Alarming options with CloudWatch
Performing one-time and automated analysis of important metrics helps you detect and resolve issues before they impact your workloads. CloudWatch makes it easy to graph and compare multiple metrics by using multiple statistics over a specific time period. You can use CloudWatch to search across all metrics with the required dimension values to find the metrics that you need for your analysis.
We recommend that you begin your metrics capture approach by including an initial set of metrics and dimensions to use as a baseline for monitoring a workload. Over time, the workload matures and you can add additional metrics and dimensions to help you further analyze and support it. Your applications or workloads might use multiple AWS resources and have their own custom metrics, you should group these resources under a namespace to make them easier to identify.
You should also consider how logging and monitoring data is correlated so that you can quickly identify the relevant logging and monitoring data to diagnose specific issues. You can use CloudWatch ServiceLens to correlate traces, metrics, logs, and alarms for diagnosing issues. You should also consider including additional dimensions in metrics and identifiers in logs for your workloads to help you quickly search for and identify issues across systems and services.
Using CloudWatch alarms to monitor and alarm
You can use CloudWatch alarms to reduce manual monitoring in your workloads or applications. You should begin by reviewing the metrics that you are capturing for each workload component and determine the appropriate thresholds for each metric. Make sure that you identify which team members must be notified when a threshold is breached. You should establish and target distribution groups, rather than individual team members.
CloudWatch alarms can integrate with your service management solution to automatically create new tickets and run operational workflows. For example, AWS provides the AWS Service Management Connector for ServiceNow and Jira Service Desk to help you quickly set up integrations. This approach is critical to ensuring that raised alarms are acknowledged and aligned to your existing operations workflows that might already be defined in these products.
You can also create multiple alarms for the same metric that have different thresholds and
evaluation periods, which helps establish an escalation process. For example, if you have a
OrderQueueDepth metric that tracks customer orders, you might define a lower
threshold over a short one-minute average period that notifies application team members by email
or Slack. You can also define another alarm for the same metric over a longer 15-minute
period at the same threshold and that pages, emails, and notifies the application team and
application team's lead. Finally, you can define a third alarm for a hard average threshold over
a 30-minute period that notifies upper-management and notifies all team members previously
notified. Creating multiple alarms helps you take different actions for different conditions. You
can begin with a simple notification process and then adjust and improve it as required.
Using CloudWatch anomaly detection to monitor and alarm
You can use CloudWatch anomaly detection if you are unsure about the thresholds to apply for a particular metric or if you want an alarm to automatically adjust the threshold values based on observed, historical values. CloudWatch anomaly detection is particularly useful for metrics that might have regular, predictable changes in activity, for example, daily purchase orders for same-day delivery increasing before a cutoff time. Anomaly detection enables thresholds that adjust automatically and can help reduce false alarms. You can enable anomaly detection for each metric and statistic, and configure CloudWatch to alarm based on outliers.
For example, you can enable anomaly detection for the CPUUtilization metric and
the AVG statistic on an EC2 instance. Anomaly detection then uses up to 14 days of
historical data to create the machine learning (ML) model. You can create multiple alarms with
different anomaly detection bands to establish an alarm escalation process, similar to creating
multiple standard alarms with different thresholds.
For more information about this section, see Creating a CloudWatch alarm based on anomaly detection in the CloudWatch documentation.
Alarming across multiple Regions and accounts
Application and workload owners should create application-level alarms for workloads that span multiple Regions. We recommend creating separate alarms within each account and Region that your workload is deployed in. You can simplify and automate this process by using account and Region agnostic AWS CloudFormation StackSets and templates to deploy application resources with the required alarms. templateYou can configure the alarm actions to target a common Amazon Simple Notification Service (Amazon SNS) topic, which means the same notification or remediation action is used regardless of the account or Region.
In multi-account and multi-Region environments, we recommend that you create aggregated
alarms for your accounts and Regions to monitor account and Regional issues by using AWS CloudFormation
StackSets and aggregate metrics, such as average CPUUtilization across all EC2
instances.
You should also consider creating standard alarms for each workload that is configured for the standard CloudWatch metrics and logs that you capture. For example, you can create a separate alarm for each EC2 instance that monitors the CPU utilization metric and notifies a central operations team when average CPU utilization is over 80% on a daily basis. You can also create a standard alarm that monitors average CPU utilization under 10% on a daily basis. These alarms help the central operations team to work with specific workload owners to change the size of the EC2 instances when required.
Automating alarm creation with EC2 instance tags
Creating a standard set of alarms for your EC2 instances can be time consuming,
inconsistent, and error prone. You can accelerate the alarm creation process by using the
amazon-cloudwatch-auto-alarms
