OpsRamp integrates seamlessly with AWS Cloud Watch Alarms, AWS Events and AWS CloudTrail. Just enter the Amazon Simple Queue Service (SQS) URL while creating a discovery profile. Amazon Simple Notification Service (SNS) works with Amazon SQS to provide a powerful messaging solution for building cloud applications that are easy to scale.

Subscribe an Amazon SQS queue to an Amazon SNS topic. You can publish a message to the topic and Amazon SNS sends an Amazon SQS message to the subscribed queue. The Amazon SQS message includes the subject and message that were published to the topic including the metadata of the message.

Configure Amazon SNS and Amazon SQS

Step 1: Create an Amazon SNS topic

  1. Log into your AWS management console.
  2. Create an SNS topic. See creating an Amazon SNS topic, for more details. The topic Name, ARN, (optional) Display name, and Topic owner AWS account ID are displayed in the Details section.

AWS events

If the Amazon CloudWatch rules or Amazon SNS topics are created through automation, add the following policy because this is not included in the default policy. AWS adds this block in SNS policy when an Amazon CloudWatch rule is created manually in AWS console.

{
   "Sid": "AWSEvents_RULE-NAME_IdRANDOM-NUMBER-STRING",
   "Effect": "Allow",
   "Principal": {
     "Service": "events.amazonaws.com"
   },
   "Action": "sns:Publish",
   "Resource": "SNS-TOPIC-ARN"
 }

Amazon CloudTrail

If the trail or SNS topics are created through automation, add the following policy because this is not included in the default policy created. AWS adds this policy in SNS policy when an SNS is added manually to a trail in the AWS portal.

{
      "Sid": "AWSCloudTrailSNSPolicyRANDOM-NUMBER-STRING",
      "Effect": "Allow",
      "Principal": {
        "Service": "cloudtrail.amazonaws.com"
      },
      "Action": "SNS:Publish",
      "Resource": "SNS-TOPIC-ARN"
    }

Step 2: Create a queue in Amazon SQS

  1. Navigate to Amazon SQS.
  2. Create a queue. See creating a queue, for more details.
  3. Add an Access policy as defined in the given table according to the respective service.
  4. Amazon SQS creates the queue and displays the queue details page. The queue details such as ARN, URL, and type are displayed in the Details section.
  5. Subscribe to the Amazon SNS topic created in step 1.
  6. Copy the Amazon SQS URL to the clipboard or a text editor such as Notepad. The Amazon SNS topic and Amazon SQS URL must be unique for Amazon CloudWatch Alarm, CloudWatch Event, and CloudTrail.

Access Policy under the Permissions tab.

ServicesPermissions
AWS EventsActions:
  • SQS:SendMessage
  • SQS:DeleteMessage
  • SQS:ReceiveMessage
Amazon CloudTrail EventsActions:
  • SQS:SendMessage
  • SQS:DeleteMessage
  • SQS:ReceiveMessage
AssumeRole/External IDSQS:
  • SQS:ListQueueTags
  • SQS:ListQueues
  • SQS:GetQueueUrl
  • SQS:GetQueueAttributes
  • SQS:ReceiveMessage
  • SQS:SendMessage
  • SQS:DeleteMessage
S3:
  • s3:Get*
  • s3:List*

Configure Amazon CloudTrail

AWS CloudTrail generates events when there is a change such as launching or termination of an instance. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. These events are captured through the CloudTrail SQS URL to create metrics and trigger alerts. This is beneficial in scheduled discovery so any event change is immediately notified and an alert created.

Prerequisites

  1. Create an Amazon S3 bucket where all log files can be stored.
  2. Create an Amazon SNS topic.
  3. Create an Amazon SQS subscription and link it to the Amazon SNS topic.

Steps

  1. Log in to your AWS management console.
  2. Go to Amazon CloudTrail.
  3. On the Dashboard, click Create Trail. See AWS documentation on creating a trail.
  4. While creating the trail, under Storage location, click Advanced.
  5. Set Send SNS notification for every log file delivery to Yes.
Configuring Amazon CloudTrail

  1. Select the Amazon SNS topic and click Create Trail.

    The SNS topic should be unique to the trail created. Use the Amazon SQS URL associated with the Amazon SNS topic to configure Amazon CloudTrail while creating or updating discovery profile in OpsRamp for AWS integration. Amazon CloudTrail is now configured to send events to OpsRamp console.

Configure Amazon CloudWatch alarms

Amazon CloudWatch monitors your AWS services and the applications you run on AWS in real-time. You can use CloudWatch Alarms to collect and track metrics. You can define alarms to send notifications or automatically make changes to the resources you are monitoring when a threshold is breached.

Prerequisites

  • Create an SNS topic unique to CloudWatch Alarm.
  • Create an SQS subscription unique to CloudWatch Alarm.

Steps

  1. Sign in to your AWS management console.
  2. Navigate to Amazon CloudWatch.
  3. Click Create Alarm. To set up CloudWatch alarm, see How to create a CloudWatch Alarm Based on a Static Threshold.
  4. Specify the metric conditions and click Next.
  5. From the Configure Actions page, select the In Alarm (The metric or expression is outside of the defined threshold) option.
  6. Select an Amazon SNS topic created earlier to send notification for CloudWatch alarms.
  7. Click Add notification.
  8. Select the OK (The metric or expression is within the defined threshold) option.
  9. Select an SNS topic and click Next.

Choose the same SNS topic for both the options of notifications.

  1. Enter a unique name for the alarm and a description (optional).
  2. Click Next. A preview page opens displaying the configuration details of the alarm.
  3. Click Create alarm.

Amazon CloudWatch Alarm is now configured to send notifications to OpsRamp.