How to Setup an AWS Monitoring Account

It is a Common Practice to set up a separate AWS Account for Monitoring and Logging. The Setup Using Works in a Source and Sink Architecture with the Production Account Usually being a Source and Monitoring Account being the Sink.

Source Sink Architecture. Note : There can be multiple Sources and a Single Sink.

Production Side Setup (Source)
Open Cloud Watch and Click on Settings in Bottom Left Side. After that Scroll Down and Select Share your CloudWatch Data (In this Case we’ll share our Data With Our Sink).

After we click configure, Enter the Account Id for Sink Account.

Select the Appropriate Permissions for Sink Account (Full Access in this Case) , and Click Launch CloudFormation Template and it will create an IAM Role for the Sink Account with a Trust Relationship.

Monitoring Side Setup (Sink)
Similarly In the Sink Account go to Setting in CloudWatch and Select View cross-account cross-region and select Configure.

Now Click on Custom account selector and put the Production (Source) Account ID and Label in the Format Specified and Finally Click Enable and Congratulations 🎉. Now your Source and Sink Connection is Successful.

Now you Can See Production (Source) CloudWatch Metrics 📈 by simply Going to Cloudwatch>All Metrics and You will see a drop down to slect the Source Account. You can now setup CloudWatch alarms 🚨 e.g. Alert Message on Slack, SMS or Email if certain API(s) go down or Database Connections or CPU Utlization go above some certain threshold , and Setup CloudWatch Alarm Actions like Scaling EC2 Instances incase traffic goes above a threshold. Below is AWS SAM 🦫 Code to Create a CloudWatch Alarm.

AlarmUnauthorizedname4xx:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: AlarmUnauthorizedname4xx
      AlarmActions:
        - !Ref CloudWatchAlarmTopic
      ComparisonOperator: GreaterThanOrEqualToThreshold
      EvaluationPeriods: 1
      DatapointsToAlarm: 1
      Metrics:
        - Id: alarmunauthorizedname4xx
          Label: 4XXError
          AccountId: !Ref AccountId
          MetricStat:
            Metric:
              Dimensions:
                - Name: Resource
                  Value: /mypath/{page}
                - Name: Method
                  Value: GET
                - Name: Stage
                  Value: $default
                - Name: ApiId
                  Value: !Ref apisamid
              MetricName: 4xx
              Namespace: AWS/ApiGateway
            Period: 30
            Stat: Average
          ReturnData: true
      Threshold: 1

If you find this Blog Helpful consider following me on GitHub for more projects related to AWS SAM and CDK.
https://github.com/hamzashabbir11