With LogicMonitor, monitor the state of your Amazon Web Services (AWS) accounts and the underlying services and license usage that allows you to identify faults and manage performance. Adding AWS to your LogicMonitor environment involves creating an AWS Policy, Role, and exchanging a series of identifiers with LogicMonitor.
Note: AWS environments may be added programmatically, which can be more efficient when adding multiple accounts. For more information, see AWS Device Groups.
Requirements to Set up the AWS Environment
To add an AWS account to LogicMonitor, you need the following:
- From the LogicMonitor console, initiate the LogicMonitor and AWS credential exchange and integration (Account ID, External ID, and Policy values).
- From the AWS console, create a Policy, create a Role, attach the policy to the role, and optionally add Billing monitoring to LogicMonitor. For more information, see AWS Billing Monitoring – Cost & Usage Report.
- In the final steps, return to the LogicMonitor console and complete the following: monitoring-configuration, configuration testing, and confirm the LogicMonitor dashboard creation.
Initiating the LogicMonitor and AWS Identifier Exchange
LogicMonitor provides the Account ID, External ID, and Policy JSON for entry into the AWS console. AWS provides the Role ARN (Amazon Resource Name) to enter into the LogicMonitor portal.
1. From the LogicMonitor portal, navigate to Resources > Add > Cloud Account.
2. Click Add on the AWS tile.
3. Enter a Name for how the AWS account displays in the LogicMonitor portal. Optionally, enter a Description.
4. Click Next: Permissions.
5. At the Permissions step in the LogicMonitor wizard, Copy the Policy JSON.
Creating an AWS Policy with LogicMonitor JSON
1) In your AWS Console, search “iam” in the search bar, hover over the first result to allow the Top Features menu to appear, and select Policies.
2) From the top right of the Policy page, click the Create Policy button.
3) Select the JSON tab.
4) Enter the JSON policy you created in your LogicMonitor portal. For more information, visit step 6 in the Initiate the LogicMonitor and AWS Identifier Exchange section.
5) Click Next: Tags.
6) Click Next: Review.
7) Enter a policy name in the Name* field. You will need this Name later to add this policy to the role.
8)Click Create policy.
The AWS policy is now successfully created.
Creating an AWS Role with the New Policy, LogicMonitor Account ID, and LogicMonitor External ID
1) From the IAM left side-bar, select Roles.
2) Return to the LogicMonitor portal, which was left on the AWS Account Permissions page. Copy the Account ID.
3) Return to the AWS Console (IAM > Roles page). Click Create role.
4) Select the AWS account option.
5) Select Another AWS account.
6) Enter the Account ID, which was copied from the LogicMonitor Portal.
7)Under Options, select Require external ID.
8) In your LogicMonitor portal, copy the External ID from the Permissions section wizard.
9) Enter the External ID from LogicMonitor into the External ID field in your AWS Console.
10) From the Add permissions page, search for the permission name that was created (step 7 in the “Create an AWS Policy with LogicMonitor JSON” section). Select the previously created policy and then click the Next button to attach the policy to the AWS role that is currently being created.
11) Under the Role details heading and in the Role name field, type in a Role name, review the page, and click the Create Role button.
12) Role creation may take a moment. Click the View role button within the green success bar.
Add the Amazon Role Name (ARN) to LogicMonitor and Testing the Permissions Synchronization
1) In your AWS Console, find the newly created role or specified role page, copy the ARN to your clipboard.
2) In your LogicMonitor portal, enter the ARN in the Role ARN field on the Permissions step of the LogicMonitor wizard’s Permission’s page. Click Next: Services.
3) Within the Logic Monitor Wizard’s Services page, scroll down to review the services that you would like to monitor. Click the Default Settings review the different monitoring options (scan frequency, regions, tags, etc).
4) Click Test Permissions (testing the credentials and permissions synchronization may take up to 5-10 seconds). A Success notification will appear near the bottom of the page.
5) Click Next: Billing.
Note: For more information, see AWS Billing Monitoring - Cost & Usage Report.
6) To finish without adding AWS Billing monitoring, click Skip and Finish. Click View Dashboard.
elasticbeanstalk:ListTagsForResource permission is not yet supported by the AWS visual permissions editor, but it is required by LogicMonitor. You can alternatively use
elasticbeanstalk:List* if desired.
After you finish adding your AWS account, check for updates of your DataSources by importing any recently released Cloud Monitoring DataSources into your account.
You may also want to complete the following setup steps: