Configure a monitoring account
A source account is an individual AWS account that generates observability data for the resources in it. A monitoring account is the account that can view and interact with observability data generated from source accounts. Configuring the monitoring account requires us to configure a Sink and a Sink policy.
It is worth mentioning the following caveats:
- terraform version 1.x is required at minimum
- terraform AWS Provider 4.62.0 is required at minimum
cd oam-sink
Then Change source_account_ids
with the list of source accounts in vars.tf
terraform init
terraform plan
terraform apply
Once applied, you should be able to verify in the AWS console that the monitoring account has been enabled.
Configure source account(s)
For each source account you’ll need to:
- Create a link to the monitoring account
- Enable the
AWSServiceRoleForCloudWatchCrossAccount
role — which is created by CloudWatch when the monitoring account is enabled — in the monitoring account to assume the CloudWatch-CrossAccountSharingRole role in the source account.
cd oam-link
Then Change monitoring_account_sink_identifier
with the monitoring account sink identifier ans monitoring_account_id
with the monitoring account id in vars.tf
terraform init
terraform plan
terraform apply
Once the above has been applied you can now go into your monitoring account and enter a source account number to see metrics from the source account