Docs

    BlueMatador-AWS-300Enabling the Amazon Web Services (AWS) Integration allows Blue Matador to monitor the resources in your AWS account. After installation, more than 100 events will be automatically detected in your AWS account without configuring any thresholds. The supported services include:

    • AutoScaling

    • Certificate Manager

    • CloudFront
    • DynamoDB

    • EBS

    • EC2

    • ECS

    • Elastic Beanstalk

    • ElastiCache

    • Elasticsearch
    • ELB

    • Kinesis

    • Lambda

    • RDS

    • Route53

    • S3

    • Scheduled Events

    • SES

    • SNS

    • SQS


    Requirements


    Installing the Blue Matador AWS integration requires either an active trial or paid account. Contact sales to get started.  You will also need to meet the following requirements:

    • Access to create IAM policies and users in your AWS account

     

    Installation Process


    1. First follow the instructions in the IAM Set Up guide to create an IAM Policy and User to give Blue Matador programmatic access to your AWS account. Keep track of the Access Key ID and Secret access key in the final step of the create user process.

    2. Log in to Blue Matador and navigate to the Integrations page via Setup > Integrations

    3. Expand the AWS installation dialog by clicking on the Install button on the AWS tile

    setup-available-integrations

    4. Set the display name for your AWS account. This will allow you to identify which AWS account your resources belong to if you have multiple accounts set up.

    setup-aws-name

    5. Enter the access and secret key you created earlier and use the Verify Keys button to ensure the proper permissions are in place.

    setup-aws-keys

    6. Save the integration. Data is collected at 5 minute intervals, so it will take up to 5 minutes for the first collection to take place when an AWS integration is created. 

    setup-aws-save

     

    Troubleshooting


    After at least 5 minutes have passed, you should verify that your AWS resources are showing up in the Resources page via Explore > Resources.  If you do not see resources, it is possible that the integration was not set up properly. The most likely culprit is the IAM permissions for the user the integration was created with. If you are unsure if the correct user is created, you may edit your AWS integration and enter different keys.

    setup-aws-edit

     

    Integration Errors

    When the Blue Matador AWS integration detects an error during data collection, some details of that error will appear in the UI. The most common cause for errors are permissions issues and rate limiting. In many cases, the error is transient and can be safely ignored because the AWS collector isolates data collection such that occasional errors will not affect our ability to detect events.  If an error persists, you should contact your account manager to have our engineering team look into it.

    setup-aws-error

    For errors that are obviously due to permissions issues, run through the IAM Set Up guide to make sure the integration has the appropriate IAM policy to collect data in your AWS account. If you are removing an AWS account from Blue Matador, you can disable and then delete the integration in our UI. This will help us avoid making unauthenticated calls to collect data from AWS.

    setup-aws-disabled

     

    Frequently Asked Questions


    Is the Blue Matador Linux/Windows Server agent compatible with the AWS integration? Yes, the Blue Matador agent is compatible with the AWS integration. The agent is able to collect data that is not available from the AWS integration and vice-versa.

    Does Blue Matador modify my AWS resources? The AWS integration specifically does not make any modifications to your AWS infrastructure. All of the API calls are read-only.

    Does the AWS integration cost extra? All of the Blue Matador integrations are available during the free trial period and with any paid account. Since the AWS integration with Blue Matador uses the CloudWatch API using your IAM credentials, you are responsible for any charges incurred from CloudWatch API calls.

    Which AWS regions are supported? The AWS integration currently collects data in the following regions

    • us-east-1

    • us-east-2

    • us-west-1

    • us-west-2

    • ca-central-1

    • eu-central-1

    • eu-west-1

    • eu-west-2
    • eu-west-3

    • ap-northeast-1

    • ap-northeast-2

    • ap-southeast-1

    • ap-southeast-2

    • ap-south-1

    • sa-east-1

    Can I have multiple AWS integrations? Blue Matador supports as many AWS integrations as you have AWS accounts.

     

    Related


    IAM Set Up (Documentation)

    Linux Agent Install (Documentation)

    Kubernetes Agent Install (Documentation)