AWS CloudWatch Integration

Tacnode comes with AWS CloudWatch integration, allowing you to push Tacnode metrics data to AWS CloudWatch through simple configuration. Once enabled, you can view these metrics directly in the AWS Console and set alerts for specific metrics as needed.

Prerequisites

• AWS CloudWatch is activated on your account.

Configuration Steps

Step 1. Create an IAM Permission Policy

1. Go to [AWS IAM Policy Management].

2. Click "Create policy" to establish a new permission policy dedicated to Tacnode metric subscription. Use the following policy definition:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Allow",
            "Action": [
                "cloudwatch:ListMetrics",
                "cloudwatch:GetMetricData",
                "cloudwatch:GetMetricStatistics",
                "cloudwatch:PutMetricData",
                "cloudwatch:PutMetricAlarm",
                "cloudwatch:TagResource",
                "cloudwatch:UntagResource"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

3. Enter the policy name TacnodeCloudWatchPushPolicy and click Save.

Step 2. Create IAM Role

1. Go to [AWS RAM Access Management - Roles].

2. Click "Create role" to create a new role for Tacnode metrics subscriptions.

   • Select Trusted Entity: Choose [Custom trust policy], and enter the following JSON (replace ACCOUNT_ID with your account ID):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::{ACCOUNT_ID}:root"
            },
            "Action": "sts:AssumeRole",
            "Condition": {}
        }
    ]
}

3. Add permissions: Select the previously created TacnodeCloudWatchPushPolicy.

4. Enter the role name TacnodeMetrics and click Next.

5. Click on the TacnodeMetrics role to view its details and copy the ARN.

Step 3. Setup CloudWatch Subscription

1. Click to configure the CloudWatch subscription, enter subscription details

   • Namespace: CloudWatch metric namespace, enter a custom value
   • Role ARN: paste the role ARN copied in previous step
   • Service Region ID: specify according to the region in use, for example:
     • AWS Oregon: us-west-1
     • AWS Tokyo: ap-northeast-1

   

2. View metrics in the AWS console