Panopta offers native integration with AWS CloudWatch, enabling Panopta to ingest your CloudWatch monitoring data. As well, Panopta can perform automatic discovery and monitoring of instances within your AWS account. This is configurable by service type and region, and can also be fully customized using your AWS tags.
CloudWatch data should be used as an augmentation of, not a replacement for, the data obtained by the Panopta server agent and external monitoring. The server agent can provide more detailed and accurate data across any OS distribution or application you may be running on your compute instance. As well, our external monitoring ensures you're getting the full picture of your current operating environment as well as a view into what your customers are experiencing.
To grant Panopta access to your CloudWatch data, you'll need to create an external account role within your AWS account that is tied to Panopta's External AWS Account.
By default, each AWS account gets 1M CloudWatch API calls per month for free. When Panopta makes CloudWatch calls to obtain metrics (every 10 minutes), it utilizes your API calls quota. Due to the highly decoupled design of the CloudWatch API, calls have to be made on a per-instance-per-metric basis - this means API calls add up fast. We encourage you utilize the Panopta agent on EC2 instances, not only for the cost savings, but also the increased functionality and granularity. You can read more about it here.
Once you exceed 1M CloudWatch calls for the month, AWS will charge your account $10 per 1M calls. You can read more about their pricing here.
In certain large-scale scenarios, AWS could begin throttling API calls. We will begin backing-off at that time. If you expect to utilize close to or the full 1M calls per month, we recommend reaching out to AWS to ask for a limit increase. If you'd like Panopta to collect CloudWatch metrics more often than every 10 minutes, please email email@example.com. As well, you can override this at the metric level by editing the metric. Check out templates to do this in bulk.
If you're running the agent (Linux version > 2017.40, Windows version > 18.34), EC2 metrics will be automatically added to your existing agent-based instances.
Example: if you have a Linux Virtual Machine instance you're already monitoring with the agent, and the agent version is > 2017.40, we won't create a second "EC2" instance with the CloudWatch connection - the new CloudWatch metrics will be added to your existing instance
If you're monitoring an EC2 instance with external checks - such as HTTP, HTTPS, or Ping - and we identify an incident, we'll first confirm with AWS that the instance is still around. If it was gracefully removed, we will not alert. If the instance was not removed gracefully, we will alert as normal.
The following AWS integrations are supported: