AWS plugin

Monitor your AWS environment, including EC2, Lambda Functions, CloudWatch and more.

Click the following link for additional content such as blogs, videos, use cases, and more:

Adding a data source

To add a data source click on the + next to Data Sources on the left-hand menu in SquaredUp. Search for the data source and click on it to open the Configure data source page.

Before you start

Prerequisites

Choose your authentication method:
1. IAM role based using the Create IAM Role button to generate the necessary credentials in AWS (recommended).
2. IAM user based
Consider the permissions needed to access AWS resources and data:
SquaredUp will only show the AWS resources and data that are already enabled and available within your AWS account.
- CloudWatch metrics must be available in your AWS account for the resources you wish to visualize.
- Cost Explorer must be enabled in the AWS Billing settings if you want to visualize cost and usage data.

IAM role based authentication - Recommended

IAM role based authentication using the Create IAM Role button is the default and recommended method:

Full step-by-step instructions for using the Create IAM Role button to add the AWS plugin are below see Configuring the data source.

The Create IAM Role button creates an IAM role with only the required permissions, and the details of this output can then be then entered into the fields in SquaredUp on the Add data source page.

We strongly encourage you to use the Create IAM Role button when configuring the AWS data source as this automatically generates credentials which is the easiest method. If you choose to manually configure an IAM Role see Manually configuring an IAM Role for the AWS plugin

IAM user based authentication

Whilst IAM role based authentication is strongly encouraged, SquaredUp also supports IAM user based authentication. This requires The Access key ID and Secret access key of an IAM user with programmatic access.

See AWS credentials - Programmatic access, Creating an IAM user in your AWS account and Creating a role to delegate permissions to an IAM user.

If you choose to manually create a user, it must be granted a ReadOnlyAccess AWS managed policy. This policy provides the necessary rights for the plugin to work.

Some data streams also require additional access rights.

This policy can be used as a starting point for a custom policy if, for example, sensitive services need to be removed.

Warning: Restricting access using a custom policy can severely affect the usability of the plugin, such as preventing the use of scoped data streams and the ability to search for objects.

Configuring the data source

Display name:
Enter a name for your data source. This helps you to identify this data source in the list of your data sources.
Authentication type:
Select your chosen authentication method, IAM role based or IAM user based:
IAM role based (recommended):
This is the default authentication method and strongly recommended.
1. Click the Create IAM Role button to generate the necessary credentials in AWS.
2. The Quick create stack page of the AWS console opens, where a CloudFormation template is automatically populated with the information needed to create an IAM role with read access to your AWS environment.
3. Click the Create stack button to begin role creation. This may take a few moments to complete and progress can be viewed on the Events tab of the Stack details page.
4. Once role creation has completed, select the Outputs tab to view the rest of the credentials required for adding the data source to SquaredUp.
5. Back in SquaredUp use the information from the AWS Outputs tab to complete the fields on the Add data source page.
  1. Role ARN: Copy and paste the RoleArn from AWS.
  2. External ID: Copy and paste the ExternalId from AWS.
  3. Target regions: Copy and paste the Region from AWS.
  4. Account ID: Copy and paste the AccountId from AWS.
  5. Account name: Enter a name to help you remember which account and credentials you have used above. For example, enter Prod to remind you that you used the production account details.
IAM user based:
Supply the credentials for an IAM user with programmatic access.
1. Access Key ID: Enter the access key ID of the user.
2. Secret Access Key: Enter the secret access key of the user.
3. Target Regions: Specify the Target Regions for your AWS resources, i.e. us-east-2, eu-west-1.
4. Account ID: Enter your AWS Account ID.
5. Account Name: Enter a name to help you remember which account and credentials you have used above. For example, enter Prod to remind you that you used the production account details.
Restrict access to this data source:
Optionally, enable this toggle if you only want certain users/groups to have access to the data source, or those with the permission to link it to new workspaces. See data source access control for more information.
Click Test and add to validate the data source configuration. SquaredUp will now attempt to connect to SquaredUp using the provided authentication method.
- Testing passed – a success message will be displayed and then the configuration will be saved.
- Testing passed with warnings – warnings will be listed and potential fixes suggested. You can still use the data source with warnings. Select Save with warnings if you believe that you can still use the data source as required with the warnings listed. Alternatively, address the issues listed and then select Rerun tests to validate the data source configuration again. If the validation now passes, click Save.
- Testing Failed – errors will be listed and potential fixes suggested. You cannot use the data source with errors. You are able to select Save with errors if you believe that a system outside of SquaredUp is causing the error that you need to fix. Alternatively, address the issues listed and then select Rerun tests to validate the data source configuration again. If the validation now passes, click Save.
You can edit data source configurations at any time from Settings > Data Sources.
The index time will depend on the size of your AWS environment.

Testing and troubleshooting

If you encounter an error refer to the guidance or contact our support team in-app or via SquaredUp Support

Error	What to do
Check AWS Access Credentials	Ensure that the AWS Access Key ID and Secret Access Key you are using are correct. Double-check for any typos or formatting issues.
Validate IAM Role Permissions	Ensure that the IAM role associated with your AWS account has the necessary permissions to access the AWS services and resources required. If you are using an External ID, confirm that it has been configured correctly in both the IAM role and the data source definition.
Review IAM Role Trust Relationships	Verify that the IAM role's trust relationship policy allows the correct AWS account to assume the role. This is especially important as cross-account access is being used

Next steps

Getting started with AWS dashboards

The installed dashboards are a great place to start, you can also edit or clone tiles to add to your own dashboards.

See Getting started with AWS dashboards

Objects indexed

SquaredUp indexes the following objects. These objects are used to build dashboards and are visible when searching across SquaredUp. Drilling down into an object will provide useful metrics and properties.

Object	Description
Account	An AWS account is an entity that you create to use AWS services.
Cognito User Pool	Amazon Cognito user pools provide a secure user directory that scales to millions of users.
WAF WebACL	AWS WAF Web ACLs help protect web applications from common web exploits.
CloudWatch Alarm	CloudWatch Alarms send notifications or automatically make changes based on rules.
MWAA Workspace	Managed Workflows for Apache Airflow (MWAA) is a managed orchestration service for Apache Airflow.
ELB Target Group	Target groups are used to route requests to one or more registered targets (such as EC2 instances) in a load balancer.
ElastiCache Redis	Amazon ElastiCache for Redis is a blazing fast in-memory data store that provides sub-millisecond latency.
ElastiCache Memcached	Amazon ElastiCache for Memcached is a Memcached-compatible in-memory key-value store service.
Budget	AWS Budgets allows you to set custom cost and usage budgets and receive alerts when you exceed them.
Backup Job	AWS Backup enables you to centralize and automate data protection across AWS services.
Backup Plan	AWS Backup Plan enables you to define your backup requirements and then backup and restore across AWS services.

Data streams

You can use these data streams to create new tiles to show data, or if there are preconfigured dashboards installed you can copy or edit those.

Data streams standardize data from all the different shapes and formats your tools use into a straightforward tabular format.

While creating a tile you can tweak data streams by grouping or aggregating specific columns.

Depending on the kind of data, SquaredUp will automatically suggest how to visualize the result, for example as a table or line graph.

Data streams can be either global or scoped:

Global data streams are unscoped and return information of a general nature (e.g. "Get the current number of unused hosts").
A scoped data stream gets information relevant to the specific set objects supplied in the tile scope (e.g. "Get the current session count for these hosts").

See Data Streams for more information.

The following data streams are installed with this plugin.

Some data streams will only work if your AWS account has the required permissions.

SquaredUp will only show the AWS resources and data that are already enabled and available within your AWS account.

CloudWatch metrics must be available in your AWS account for the resources you wish to visualize.
Cost Explorer must be enabled in the AWS Billing settings if you want to visualize cost and usage data.

Account Cost

Retrieves AWS account cost/usage by service

Account Cost (Configurable)

Retrieves AWS account cost/usage by service

Parameters

Account Cost Anomalies

Displays Cost Explorer Anomalies

Account Credential Report

Retrieves the AWS credential report for the account

All AWS Support Cases

Retrieves all support cases created in the specified time frame

API Data Processed

The amount of data processed in bytes

API Errors (4xx)

The number of client-side errors captured in a given period

API Errors (5xx)

The number of server-side errors captured in a given period

API Latency

The time between when API Gateway receives a request from a client and when it returns a response to the client. The latency includes the integration latency and other API Gateway overhead

API Request Count

The total number API requests in a given period

Backup Jobs

Retrieves AWS Backup job details

Backup Plans

Retrieves AWS Backup jobs from plan

Budget Alerts/Notifications

Retrieves the alerts and notifications for the specified budgets

Budgets

Retrieves the details and states of the specified budgets

CloudFormation Stack Health

Retrieves the health of the specified CloudFormation stacks

CloudWatch Alarm State History

Retrieves AWS CloudWatch alarm state changes over time

CloudWatch Alarms

Retrieves AWS CloudWatch alarm details

CloudWatch Logs

Displays CloudWatch Log data

Parameters

CloudWatch Metrics by Query

Query CloudWatch metrics by namespace and name, or by using an Insights SQL query or raw metric source JSON

Parameters

CloudWatch Metrics by Resource

Retrieves AWS metrics information for one or more objects

Parameters

Cost (Global - Configurable)

Retrieves AWS account cost/usage by service

Parameters

Cost (Global)

Retrieves AWS account cost/usage by service

Cost Anomalies (Global)

Displays Cost Explorer Anomalies

DNS Queries

For all the records in a hosted zone, the number of DNS queries that Route 53 responds to in a specified time period

DynamoDB Consumed Read Capacity Units

The number of read capacity units consumed over the specified time period

DynamoDB Consumed Write Capacity Units

The number of write capacity units consumed over the specified time period

DynamoDB Metric

Retrieves AWS DynamoDB CloudWatch metrics information for one or more DynamoDB tables

Parameters

DynamoDB Successful Request Latency / Batch Write Item

The latency for successful batch write requests to DynamoDB during the specified time period

DynamoDB Successful Request Latency / Delete Item

The latency for successful delete requests to DynamoDB during the specified time period

DynamoDB Successful Request Latency / Get Item

The latency for successful get requests to DynamoDB during the specified time period

DynamoDB Successful Request Latency / PutItem

The latency for successful put requests to DynamoDB during the specified time period

DynamoDB Successful Request Latency / Query

The latency for successful query requests to DynamoDB during the specified time period

DynamoDB Successful Request Latency / Scan

The latency for successful scan requests to DynamoDB during the specified time period

DynamoDB Successful Request Latency / Update Item

The latency for successful update requests to DynamoDB during the specified time period

EC2 CPU

The percentage of allocated EC2 compute units that are currently in use on the instance

EC2 Disk Read Ops

Completed read operations from all instance store volumes available to the instance in a specified period of time

EC2 Disk Write Ops

Completed write operations to all instance store volumes available to the instance in a specified period of time

EC2 Instance Health

Retrieves the instance health for the provided objects

EC2 Instance Status Checks

Retrieves the instance status checks for the provided objects

EC2 Network In

The number of bytes received by the instance on all network interfaces

EC2 Network Out

The number of bytes sent out by the instance on all network interfaces

EC2 Volume Health

Retrieves the instance health for the provided objects

ELB Active Connections

The total number of concurrent TCP connections active from clients to the load balancer and from the load balancer to targets

ELB Errors (4xx)

The number of HTTP 4XX client error codes that originate from the load balancer

ELB Errors (5xx)

The number of HTTP 5XX server error codes that originate from the load balancer

ELB Health

Retrieves the status of the specified Elastic Load Balancers

ELB Processed Bytes

The total number of bytes processed by the load balancer over IPv4 and IPv6 (HTTP header and HTTP payload)

Lambda Concurrent Executions

The number of function instances that are processing events

Lambda Duration

The amount of time that your function code spends processing an event

Lambda Errors

The number of invocations that result in a function error

Lambda Invocations

The number of times that your function code is invoked

Lambda Logs

Displays CloudWatch Log data for the selected lambda functions

Lambda Throttles

The number of invocation requests that are throttled

MWAA Environment Status

Retrieves the status of the specified MWAA environments

Open AWS Support Cases (Anytime)

Retrieves open support cases

Pipeline Actions

Shows the execution of actions within stages of pipelines

Pipeline Executions

Returns the most recent executions of pipelines

Pipeline Stages

Shows the status of stages within a pipeline

Pipeline Status

Returns the status of scoped pipelines

S3 Bucket Size

The amount of data in bytes that is stored in a bucket in bytes

S3 Metric

Retrieves AWS S3 CloudWatch metrics information for one or more S3 buckets

Parameters

S3 Object Count

The total number of objects stored in a bucket for all storage classes

Synthetics Runs

Displays CloudWatch Synthetics historical runs

Timestream Query

Query a Timestream table

Parameters

Was this article helpful?

Have more questions or facing an issue?

Submit a ticket