AWS CloudWatch
The Integration Poller continuously pulls metrics from AWS CloudWatch and feeds them into InfraSage for anomaly detection and RCA.
Supported AWS Services
| Service | Metrics Pulled |
|---|---|
| EC2 | CPUUtilization, NetworkIn/Out, DiskReadBytes/WriteBytes, StatusCheckFailed |
| RDS | CPUUtilization, DatabaseConnections, FreeStorageSpace, ReadLatency, WriteLatency |
| Lambda | Duration, Errors, Throttles, ConcurrentExecutions, Iterator Age |
| ALB | RequestCount, TargetResponseTime, HTTPCode_Target_5XX_Count, HealthyHostCount |
| DynamoDB | ConsumedReadCapacityUnits, ConsumedWriteCapacityUnits, SuccessfulRequestLatency |
| S3 | BucketSizeBytes, NumberOfObjects, AllRequests, 4xxErrors, 5xxErrors |
| SNS | NumberOfMessagesPublished, NumberOfNotificationsFailed |
Configuration
Prerequisites
The Integration Poller needs AWS credentials with cloudwatch:GetMetricData and cloudwatch:ListMetrics permissions.
Using IAM role (recommended for EC2/ECS/EKS):
Attach this policy to your instance/task role:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics"
],
"Resource": "*"
}
]
}
Using access keys (for non-AWS environments):
AWS_REGION=us-east-1
AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Polling Configuration
# How often to poll CloudWatch (seconds)
CLOUDWATCH_POLL_INTERVAL_SECONDS=60
# AWS region
AWS_REGION=us-east-1
# Optional: filter to specific namespaces
CLOUDWATCH_NAMESPACES=AWS/EC2,AWS/RDS,AWS/Lambda
What Gets Ingested
For each CloudWatch metric, InfraSage creates a telemetry record with:
service_id— derived from the AWS resource identifier (e.g.,ec2-i-0abc12345,rds-mydb)metric_name— CloudWatch metric name in snake_case (e.g.,cpu_utilization)value— the metric value at the polling timestampattributes— AWS resource dimensions (InstanceId, DBInstanceIdentifier, FunctionName, etc.)
SNS Subscriptions (Push Mode)
Instead of polling, you can push CloudWatch alarms to InfraSage via SNS:
- Create an SNS topic in your AWS account
- Subscribe the InfraSage webhook endpoint:
https://your-infrasage-host:9093/api/v1/alerts/webhook
- Configure CloudWatch Alarms to publish to the SNS topic
- InfraSage receives alarm state changes in real time
Example: Monitoring EC2 Fleet
After configuring CloudWatch integration, InfraSage will automatically detect anomalies on your EC2 instances:
# View CloudWatch-sourced metrics in ClickHouse
docker exec infrasage-clickhouse clickhouse-client \
--user infrasage --password infrasage-dev \
--query "
SELECT service_id, metric_name, avg(value) AS avg, max(value) AS peak
FROM infrasage.infrasage_raw_firehose
WHERE attributes LIKE '%AWS/EC2%'
AND timestamp > now() - INTERVAL 1 HOUR
GROUP BY service_id, metric_name
ORDER BY peak DESC
LIMIT 20
"
Verification
# Check poller is running
docker logs infrasage-integration-poller -f | grep -i cloudwatch
# Verify data flowing in
curl -s 'http://localhost:9999/api/v1/query?query=infrasage_cloudwatch_metrics_total'