Monitoring using AWS CloudWatch becomes quite difficult when you are handling multiple customers. Sure, you can use services and switching between accounts but if you have single dashboard for monitoring purpose? Then things will be much more simpler because then you don't have to switch your account. In this blog, I am going to explain configure Cross-Account Cross-Region CloudWatch dashboard.
For the simplicity of this blog, I will be considering two AWS accounts. The steps mentioned here could be repeated for multiple account as well. First AWS account is the target account whose CloudWatch metrics you wish to monitor. Second AWS account is the monitoring account which is the source account from where you will be monitoring other accounts.
Enabling the functionality in target AWS account CloudWatch
We must first enable sharing in the target account’s CloudWatch so that we can access the data from our monitoring account.
Click on Settings and then in the next window which opens, you need to click on Configure.
By default, both the options Share your data and View cross-account cross-region will be disabled. You need to click on configure so as to enable the share your data option for target account.
In the next page, click on Share Data button and add the account ID of the monitoring account.
- You will get the above options in the same window itself. Here you need to select on Full read-only… option and then click on Launch CloudFormation template. This will create a cross-account sharing role with your monitoring account.
Once it’s done, you will be able to see the option enabled in the account as shown below. Next, you can proceed with the monitoring AWS account setup.
Enabling monitoring account to view the CloudWatch dashboard
Similarly, go to the monitoring account and we need to enable the option of viewing cross-account cross-region CloudWatch information.
Go to CloudWatch>Settings and then click on Enable in the bottom half of the window which says ‘View cross-account cross-region’.
Once the viewing data option is enabled, then go to CloudWatch>Dashboards and you should see something like this:
You must have noticed the new option above, ‘View Data for’ which can be used to access other accounts in various regions. Enter the account ID and region in that space and you will be able to see that account’s CloudWatch dashboard.
You must have noticed the new option above, ‘View Data for’ which can be used to access other accounts in various regions. Enter the account ID and region in that space and you will be able to see that account’s CloudWatch dashboard.
Once the dashboard has been created, we can monitor our customers’ CloudWatch dashboard from our own account and avoid switching every time to their account for monitoring purposes. The only thing I wish this feature had was for us to be able to export an already existing dashboard from the destination AWS account to our account. But for now, we have to configure the monitoring dashboard from scratch, metric by metric, graph by graph.
Conclusion
I hope this blog helps you in efficiently monitoring CloudWatch for your customer accounts.