Integrating Your Cloud Provider

Sysdig Monitor extends your monitoring capabilities by integrating with several leading cloud service providers to poll for additional information including host tags, meta data and additional cloud based metrics. In the case of Amazon Web Services, Sysdig Monitor can also integrate CloudWatch metrics into your views and dashboards, allowing you to explore data from the AWS services RDS, EC2, ECS, and ELB alongside your existing Sysdig agent data.

Configuring integration is a two step process: create a user account with correct credentials in your cloud infrastructure, then add it to the Sysdig Monitor web interface Cloud Providers tab.  

These instructions guide you on creating a user account, assigning a permissions policy, obtaining the required credentials for integration and then supplying the information in the Sysdig Monitor web interface and turning metrics polling on. 

 

Part I: Create Infrastructure Account

Amazon AWS

Create a user account in the AWS Identity & Access Management (IAM) console page (Users section) then edit the user account and set the permissions policy for it via the Permissions > Attach Policy function.  Select the pre-configured "ReadOnlyAccess" managed policy for a safe and secure choice.

For finer-grained permissions instead, you can use the Permissions > Inline Policies "click here" button and then choose Custom Policy > Select and enter the following custom policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "autoscaling:Describe*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"dynamodb:ListTables",
"ec2:Describe*",
"ecs:Describe*",
"ecs:List*", "elasticache:DescribeCacheClusters",
"elasticache:ListTagsForResource", "elasticloadbalancing:Describe*",
"rds:Describe*", "rds:ListTagsForResource",
"sqs:ListQueues",
"sqs:GetQueueAttributes",
"sqs:ReceiveMessage" ], "Effect": "Allow", "Resource": "*" } ] }

After saving the user account and policy, provide the "Access Key ID" and "Secret Access Key" to Sysdig Monitor as shown in the Part II section below. The Key ID and Secret Access Key should have been supplied when first creating the IAM account. You can create an additional ID and Key from the Security Credentials > Create Access Key button on the same IAM User page.  

Part II: Enable Polling in Sysdig Monitor

Once the user account and permissions policy are setup, enter that account's credentials into the Settings > Cloud Providers tab by clicking the 'Add Your Cloud Provider' button which appears when initially adding a provider.

Sysdig_Monitor_-_Settings.png

 

 

After adding your cloud provider(s) you should see an 'OK' check mark under the Status column after a moment.  If an error appears, please recheck the credentials - the most common reason for failure are typos.   The final step is to turn on polling for your providers metrics by clicking "Enable Integration" - verify polling is on with the status next to the button:

 

Sysdig_Monitor_-_Settings.png

 

You can Use the Add button for additional cloud providers. To remove any entry, simply click the provider's line and then 'Remove'. 

For Amazon integrations you have the added option of polling for CloudWatch information for your distributed services (RDS, EC2, ELB, and Elasticache). When enabled, you will see metrics reported in the AWS Services views in the Explore tab. To turn Cloudwatch reporting on or off, click the Enable/Disable Integration button under the Amazon Cloudwatch Integration section. 

Note: With CloudWatch enabled for Amazon, Sysdig Monitor polls the CloudWatch API every 5 minutes, which will generate a small additional charge from AWS. Please see the Amazon CloudWatch Pricing page for details.

Have more questions? Submit a request