How to Consolidate AWS CloudWatch Metrics Into a Single Dashboard

Managing AWS CloudWatch metrics is often a tedious and complicated process. There isn’t always the visibility you need into your application’s health, which can lead to missed alerts or worse yet, problems that could have been caught long before they reached critical levels. By consolidating these metrics together in one place with an easy-to-use dashboard, you will be able create more clear visuals of how your system is performing on each resource level so that any time something goes wrong there are fewer blind spots for resources.

The “how to create metrics in cloudwatch” is a tutorial that will show you how to consolidate your AWS CloudWatch Metrics into a single dashboard.

Do you have a lot of Amazon Web Services (AWS) accounts to manage? Switching between accounts to monitor workloads becomes more difficult as the number of accounts grows. Isn’t it nice to have a single dashboard that shows all of your CloudWatch metrics? You certainly can!

This guide will show you how to connect your numerous AWS accounts to exchange data and see it all in one place. Finally, you’ll be able to monitor your AWS resources without having to move back and forth between accounts.

Let’s get going!

Prerequisites

This page will serve as a guide. Make sure you have the following items if you intend on following along step-by-step.

  • An Amazon Web Services (AWS) organization. To learn how to construct and manage an organization, go to Creating and managing an organization.
  • This article’s sample will work with AWS Free Tier accounts. And you’ll need three for this instruction.
    • An Amazon Web Services management account (the one you used to create the organization). This account will be used to set up the consolidated dashboard and will be used to monitor CloudWatch. This account is referred to as AWSLAB901 throughout this article.
    • An Amazon Web Services member account (the account you invited/added to your AWS organization). With the account name AWSLAB902, this account will function as the CloudWatch sharing account.
    • A third Amazon Web Services account that is not part of your AWS business (standalone). With the account name AWSLAB903, this account will be used as a CloudWatch sharing account.
  • At least one CloudWatch dashboard must already exist in your AWS shared accounts. If you don’t already have one, create one for the sharing accounts. Each sharing account will have a dashboard that displays the CPU usage measure of a virtual machine in this article.
  • Each of your AWS accounts must have an Account ID.

Configuring the Sharing Account

AWS does not enable access to AWS services data across AWS accounts by default, even if they are part of the same company. You must allow cross-account data sharing on your shared accounts to modify this default limitation.

When you enable cross-account data sharing, the monitoring account has access to the data from your sharing accounts. The monitoring account may then use the pooled CloudWatch metrics data to populate the consolidated dashboard.

Allowing Data Sharing Between Accounts

You must first authorize cross-account sharing of CloudWatch data From the Account for Sharings before you can access CloudWatch data from the centralized monitoring account. Follow the instructions below to do so.

1. Go to the CloudWatch Management Console in your web browser and log in to your AWS member account (AWSLAB902).

2. Select Settings from the left-hand pane, then Configure under the Cross-account cross-region section, as shown below.

Cross-account opening the sharing account's cross-region settingsCross-account opening the sharing account’s cross-region settings

3. In the Share your CloudWatch data section of the Cross-account cross-region page, select Share data.

Opening Your CloudWatch data settings should be shared.Opening Your CloudWatch data settings should be shared.

4. Select the Specific accounts option in the Sharing section and click the Add account button to see the Account ID field. Then, in the Account ID box, write in the monitoring account ID.

By inputting the Account ID of the other monitoring accounts, you may share your CloudWatch data with several AWS monitoring accounts.

Sharing the ID of the Monitoring AccountSharing the ID of the Monitoring Account

5. Go to the Permissions section and scroll down. Select Full read-only access to everything in your account under the CrossAccountSharingRole. By selecting this option, the monitoring account will have read-only access to all of the data in the sharing account.

Giving the monitoring account permissionGiving the monitoring account permission

6. Scroll down to the Create CloudFormation stack section and click the Launch CloudFormation template button after choosing the permission.

A CloudFormation stack is a collection of resources formed when a CloudFormation template is deployed.

The CloudFormation template is being launched.The CloudFormation template is being launched.

7. Type Confirm into the box on the confirmation window that appears, then click Launch Template. This action will open the template in a new tab in your browser.

Confirming the CloudFormation template's debutConfirming the CloudFormation template’s debut

8. Scroll down to the bottom of the Quick create stack page in the new browser tab and tick the I agree that AWS CloudFormation could create IAM resources with custom names box. Finally, press the Create stack button.

Putting together the CloudFormation stack Putting together the CloudFormation stack

On your AWS account, the CloudFormation stack generates a new Identity and Access Management (IAM) role named CloudWatch-CrossAccountSharingRole. If necessary, you may change the role’s trust relationship to provide access to just specified people or to share your data with several monitoring accounts.

9. You will then be sent to the CloudWatch-CrossAccountSharingRole page. The CloudFormation stack construction may be seen on this page. To update the progress, use the refresh button. When the stack is finished, you should get something similar to the status displayed below.

Observing the stack construction processObserving the stack construction process

10. Return to the CloudWatch Management Console browser tab after creating the CloudFormation stack. Click Done at the bottom of the page.

completing the data sharing between accountscompleting the data sharing between accounts

11. On the shared account, you’ve now enabled cross-account CloudWatch metrics data sharing (AWSLAB902). To enable cross-account CloudWatch metrics data sharing on the standalone sharing account, repeat the previous procedures (AWSLAB903).

Data from CloudWatch Metrics is shared across several monitoring accounts.

Note: If you don’t want to have numerous monitoring accounts, you may skip this part. The result of the primary subject of this article will not be affected if you skip this part.

Having numerous AWS monitoring accounts in a company is a normal practice for most businesses. You may also share CloudWatch data with numerous monitoring accounts in this situation.

To share CloudWatch data with various monitoring accounts, follow the instructions below.

1. While still in the CloudWatch Management console, navigate back to Settings —> Configure —> (Cross-account cross-region) Configure.

2. Under Cross-account cross-region, choose Configure, then Manage role in IAM, as shown below.

IAM role management is now open.IAM role management is now open.

3. In the IAM service’s Roles section, select Edit trust relationship. This will open a JSON editor for the CloudWatch-CrossAccountSharingRole IAM role’s trust relationship.

The trust relationship editor is now open. The trust relationship editor is now open.

Converting YAML to JSON is a related topic.

4. Add the Amazon Resource Names (ARNs) of the monitoring account(s) to whom you’ll send the data as a new line within the Principal bracket of the policy document. You would change the trust relationship as shown below to add the root user of the AWS account ID 568979488220.

“AWS”: “arn:aws:iam::210986531319:root”, “AWS”: “arn:aws:iam::568979488220:root”, “AWS”: “arn:aws:iam::210986531319:root”, “AWS”: “arn:a

As a consequence, your trust relationship policy paper should resemble the image below. Click Update Trust Policy when you’ve finished modifying the policy.

Editing the policy on trust relationships Editing the policy on trust relationships

You now have access to your CloudWatch metrics data via a new monitoring account.

The CloudWatch-CrossAccountSharingRole IAM role's modified trust relationshipThe CloudWatch-CrossAccountSharingRole IAM role’s modified trust relationship

Establishing a Monitoring Account

Can you get the shared data from your monitoring account immediately away now that you’ve allowed cross-account data sharing on your sharing accounts? No, that is not the case. The shared data should already be accessible, but you must first setup your monitoring account before you can access it.

On the Monitoring Account, enable the AWS Account Selector.

Follow the procedures below to obtain cross-account shared data from your monitoring account.

1. Go to the CloudWatch Management Console and log in to your monitoring account using a different browser or a private/incognito browser (AWSLAB901).

2. In the left-hand pane, click Settings to see the CloudWatch settings page. Next, click Configure in the Cross-account cross-region section.

Opening the AWS monitoring account's cross-account cross-region settingsOpening the AWS monitoring account’s cross-account cross-region settings

3. Click Enable on the View cross-account cross-region page.

The enable button is pressed.The enable button is pressed.

4. Select one account selector type from the Enable account selector section. You have two choices:

  • AWS Organization Account Picker — This selector type displays a dropdown list of all the accounts in your organization. If you choose this option, the list will only show accounts that are part of your AWS organization.
  • Custom account selector — This selector enables you to manually fill a dropdown list picker with a list of account IDs. Accounts that are not members of your AWS organization are also included in this category.
  • Account Id Input — You must manually input the account ID of the account you want to see every time you wish to access its data using this choice.

The example below picks the Custom account selection type since this tutorial contains both a member and a solo account.

Enter the list of account IDs and accompanying labels you wish to display in the selection after selecting the selector type, as shown in the picture below. The account name is used as the label in the list below for simplicity.

After you’ve finished making your list, click Save changes.

The account selector is enabled.The account selector is enabled.

Installing and Configuring an AWS CloudWatch Windows Agent

Viewing the Metrics Dashboard for Shared CloudWatch

On the sharing accounts AWSLAB092 and AWSLAB093, you’ve already enabled cross-account CloudWatch metrics sharing. You also allowed your monitoring account to see CloudWatch data from other accounts.

Naturally, you’d want to know if your activities so far have had the desired effect. And what better method to double-check your configuration than to look at the sharing account’s CloudWatch metrics dashboard from your monitoring account? To do so, follow these steps.

1. In the CloudWatch Management Console for your monitoring account, go to the Dashboards option on the left pane. Only the dashboards specific to your account will appear on the list by default, as seen below.

Opening the monitoring account's CloudWatch dashboardCloudWatch interface for the monitoring account

2. Next, pick one of the sharing accounts you previously set from the selection box next to Access data to view the dashboards on those accounts. AWSLAB092 is selected in the example below. You’ll get a list of dashboards From the Account for Sharing after choosing the data source from the list.

The CloudWatch metrics source is chosen.The CloudWatch metrics source is chosen.

3. Select the dashboard you wish to see from the Dashboards list. You should see the widget(s)]available on the shared account’s dashboard after clicking on the dashboard name.

You may see the CPU Utilization indicator from AWSLAB902’s dashboard on your monitoring account dashboard in the example below.

Using the monitoring account dashboard to view AWSLAB902 CloudWatch metricsUsing the monitoring account dashboard to view AWSLAB902 CloudWatch metrics

4. To access the dashboard of another sharing account, follow the same procedures as before, but this time choose a different source. The screenshot below, for example, displays the CloudWatch dashboard from AWSLAB903.

Using the monitoring account dashboard to view AWSLAB903 CloudWatch metricsUsing the monitoring account dashboard to view AWSLAB903 CloudWatch metrics

Putting Together a CloudWatch Metrics Dashboard

You may now see the shared CloudWatch metrics dashboards for various sharing accounts. It’s great because you don’t have to switch and re-authenticate between various accounts to see their numbers. However, wouldn’t having all CloudWatch metrics on a single dashboard give a significantly better experience?

Fortunately, all of your previous customizations have prepped your AWS accounts so that you can establish a combined CloudWatch metrics dashboard. You may accomplish this by following the procedures outlined below.

1. From the CloudWatch Dashboards view of the monitoring account, click the Clear selection icon at the top. This will erase the dashboards from view and ensure that the consolidated dashboard is created on your monitoring account.

Getting rid of the account selectorGetting rid of the account selector

2. Click the Create dashboard button when the View data box is empty.

Activating the dashboard creation buttonActivating the dashboard creation button

3. Type a name for your new dashboard in the Create new dashboard screen. Consolidated Dashboard Example shall be the name of this example. Click Create dashboard after providing the name.

Changing the name of the dashboardChanging the name of the dashboard

4. Choose the widget that will reflect the measure you want to include in the dashboard. The Stacked area is the widget to choose in this case. Click Next after choosing the widget.

Choosing a widgetChoosing a widget

5. Select the Metrics option and click Configure since you’ll be displaying metrics on the dashboard.

Metrics is chosen as the data source.Metrics is chosen as the data source.

6. On the Add metric graph page, next to the Untitled graph, click the edit button, as shown below.

Changing the name of the graph Changing the name of the graph

After that, enter the name of the metric graph. AWSLAB902 CPU Utilization is the name of the graph in this example. Feel free to call it anything you like depending on the statistic you include in the dashboard. Click the check button once you’ve entered the name.

Filling in the metric graph's nameFilling in the metric graph’s name

7. Select which sharing account will be the data source from the Choose account dropdown list on the same page, under the All metrics tab. AWSLAB092 is chosen in this case.

Selecting a shared accountSelecting a shared account

8. After Selecting a shared account, select which metric to add to the dashboard. This example will choose EC2 —> Per-Instance Metrics —> CPUUtilization. When you’ve selected which metric to add, click Create widget.

Developing a metric widget Developing a metric widget

You’ve now constructed a dashboard that shows the data From the Account for Sharing’s CloudWatch metrics.

9. You’ve so far established a dashboard with a measure from one sharing account. More metrics from the same or separate sharing accounts may now be included. To do so, click the Add widget button and repeat steps 1 through 8 until the dashboard has all of the metrics widgets you desire.

One measure on a consolidated dashboard One measure on a consolidated dashboard

Save the dashboard after you’ve included all of the metrics you want.

The dashboard was saved.The dashboard was saved.

Disabling Data Sharing Between Accounts

If you want to stop the cross-account sharing configuration for any reason, delete the two IAM roles that the CloudFormation stack built automatically. CloudWatch-CrossAccountSharingRole and AWSServiceRoleForCloudWatchCrossAccount are the IAM roles in question.

From the Account for Sharing

Follow the procedures below to prevent cross-account sharing on the shared accounts.

1. Log in to your sharing account using the IAM portal.

2. In the Access management section, click Roles after logging in. Next, choose the CloudWatch–CrossAccountSharingRole role from the list of roles and click Delete role.

The CloudWatch-CrossAccountSharingRole IAM role is selected.The CloudWatch-CrossAccountSharingRole IAM role is selected.

3. At the following question, click the Yes, delete button to confirm the deletion.

IAM role CloudWatch-CrossAccountSharingRole is being deleted. IAM role CloudWatch-CrossAccountSharingRole is being deleted.

If required, repeat the procedure on the other shared accounts.

From the Account of Monitoring

Follow the steps below to prevent cross-account viewing of shared CloudWatch data on the monitoring account.

1. Go to the IAM portal and log in to your monitoring account using a web browser.

2. In the Access management section, click Roles after logging in. Next, choose the AWSServiceRoleForCloudWatchCrossAccount role from the list of roles and click Delete.

The AWSServiceRoleForCloudWatchCrossAccount IAM role is being deleted.The AWSServiceRoleForCloudWatchCrossAccount IAM role is being deleted.

3. To confirm, click the Yes, delete button on the confirmation screen.

Consolidated CloudWatch Metric Dashboard is being removed.

The aggregated dashboard you developed will no longer display any data now that you’ve blocked CloudWatch metrics data sharing. You should also remove any dashboards that are no longer in use. To do so, follow these steps.

1. If you haven’t already, go to the CloudWatch Management Console and log in to your monitoring account.

2. On the left pane, click the dashboard name you want to delete. In this example, the dashboard name is Consolidated_Dashboard_Example. Next, click Actions —> Delete dashboard.

The unified dashboard is being removed.The unified dashboard is being removed.

3. Finally, click Delete on the confirmation popup to delete the dashboard.

Confirming that the unified dashboard would be removed.Confirming that the unified dashboard would be removed.

Conclusion

This post attempts to assist you in breaking your tiresome monitoring habit with many AWS accounts. You’ve learned how to combine CloudWatch metrics into a single dashboard and allow cross-account data sharing.

You may go beyond dealing with simple data by setting alerts or aggregating CloudWatch logs. Furthermore, there are several options available to you that may wind up making your work simpler. Thank you for your time and consideration, and best wishes!

The “aws share cloudwatch dashboard” is a method of consolidating AWS CloudWatch metrics into a single dashboard. This allows the user to view all their metrics in one place, and easily find the metrics they are interested in.

  • cloudwatch cross account dashboard
  • share cloudwatch metrics
  • cloudwatch cross account alarm
  • cross-account monitoring aws backup
  • cloudwatch metric stream cross account
You May Also Like