cross account alarms, a new feature that enables customers to set alerts and take actions based on changes to metrics across different AWS accounts.

Cross account alarms provide alerting based on metrics in different AWS accounts and can be used in combination with existing cross account dashboards to centralize operational visibility. Furthermore It is possible to combine metrics from different accounts using the metric math and organize cross account alarms into hierarchies using composite alarms in the monitoring account.

As the cloud provider supports AWS Organizations and encourages the usage of multiple AWS accounts for compliance and to create isolation barriers, the inability to set cross account alarms was a limitation for many deployments. Among the suggested use cases for the new feature is the setup of a dedicated monitoring AWS account that the SRE team uses to monitor and troubleshoot production deployments on different accounts in a centralized way. Corey Quinn comments on the latest feature in his newsletter:

The "wait, customers have multiple accounts" realization has made it to the CloudWatch team. Oh, happy day!

Nilesh Roy, technical specialist at Momentum Metropolitan Services, comments: "Single account Monitoring instead of duplicating efforts". David Macias, independent consultant, tweets: "That's hugely needed, awesome job!"

Amazon explains that the feature can be enabled with three steps in the AWS management console:

To get started, first enable cross account permissions to give your monitoring account visibility on metrics in other AWS accounts. Then navigate to the CloudWatch alarms console and click Create Alarm. You will be able to search and select metrics from accounts you have granted permissions to view.

Enabling an AWS account to view cross-account CloudWatch data triggers the creation of a service-linked role AWSServiceRoleForCloudWatchCrossAccount that CloudWatch uses in the monitoring account to access data shared from the other accounts. AWS provides a page with information and examples on how to enable cross-account functionality in CloudWatch, how to integrate with AWS Organizations and how to troubleshoot the most common errors in a CloudWatch cross-account setup.

CloudWatch also allows cross-account and cross-region dashboards to allow centralized visibility of metrics, and logs across a group of related accounts without having to centralize data. With both cross account alarms and dashboards, there is no forwarding or duplication of data across accounts. Cross account alarms are available in all AWS regions and the standard CloudWatch alarm pricing applies.

Rate this Article