Integrations
Amazon CloudWatch
Overview
This document provides a detailed guide to integrating Amazon CloudWatch with Callgoose SQIBS for real-time Incident Management, Incident Auto Remediation, Event-Driven Automation, and other Automation purposes. The integration enables automatic creation, updating, and resolution of incidents in Callgoose SQIBS based on alarms triggered in Amazon CloudWatch. The guide includes steps for setting up CloudWatch alarms, configuring webhook notifications, creating API filters in Callgoose SQIBS, and troubleshooting.
Prerequisites
- AWS Account: Access to Amazon CloudWatch and Amazon SNS services.
- Callgoose SQIBS Account: With valid privileges to set up API filters and receive notifications.
- Webhook/API Endpoint: Available in Callgoose SQIBS to receive alerts from Amazon CloudWatch.
1. Obtain API Token and Endpoint Details
To integrate with Callgoose SQIBS, you first need to obtain an API token and find the API endpoint details.
- Generate an API Token:
- Follow the guide on How to Create API Token in Callgoose SQIBS.
- Find the API Endpoint:
- Refer to the Callgoose SQIBS API Endpoint Documentation to get the endpoint details where the JSON payloads from Amazon CloudWatch will be sent.
2. Debugging and Troubleshooting
You can enable debugging in the API tokens used with Amazon CloudWatch notifications for troubleshooting purposes.
- Enable Debugging:
- You can update the debug value when adding or updating an API token.
- When API tracking is enabled, logs are stored in the API log section for your review. The debugging option will automatically disable after 48 hours.
- When API tracking is turned off, no logs are saved in the API log.
- Using API Log for Troubleshooting:
- The API log provides detailed information on all API calls made to Callgoose SQIBS.
- You can check the JSON values in each API log entry for troubleshooting purposes.
- Use the information in the API log to create or refine API filters to ensure incidents are created correctly based on the API payloads received.
- Callgoose SQIBS creates incidents according to your API filter configuration, giving you full control over how alerts from different services trigger incidents and alerts for your support team or automation processes.
3. Configuring Amazon CloudWatch to Send JSON Payloads
To configure Amazon CloudWatch to generate the JSON payloads similar to the examples provided, follow the steps outlined below. These steps will guide you through setting up the necessary alarms and webhook notifications within Amazon CloudWatch to ensure that the JSON payloads match those expected by Callgoose SQIBS.
3.1 Setting Up Alarms in Amazon CloudWatch
To generate the required JSON payloads, you first need to set up alarms within Amazon CloudWatch.
- Log in to the AWS Management Console:
- Access the Amazon CloudWatch service using your AWS account credentials.
- Navigate to the Alarms Section:
- In the CloudWatch console, go to the Alarms section.
- Create a New Alarm:
- Click on Create Alarm.
- Choose a Metric: Select the metric you want to monitor (e.g., CPUUtilization for an EC2 instance).
- Define the Threshold: Set the threshold that will trigger the alarm (e.g., CPU utilization > 80%).
- Configure Alarm Actions:
- Add Notification Actions: In the alarm configuration, set the action to notify an Amazon SNS topic when the alarm state changes.
- Set Up SNS Notification: If you don't already have an SNS topic, create one and subscribe your Callgoose SQIBS webhook/API endpoint to this topic.
3.2 Configuring the SNS Notification
To ensure that the JSON payload sent matches the examples provided, follow these steps when configuring the SNS notification:
- Create an SNS Topic:
- Go to the Amazon SNS console and create a new topic.
- Name the topic according to the alerts you want to monitor (e.g., CloudWatch-Alarms).
- Subscribe to the SNS Topic:
- Protocol: Choose HTTPS.
- Endpoint: Enter the webhook URL provided by Callgoose SQIBS.
- Confirm the subscription to ensure that notifications are delivered to the specified endpoint.
- Test the SNS Notification:
- After setting up the SNS topic and subscription, test the notification by manually triggering the CloudWatch alarm to verify that the correct JSON payload is sent to Callgoose SQIBS.
- Review the payload in Callgoose SQIBS to confirm that it matches the expected structure.
3.3 Finalizing and Testing
- Save and Activate the Alarm:
- Once the alarm and SNS notification are correctly configured, save the alarm configuration and activate it.
- Validate the Integration:
- Manually trigger the CloudWatch alarm to test if incidents are created in Callgoose SQIBS.
- Resolve the alarm in CloudWatch and verify that the corresponding incident in Callgoose SQIBS is resolved.
3.4 Additional Considerations
- Permissions: Ensure that the SNS topic has the necessary permissions to send alerts to the Callgoose SQIBS API endpoint.
- Security: Implement security measures such as HTTPS and API tokens to protect the data being transmitted between Amazon CloudWatch and Callgoose SQIBS.
- Logging and Debugging: Use the debugging and logging features in Callgoose SQIBS to monitor incoming payloads and troubleshoot any issues with the integration.
4. Configuring Callgoose SQIBS
4.1 Create API Filters in Callgoose SQIBS
To correctly map incidents from the CloudWatch alarms, you need to create API filters based on the JSON payloads received.
4.1.1 Example JSON Payloads from Amazon CloudWatch
Alarm Triggered (NewStateValue: "ALARM")
json { "AlarmName": "High CPU Utilization", "AlarmDescription": "Alarm when CPU exceeds 80%", "AWSAccountId": "123456789012", "NewStateValue": "ALARM", "NewStateReason": "Threshold Crossed: 1 datapoint (85.0) was greater than the threshold (80.0).", "StateChangeTime": "2024-08-05T12:00:00.000Z", "Region": "us-west-2", "OldStateValue": "OK", "Trigger": { "MetricName": "CPUUtilization", "Namespace": "AWS/EC2", "StatisticType": "Statistic", "Statistic": "AVERAGE", "Unit": "Percent", "Dimensions": [ { "name": "InstanceId", "value": "i-1234567890abcdef0" } ], "Period": 300, "EvaluationPeriods": 1, "ComparisonOperator": "GreaterThanThreshold", "Threshold": 80.0 } }
Alarm Resolved (NewStateValue: "OK")
json { "AlarmName": "High CPU Utilization", "AlarmDescription": "Alarm when CPU exceeds 80%", "AWSAccountId": "123456789012", "NewStateValue": "OK", "NewStateReason": "Threshold Crossed: 1 datapoint (70.0) was not greater than the threshold (80.0).", "StateChangeTime": "2024-08-05T12:30:00.000Z", "Region": "us-west-2", "OldStateValue": "ALARM", "Trigger": { "MetricName": "CPUUtilization", "Namespace": "AWS/EC2", "StatisticType": "Statistic", "Statistic": "AVERAGE", "Unit": "Percent", "Dimensions": [ { "name": "InstanceId", "value": "i-1234567890abcdef0" } ], "Period": 300, "EvaluationPeriods": 1, "ComparisonOperator": "GreaterThanThreshold", "Threshold": 80.0 } }
4.2 Configuring API Filters
4.2.1 Integration Templates
If you see an Amazon CloudWatch integration template in the "Select Integration Template" dropdown in the API filter settings, you can use it to automatically add the necessary Trigger and Resolve filters along with other values. The values added by the template can be modified to customize the integration according to your requirements.
4.2.2 Manually Add/Edit the Filter
There are two filters that you can manually edit: Trigger and Resolve.
- Trigger Filter (For Creating Incidents):
- Payload JSON Key: "NewStateValue"
- Key Value Contains: [ALARM]
- Map Incident With: "Trigger"."Dimensions".[0]."value"
- This corresponds to the unique InstanceId from the CloudWatch payload.
- Incident Title From: "AlarmName"
- This will use the name of the alarm as the incident title in Callgoose SQIBS.
- Incident Description From: Leave this empty unless you want to use a specific key-value from the JSON payload. If a key is entered, only the value for that key will be used as the Incident Description instead of the full JSON. By default, the Incident Description will include the full JSON values.
- Example: If you use the "NewStateReason" key in the Incident Description From field, the incident description will be the value of the "NewStateReason" key. In the example JSON payload provided earlier, this would result in a description like "Threshold Crossed: 1 datapoint (85.0) was greater than the threshold (80.0)."
- Resolve Filter (For Resolving Incidents):
- Payload JSON Key: "NewStateValue"
- Key Value Contains: [OK]
- Incident Mapped With: "Trigger"."Dimensions".[0]."value"
- This ensures the incident tied to the specific InstanceId is resolved when the alarm state returns to OK.
Refer to the API Filter Instructions and FAQ for more details.
4.3 Finalizing Setup
- Save the API Filters:
- Ensure that the filters are correctly configured and saved in Callgoose SQIBS.
- Test the Integration:
- Manually trigger an Amazon CloudWatch alarm to test if incidents are created in Callgoose SQIBS.
- Resolve the alarm in CloudWatch and verify that the corresponding incident in Callgoose SQIBS is resolved.
5. Testing and Validation
5.1 Triggering Alarms
- Simulate High CPU Usage:
- Increase the CPU load on an EC2 instance to trigger the CloudWatch alarm.
- Verify that an incident is created in Callgoose SQIBS with the correct title and urgency.
5.2 Resolving Alarms
- Reduce CPU Usage:
- Bring the CPU usage back below the threshold to resolve the CloudWatch alarm.
- Verify that the incident in Callgoose SQIBS is marked as resolved.
6. Security Considerations
- API Security: Ensure that the Callgoose SQIBS API endpoint is correct and that you are using the correct API token.
- SNS Permissions: Restrict access to your SNS topics with appropriate IAM policies to ensure that only authorized actions can be performed.
7. Troubleshooting
- No Incident Created: Verify that the SNS subscription is correctly set up and that the JSON payload structure matches the API filters configured in Callgoose SQIBS.
- Incident Not Resolved: Ensure the resolve filter is correctly configured and that the payloads from CloudWatch are being received and processed by Callgoose SQIBS.
8. Conclusion
This guide provides a comprehensive overview of how to integrate Amazon CloudWatch with Callgoose SQIBS for effective incident management. By following the steps outlined, you can ensure that alarms from CloudWatch are automatically reflected as incidents in Callgoose SQIBS, with proper resolution tracking when the issues are resolved.
For further customization or advanced use cases, refer to the official documentation for both Amazon CloudWatch and Callgoose SQIBS:
- Amazon CloudWatch Documentation
- Callgoose SQIBS API Token Documentation
- Callgoose SQIBS API Endpoint Documentation
- API Filter Instructions and FAQ
- How to Send API
This documentation will guide you through the integration process, ensuring that your incidents are managed effectively within Callgoose SQIBS based on real-time alarms from Amazon CloudWatch.