Skip to content

AWS Integration

Infrastructure Integration

AWS Role Delegation Instructions

Setting up the Epoch integration with Amazon Web Services requires configuring role delegation using AWS IAM.

  1. Create a new role in the AWS IAM Console.
  2. Select Another AWS account for the Role Type.
  3. For Account ID, enter 427734637690 (Epoch's account ID). This means that you will grant Epoch read only access to your AWS data.
  4. Check Require external ID and enter the one generated from the AWS integration page.
  5. Click Next: Permissions.
  6. Click Create Policy. Note, if you’ve already created this policy, search the list of Amazon policies and select it. Otherwise complete the following to create a new one.
  7. Choose Create Your Own Policy.
  8. Name the policy EpochAWSIntegrationPolicy.
  9. Click Next: Review.
  10. Give the role a name such as EpochAWSIntegrationRole and hit Create Role.

AWS Integration Policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "autoscaling:Describe*",
        "budgets:ViewBudget",
        "cloudfront:GetDistributionConfig",
        "cloudfront:ListDistributions",
        "cloudtrail:DescribeTrails",
        "cloudtrail:GetTrailStatus",
        "cloudwatch:Describe*",
        "cloudwatch:Get*",
        "cloudwatch:List*",
        "codedeploy:List*",
        "codedeploy:BatchGet*",
        "directconnect:Describe*",
        "dynamodb:List*",
        "dynamodb:Describe*",
        "ec2:Describe*",
        "ecs:Describe*",
        "ecs:List*",
        "elasticache:Describe*",
        "elasticache:List*",
        "elasticfilesystem:DescribeFileSystems",
        "elasticfilesystem:DescribeTags",
        "elasticloadbalancing:Describe*",
        "elasticmapreduce:List*",
        "elasticmapreduce:Describe*",
        "es:ListTags",
        "es:ListDomainNames",
        "es:DescribeElasticsearchDomains",
        "health:DescribeEvents",
        "health:DescribeEventDetails",
        "health:DescribeAffectedEntities",
        "kinesis:List*",
        "kinesis:Describe*",
        "lambda:AddPermission",
        "lambda:GetPolicy",
        "lambda:List*",
        "lambda:RemovePermission",
        "logs:Get*",
        "logs:Describe*",
        "logs:FilterLogEvents",
        "logs:TestMetricFilter",
        "logs:PutSubscriptionFilter",
        "logs:DeleteSubscriptionFilter",
        "logs:DescribeSubscriptionFilters",
        "rds:Describe*",
        "rds:List*",
        "redshift:DescribeClusters",
        "redshift:DescribeLoggingStatus",
        "route53:List*",
        "s3:GetBucketLogging",
        "s3:GetBucketLocation",
        "s3:GetBucketNotification",
        "s3:GetBucketTagging",
        "s3:ListAllMyBuckets",
        "s3:PutBucketNotification",
        "ses:Get*",
        "sns:List*",
        "sns:Publish",
        "sqs:ListQueues",
        "support:*",
        "tag:GetResources",
        "tag:GetTagKeys",
        "tag:GetTagValues"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

Configuration

  1. Enter your AWS Role ARN for the EpochAWSIntegrationRole that you created under the AWS integration tab. Ensure that the trust relationship for the role uses the same external ID shown in this tab.

  2. Choose the services you want to collect metrics for on the left side of the tab and save.

Available Metrics

For the full list of provided metrics, please refer to these documents from Amazon.

If you are looking for a metric, such as CPUUtilization for AWS/EC2, it would appear in Epoch as aws.ec2.cpuutilization.

You may also create a dashboard to see all your AWS metrics in one place.

Note that there may be some AWS services that we do not currently support.