Using Amazon CloudWatch with AWS Global Accelerator - AWS Global Accelerator

Using Amazon CloudWatch with AWS Global Accelerator

AWS Global Accelerator publishes data points to Amazon CloudWatch for your accelerators. CloudWatch enables you to retrieve statistics about those data points as an ordered set of time-series data, known as metrics. Think of a metric as a variable to monitor, and the data points as the values of that variable over time. For example, you can monitor traffic through an accelerator over a specified time period. Each data point has an associated time stamp and an optional unit of measurement.

Note

You must view CloudWatch metrics and logs for Global Accelerator in the US West (Oregon) Region, both in the console or when using the AWS CLI. When you use the AWS CLI, specify the US West (Oregon) Region for your command by including the following parameter: --region us-west-2.

You can use metrics to troubleshoot an initial Global Accelerator setup, to help determine whether traffic is arriving at an endpoint, and then responses are returning. View the CloudWatch metrics, which are logged automatically, to see if traffic is making it to your endpoints, such as a Network Load Balancer. There should be metrics for outbound from Global Accelerator towards the endpoints, and then from Global Accelerator back to the client, and the same for an endpoint, such as a load balancer. Traffic flowing in from Global Accelerator but not back out, or not reaching the load balancer, can indicate that you need to verify that your configuration allows traffic to flow through the expected ports and that your security group settings allow access.

You can also use metrics to verify that your system is performing as you expect it to. For example, you can create a CloudWatch alarm to monitor a specified metric, and then take action (such as sending a notification to an email address) if the metric goes outside what you consider an acceptable range.

Global Accelerator reports metrics to CloudWatch only when requests are flowing through the accelerator. If requests are flowing through the accelerator, Global Accelerator measures and sends its metrics in 60-second intervals. If there are no requests flowing through the accelerator or there is no data for a metric, the metric is not reported.

For more information, see the Amazon CloudWatch User Guide.

Global Accelerator metrics

The AWS/GlobalAccelerator namespace includes the following metrics.

Metric Description
ActiveFlowCount

The total number of concurrent TCP and UDP connections from clients to endpoints for an accelerator in Global Accelerator. For TCP connections, which are terminated at the accelerator, a client opening a TCP connection to an endpoint counts as a single flow.

You can use this metric to better understand how many active users (connection count) are accessing an endpoint, or to determine if your resources need to be scaled to handle traffic.

Reporting criteria: Reported for accelerators that are configured and enabled.

Statistics: The only useful statistic is Sum.

Dimensions
  • Accelerator

  • Accelerator, Listener

  • Accelerator, Listener, EndpointGroup

  • Accelerator, SourceRegion

  • Accelerator, DestinationEdge

  • Accelerator, TransportProtocol

  • Accelerator, AcceleratorIPAddress

Flows_Dropped_No_Endpoint_Found

The total number of TCP IPv6 packet flows that were dropped because no IPv6 endpoints were available. This could happen, for example, if you had an accelerator with a dual-stack IP address type and you changed the IP address type to IPv4 for an endpoint for the accelerator.

Reporting criteria: Reported for accelerators with dual-stack IP address types that are receiving IPv6 traffic when one of the following occurs:

  • An accelerator with IPv6 endpoints serving traffic reports a 0 metric

  • An accelerator with misconfigured endpoints reports the total number of flows dropped

Statistics: The only useful statistic is Sum.

Dimensions
  • Accelerator

  • Accelerator, Listener

  • Accelerator, AcceleratorIPAddress

HealthyEndpointCount

The total number of endpoints that are considered healthy. Global Accelerator regularly checks the status of endpoints on standard accelerators. These health checks run automatically. How and when these health checks run depends on the type of endpoint and the health check options for the endpoint. To learn more, see Ensure health check access for your accelerator.

Reporting criteria: Reported for accelerators that are configured and enabled.

Statistics: The most useful statistics are Minimum and Maximum.

Dimensions
  • Accelerator

  • Accelerator, Listener

  • Accelerator, Listener, EndpointGroup

NewFlowCount

The total number of new TCP and UDP flows (or connections) established from clients to endpoints in the time period.

Reporting criteria: There is a nonzero value.

Statistics: The only useful statistic is Sum.

Dimensions
  • Accelerator

  • Accelerator, Listener

  • Accelerator, Listener, EndpointGroup

  • Accelerator, SourceRegion

  • Accelerator, DestinationEdge

  • Accelerator, TransportProtocol

  • Accelerator, AcceleratorIPAddress

  • Accelerator, NetworkProtocol

ProcessedBytesIn

The total number of incoming bytes processed by the accelerator, including TCP/IP headers. This count includes all traffic to endpoints.

Reporting criteria: There is a nonzero value.

Statistics: The only useful statistic is Sum.

Dimensions
  • Accelerator

  • Accelerator, Listener

  • Accelerator, Listener, EndpointGroup

  • Accelerator, SourceRegion

  • Accelerator, DestinationEdge

  • Accelerator, TransportProtocol

  • Accelerator, AcceleratorIPAddress

  • Accelerator, NetworkProtocol

ProcessedBytesOut

The total number of outgoing bytes processed by the accelerator, including TCP/IP headers. This count includes traffic from endpoints, minus health check traffic.

Reporting criteria: There is a nonzero value.

Statistics: The only useful statistic is Sum.

Dimensions
  • Accelerator

  • Accelerator, Listener

  • Accelerator, Listener, EndpointGroup

  • Accelerator, SourceRegion

  • Accelerator, DestinationEdge

  • Accelerator, TransportProtocol

  • Accelerator, AcceleratorIPAddress

  • Accelerator, NetworkProtocol

PacketsProcessed

The total number of packets processed by Global Accelerator for an accelerator, including traffic to and from endpoints, including health check traffic. This metric can help you to benchmark traffic volumes within a specific time period.

Reporting criteria: Reported for accelerators that are configured and enabled.

Statistics: The only useful statistic is Sum.

Dimensions
  • Accelerator

  • Accelerator, Listener

  • Accelerator, Listener, EndpointGroup

  • Accelerator, SourceRegion

  • Accelerator, DestinationEdge

  • Accelerator, TransportProtocol

  • Accelerator, AcceleratorIPAddress

UnhealthyEndpointCount

The total number of endpoints that are considered unhealthy. Global Accelerator regularly checks the status of endpoints on standard accelerators. These health checks run automatically. How and when these health checks run depend on the type of endpoint and the health check options for the endpoint. To learn more, see Ensure health check access for your accelerator.

Reporting criteria: Reported for accelerators that are configured and enabled.

Statistics: The most useful statistics are Minimum and Maximum.

Dimensions
  • Accelerator

  • Accelerator, Listener

  • Accelerator, Listener, EndpointGroup

TCP_AGA_Reset_Count

The total number of reset (RST) packets generated by AWS Global Accelerator ("AGA"). By using this metric, you can determine whether Global Accelerator is terminating client connections and sending resets back to the client endpoint.

For more information about evaluating and troubleshooting TCP RST generated by Global Accelerator, see Troubleshooting Global Accelerator TCP reset issues.

Reporting criteria: Reported when there is traffic and there is a nonzero value.

Statistics: The only useful statistic is Sum.

Dimensions
  • Accelerator

  • Accelerator, Listener

  • Accelerator, Listener, EndpointGroup

  • Accelerator, SourceRegion

  • Accelerator, DestinationEdge

  • Accelerator, AcceleratorIPAddress

TCP_Client_Reset_Count

The total number of reset (RST) packets sent from a client to an endpoint. By using this metric, you can determine whether a client can keep a connection open with Global Accelerator or if the connection is reset unexpectedly early. This is useful, for example, when you configure Global Accelerator initially, and for visibility when you make a change to clients that create connection resets.

For more information about evaluating and troubleshooting TCP RST generated by Global Accelerator, see Troubleshooting Global Accelerator TCP reset issues.

Reporting criteria: Reported when there is traffic and there is a nonzero value.

Statistics: The only useful statistic is Sum.

Dimensions
  • Accelerator

  • Accelerator, Listener

  • Accelerator, Listener, EndpointGroup

  • Accelerator, SourceRegion

  • Accelerator, DestinationEdge

  • Accelerator, AcceleratorIPAddress

TCP_Endpoint_Reset_Count

The total number of reset (RST) packets sent from an endpoint to a client. Using this metric, can help you determine when your client endpoints are overloaded.

For more information about evaluating and troubleshooting TCP RST generated by Global Accelerator, see Troubleshooting Global Accelerator TCP reset issues.

Reporting criteria: Reported when there is traffic and there is a nonzero value.

Statistics: The only useful statistic is Sum.

Dimensions
  • Accelerator

  • Accelerator, Listener

  • Accelerator, Listener, EndpointGroup

  • Accelerator, SourceRegion

  • Accelerator, DestinationEdge

  • Accelerator, AcceleratorIPAddress

Metric dimensions for accelerators

To filter the metrics for your accelerator, use the following dimensions.

Dimension Description
Accelerator

Filters the metric data by accelerator. Specify the accelerator by the accelerator id (the final portion of the accelerator ARN). For example, if the ARN is arn:aws:globalaccelerator::012345678901:accelerator/1234abcd-abcd-1234-abcd-1234abcdefgh, you specify the following: 1234abcd-abcd-1234-abcd-1234abcdefgh.

Listener

Filters the metric data by listener. Specify the listener by the listener id (the final portion of the listener ARN). For example, if the ARN is arn:aws:globalaccelerator::012345678901:accelerator/1234abcd-abcd-1234-abcd-1234abcdefgh/listener/0123wxyz, you specify the following: 0123wxyz.

EndpointGroup

Filters the metric data by endpoint group. Specify the endpoint group by the AWS Region, for example, us-east-1 (all lowercase).

SourceRegion

Filters the metric data by source region, which is the geographic area of the AWS Regions where your application endpoints are running. Source region is one of the following:

  • NA – United States and Canada

  • EU – Europe

  • AP – Asia Pacific*

  • KR – South Korea

  • IN – India

  • AU – Australia

  • ME – Middle East

  • SA – South America

  • ZA – South Africa

*Excluding South Korea and India

DestinationEdge

Filters the metric data by destination edge, which is the geographic area of the AWS edge locations that serve your client traffic. Destination edge is one of the following:

  • NA – United States and Canada

  • EU – Europe

  • AP – Asia Pacific*

  • KR – South Korea

  • IN – India

  • AU – Australia

  • ME – Middle East

  • SA – South America

  • ZA – South Africa

*Excluding South Korea and India

TransportProtocol

Filters the metric data by transport protocol: UDP or TCP.

AcceleratorIPAddress

Filters the metric data by the IP address of the accelerator: that is, one of the static IP addresses assigned to an accelerator.

Troubleshooting Global Accelerator TCP reset issues

Each accelerator reports the number of TCP Resets (TCP RSTs) that were generated and sent from Global Accelerator. The following are common reasons that Global Accelerator sends a TCP Reset:

  • Global Accelerator marks a TCP connection as closed when either the client or the endpoint closes the connection, using FIN handshake or Reset. If the client or endpoint sends data packets on a closed TCP connection, then Global Accelerator generates a TCP Reset to indicate that the connection is closed and cannot accept traffic.

  • If a client or endpoint sends data after the idle timeout period elapses, it receives a TCP Reset packet from Global Accelerator to indicate that the connection is no longer valid.

  • If Global Accelerator receives an unexpected packet while building the connection with either the client or the endpoint during the TCP handshake, Global Accelerator generates a TCP Reset.

If you see a stable number of AGA_Reset_Count metrics for an accelerator, this is because the client or the endpoint sent data towards Global Accelerator to a closed or expired connection.

If you notice a sharp increase in AGA_Reset_Count metrics and the increase aligns with related metrics changes on the endpoint side, such as a scale up, scale down, or an unhealthy endpoint, the endpoint might have become unreachable and triggered the Global Accelerator TCP Reset. For help investigating this issue, contact AWS support.

Statistics for Global Accelerator metrics

CloudWatch provides statistics based on the metric data points published by Global Accelerator. Statistics are aggregations of metric data over a specified period of time. When you request statistics, the returned data stream is identified by the metric name and dimension. A dimension is a name/value pair that uniquely identifies a metric. For example, you can request the processed bytes out for an accelerator where the bytes are served from AWS edge locations in Europe (destination edge is "EU").

The following are examples of metric/dimension combinations that you might find useful:

  • View the amount of traffic served (such as ProcessedBytesOut) by each of your two accelerator IP addresses to validate that your DNS configuration is correct.

  • View the geographical distribution of your user traffic and monitor how much of it is local (for example, North America to North America) or global (for example, Australia or India to North America). To determine this, view the metrics ProcessedBytesIn or ProcessedBytesOut with the dimensions DestinationEdge and SourceRegion set to specific values.

  • View the number of unhealthy endpoints across your accelerator, and determine which endpoint groups they belong to. If you have a large number of endpoint groups, this is especially useful to help you quickly find endpoint groups with endpoints that are experiencing issues. To determine this, view the metric UnhealthyEndpointCount with the dimensions Accelerator, Listener, and EndpointGroup.

View CloudWatch metrics for your accelerators

You can view the CloudWatch metrics for your accelerators using the CloudWatch console or the AWS CLI. In the console, metrics are displayed as monitoring graphs. The monitoring graphs show data points only if the accelerator is active and receiving requests.

You must view CloudWatch metrics for Global Accelerator in the US West (Oregon) Region, both in the console or when using the AWS CLI. When you use the AWS CLI, specify the US West (Oregon) Region for your command by including the following parameter: --region us-west-2.

To view metrics using the CloudWatch console, follow the steps in the Amazon CloudWatch User Guide and select the GlobalAccelerator namespace. To learn more, see View available metrics.

To get the statistics for a metric using the AWS CLI

Use the following get-metric-statistics command to get statistics for a specified metric and dimension. Note that CloudWatch treats each unique combination of dimensions as a separate metric. You can't retrieve statistics using combinations of dimensions that were not specifically published. You must specify the same dimensions that were used when the metrics were created.

The following example lists the total processed bytes in, per minute, for your accelerator serving from the North America (NA) destination edge.

aws cloudwatch get-metric-statistics --namespace AWS/GlobalAccelerator \ --metric-name ProcessedBytesIn \ --region us-west-2 \ --statistics Sum --period 60 \ --dimensions Name=Accelerator,Value=1234abcd-abcd-1234-abcd-1234abcdefgh Name=DestinationEdge,Value=NA \ --start-time 2019-12-18T20:00:00Z --end-time 2019-12-18T21:00:00Z

The following is example output from the command:

{ "Label": "ProcessedBytesIn", "Datapoints": [ { "Timestamp": "2019-12-18T20:45:00Z", "Sum": 2410870.0, "Unit": "Bytes" }, { "Timestamp": "2019-12-18T20:47:00Z", "Sum": 0.0, "Unit": "Bytes" }, { "Timestamp": "2019-12-18T20:46:00Z", "Sum": 0.0, "Unit": "Bytes" }, { "Timestamp": "2019-12-18T20:42:00Z", "Sum": 1560.0, "Unit": "Bytes" }, { "Timestamp": "2019-12-18T20:48:00Z", "Sum": 0.0, "Unit": "Bytes" }, { "Timestamp": "2019-12-18T20:43:00Z", "Sum": 1343.0, "Unit": "Bytes" }, { "Timestamp": "2019-12-18T20:49:00Z", "Sum": 0.0, "Unit": "Bytes" }, { "Timestamp": "2019-12-18T20:44:00Z", "Sum": 35791560.0, "Unit": "Bytes" } ] }