Did this page help you? Yes No Tell us about it...

Choosing A CloudWatch Interface

Topics

You can access Amazon CloudWatch using several different interfaces—you can sign on to the AWS Management Console, download and install the Command Line Interface (CLI), or create a query request with the Query API. If you prefer to use a specific programming language, several Software Development Kits (SDKs) exist that allow you to access Amazon CloudWatch programmatically.

AWS Management Console

Topics

Use the Amazon CloudWatch console to view graphs of your metrics and create alarms based on those metrics. If you are registered with an AWS service that supports data collection, you could already have basic metric data available to you in Amazon CloudWatch.

Signing in to the Console

To sign in to the CloudWatch console

Sign in to the AWS Management Console and open the Amazon CloudWatch console at https://console.aws.amazon.com/cloudwatch/.
The monitoring dashboard opens. Your dashboard might look something like the following:

If you do not have any alarms, the Your Alarms section will have a Create Alarm button. Even if this is the first time you are using the Amazon CloudWatch console, the Your Metrics section could already report that you are using a significant number of metrics, because several AWS products push free metrics to Amazon CloudWatch automatically.

Viewing Your Metrics

You can view graphs of your metrics in the Metrics page.

To see graphs of your metrics

In the Navigation pane, click Metrics.
Scroll down to the metric that you want to graph.
Click the metric.

The following example shows the graph for the CPUUtilization metric, aggregated by EC2 Image ID.

Creating Alarms

You can create an alarm in the Your CloudWatch Alarms page.

To create an alarm

Open the Amazon CloudWatch console at https://console.aws.amazon.com/cloudwatch/.
In the Navigation pane, click Alarms.
The Your CloudWatch Alarms page opens.
Click Create Alarm.
The Create Alarm Wizard page opens.

The Create Alarm Wizard leads you through the steps to create a new alarm. You can choose specific metrics to trigger the alarm and specify thresholds for those metrics. You can then set your alarm to change state when a metric breaches a threshold that you have defined.

After creating an alarm, the alarm appears in the Your CloudWatch Alarms section of CloudWatch. For an example of how to create an alarm for a specific metric, see Creating CloudWatch Alarms.

Command Line Tools

Topics

The following sections describe how to set up your environment for use with the Amazon CloudWatch command line tool.

Installing the Command Line Tool

This section describes how to set up the Amazon CloudWatch command line tool.

Process for Installing the Command Line Tool

Task 1: Download the Command Line Tool

Task 2: Set the JAVA_HOME Environment Variable

Task 3: Set the AWS_CLOUDWATCH_HOME Environment Variable

Task 4: Set the AWS_CREDENTIAL_FILE Environment Variable

Task 5: Set the Region

Note

As a convention, command line text is prefixed with a generic PROMPT> command line prompt. The actual command line prompt on your computer is likely to be different. We also use $ to indicate a Linux/UNIX–specific command and C:\> for a Windows–specific command. Although we don't provide explicit instructions, the tool also works correctly on Mac OS X (which resemble the Linux and UNIX commands). The example output resulting from the command is shown immediately thereafter without any prefix.

Task 1: Download the Command Line Tool

The command line tool is available as a ZIP file on the Amazon CloudWatch Developer Tools website. The tool is written in Java and includes shell scripts for both Windows and Linux/UNIX/Mac OSX. The ZIP file is self-contained; no installation is required. You just download it and unzip it.

Some additional setup is required before you can use the tool. These steps are discussed next.

Task 2: Set the JAVA_HOME Environment Variable

The Amazon CloudWatch command line tool reads an environment variable (JAVA_HOME) on your computer to locate the Java runtime. The command line tool requires Java version 5 or later to run. Either a JRE or JDK installation is acceptable.

To set the JAVA_HOME Environment Variable

If you do not have Java 1.5 or later installed, download and install Java. To view and download JREs for a range of platforms, including Linux/UNIX and Windows, go to http://java.oracle.com/.

Set JAVA_HOME to the full path of the directory that contains a subdirectory named bin that in turn contains the Java executable. For example, if your Java executable is in the /usr/jdk/bin directory, set JAVA_HOME to /usr/jdk. If your Java executable is in C:\jdk\bin, set JAVA_HOME to C:\jdk.

	Note
	If you are using Cygwin, you must use Linux/UNIX paths (e.g., /usr/bin instead of C:\usr\bin) for `AWS_CLOUDWATCH_HOME` and `AWS_CREDENTIAL_FILE`. However, `JAVA_HOME` should have a Windows path. Additionally, the value cannot contain any spaces, even if the value is quoted or the spaces are escaped.

The following Linux/UNIX example sets JAVA_HOME for a Java executable in the /usr/local/jre/bin directory.

$ export JAVA_HOME=/usr/local/jre

The following Windows example uses set and setx to set JAVA_HOME for a Java executable in the C:\java\jdk1.6.0_6\bin directory. The set command defines JAVA_HOME for the current session and setx makes the change permanent.

C:\> set JAVA_HOME=C:\java\jdk1.6.0_6
C:\> setx JAVA_HOME C:\java\jdk1.6.0_6

	Note
	Don't include the bin directory in `JAVA_HOME`; that's a common mistake some users make. The command line tool won't work if you do.

Add your Java directory to your path before other versions of Java.
On Linux and UNIX, you can update your PATH as follows:
```
$ export PATH=$JAVA_HOME/bin:$PATH 
```
On Windows the syntax is slightly different:
```
C:\> set PATH=%JAVA_HOME%\bin;%PATH% 
C:\> setx PATH %JAVA_HOME%\bin;%PATH% 
```
Note
The setx command does not use the "=" sign.

Verify your JAVA_HOME setting with the command $JAVA_HOME/bin/java -version.

$ $JAVA_HOME/bin/java -version
java version "1.5.0_09"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b03)
Java HotSpot(TM) Client VM (build 1.5.0_09-b03, mixed mode, sharing)

The syntax is different on Windows, but the output is similar.

C:\> %JAVA_HOME%\bin\java -version
java version "1.5.0_09"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b03)
Java HotSpot(TM) Client VM (build 1.5.0_09-b03, mixed mode, sharing)

Task 3: Set the AWS_CLOUDWATCH_HOME Environment Variable

The command line tool depends on an environment variable (AWS_CLOUDWATCH_HOME) to locate supporting libraries. You'll need to set this environment variable before you can use the tool.

To set the AWS_CLOUDWATCH_HOME Environment Variable

Set AWS_CLOUDWATCH_HOME to the path of the directory into which you unzipped the command line tool. This directory is named -w.x.y.z (w, x, y, and z are version/release numbers) and contains sub-directories named bin and lib.
The following Linux/UNIX example sets AWS_CLOUDWATCH_HOME for a directory named -1.0.12.0 in the /usr/local directory.
```
$ export AWS_CLOUDWATCH_HOME=/usr/local/-1.0.12.0  
```
The following Windows example sets AWS_CLOUDWATCH_HOME for a directory named -1.0.12.0 in the C:\CLIs directory.
```
C:\> set AWS_CLOUDWATCH_HOME=C:\CLIs\-1.0.12.0 
C:\> setx AWS_CLOUDWATCH_HOME C:\CLIs\-1.0.12.0             
```
Add the tool's bin directory to your system PATH. The rest of this guide assumes that you've done this.
On Linux and UNIX, you can update your PATH as follows:
```
$ export PATH=$PATH:$AWS_CLOUDWATCH_HOME/bin 
```
On Windows the syntax is slightly different:
```
C:\> set PATH=%PATH%;%AWS_CLOUDWATCH_HOME%\bin 
C:\> setx PATH %PATH%;%AWS_CLOUDWATCH_HOME%\bin 
```

Task 4: Set the AWS_CREDENTIAL_FILE Environment Variable

You must also provide your AWS credentials to the command line tool. The command line tool reads your credentials from a credential file that you create on your local system.

You can either specify your credentials with the --aws-credential-file parameter every time you issue a command or you can create an environment variable that points to the credential file on your local system. If the environment variable is properly configured, you can omit the --aws-credential-file parameter when you issue a command. The following procedure describes how to create a credential file and a corresponding AWS_CREDENTIAL_FILE environment variable.

To set up security credentials for your command line tool

Log in to the AWS security credentials web site.
Retrieve an access key and its corresponding secret key.
1. Scroll down to the Access Credentials section and select the Access Keys tab.
2. Locate an active Access Key in the Your Access Keys list.
3. To display the Secret Access Key, click Show in the Secret Access Key column.
4. Write down the keys or save them.
5. If no Access Keys appear in the list, click Create a New Access Key and follow the on-screen prompts.
Add your access key ID and secret access key to the file named credential-file-path.template:
1. Open the file credential-file-path.template included in your command line tools archive.
2. Copy and paste your access key ID and secret access key into the file.
3. Rename the file and save it to a convenient location on your computer.
4. If you are using Linux, set the file permissions as follows:
```
$ chmod 600 credential-file-name
```
Set the AWS_CREDENTIAL_FILE environment variable to the fully qualified path of the file you just created.
The following Linux/UNIX example sets AWS_CREDENTIAL_FILE for myCredentialFile in the /usr/local directory.
```
$ export AWS_CREDENTIAL_FILE=/usr/local/myCredentialFile  
```
The following Windows example sets AWS_CREDENTIAL_FILE for myCredentialFile.txt in the C:\aws directory.
```
C:\> set AWS_CREDENTIAL_FILE=C:\aws\myCredentialFile.txt 
C:\> setx AWS_CREDENTIAL_FILE C:\aws\myCredentialFile.txt 
```

Task 5: Set the Region

By default, the Amazon CloudWatch tools use the US East (Northern Virginia) Region (us-east-1) with the monitoring.us-east-1.amazonaws.com service endpoint URL. If your instances are in a different region, you must specify the region where your instances reside. For example, if your instances are in Europe, you must specify the EU (Ireland) Region by using the --region eu-west-1 parameter or by setting the AWS_CLOUDWATCH_URL environment variable.

This section describes how to specify a different Region by changing the service endpoint URL.

To specify a different Region

To view available Regions go to Regions and Endpoints in the Amazon Web Services General Reference.
If you want to change the service endpoint, set the AWS_CLOUDWATCH_URL environment variable.
- The following Linux/UNIX example sets AWS_CLOUDWATCH_URL to the EU (Ireland) Region.
```
$ export AWS_CLOUDWATCH_URL=https://monitoring.eu-west-1.amazonaws.com  
```
- The following Windows example sets AWS_CLOUDWATCH_URL to the EU (Ireland) Region.
```
C:\> set AWS_CLOUDWATCH_URL=https://monitoring.eu-west-1.amazonaws.com  
C:\> setx AWS_CLOUDWATCH_URL https://monitoring.eu-west-1.amazonaws.com  
```

You're ready to start using Amazon CloudWatch.

Command Line Tools Example

This section shows some examples of command line tools usage.

	Note
	This section uses command line tools for Amazon CloudWatch and Amazon EC2. For more information about the Amazon EC2 command line tools, go to Getting Started with the Command Line Tools in the Amazon Elastic Compute Cloud User Guide.

Use the EC2 ec2-run-instances command as in the following example.

PROMPT>ec2-run-instances ami-60a54009 -n 3 --availability-zone us-east-1a

	Note
	If you wanted to automatically monitor all of the EC2 Instances spun up by the preceding command, you would add `--monitoring`. This lets you skip step 2 in this procedure.

The command returns a unique identifier for each launched instance. You use the instance ID to manipulate the instance. This includes viewing the status of the instance, terminating the instance, and so on. Launching the instance takes a few minutes.

RESERVATION r-237fed4a 853279305796 default
INSTANCE i-d9add0b0 ami-60a54009 pending 0 m1.small 2009-05-14T12:38:24+0000 us-east-1a aki-a71cf9ce ari-a51cf9cc monitoring-disabled

Use the mon-list-metrics command to get a list of what metrics are being stored for your AWS account. For example:

PROMPT>mon-list-metrics

The mon-list-metrics outputs a table containing the Metric name, Namespace, and Dimension associated with each metric. For example:

CPUUtilization       AWS/EC2  {InstanceId=i-c385b3aa}
CPUUtilization       AWS/EC2  {ImageId=ami-11ca2d78}
CPUUtilization       AWS/EC2  {InstanceType=m1.small}
CPUUtilization       AWS/EC2
DiskReadBytes        AWS/EC2  {ImageId=ami-11ca2d78}
DiskReadBytes        AWS/EC2  {InstanceType=m1.small}
DiskReadBytes        AWS/EC2
DiskReadBytes        AWS/EC2  {InstanceId=i-c385b3aa}
DiskReadOps          AWS/EC2  {InstanceId=i-c385b3aa}
DiskReadOps          AWS/EC2  {InstanceType=m1.small}
DiskReadOps          AWS/EC2
DiskReadOps          AWS/EC2  {ImageId=ami-11ca2d78}
DiskWriteBytes       AWS/EC2  {InstanceId=i-c385b3aa}
DiskWriteBytes       AWS/EC2  {InstanceType=m1.small}
DiskWriteBytes       AWS/EC2  {ImageId=ami-11ca2d78}
DiskWriteBytes       AWS/EC2
DiskWriteOps         AWS/EC2  {InstanceId=i-c385b3aa}
DiskWriteOps         AWS/EC2  {ImageId=ami-11ca2d78}
DiskWriteOps         AWS/EC2  {InstanceType=m1.small}
DiskWriteOps         AWS/EC2
NetworkIn            AWS/EC2
NetworkIn            AWS/EC2  {InstanceId=i-c385b3aa}
NetworkIn            AWS/EC2  {ImageId=ami-11ca2d78}
NetworkIn            AWS/EC2  {InstanceType=m1.small}
NetworkOut           AWS/EC2  {InstanceType=m1.small}
NetworkOut           AWS/EC2
NetworkOut           AWS/EC2  {ImageId=ami-11ca2d78}
NetworkOut           AWS/EC2  {InstanceId=i-c385b3aa}

Use the EC2 ec2-monitor-instances command as in the following example.
```
PROMPT> ec2-monitor-instances i-43a4412a
```
ec2-monitor-instances returns a table that contains the selected instance IDs and the current monitoring state.
```
i-43a4412a monitoring-pending
```
Use the Amazon CloudWatch mon-get-stats command as in the following example.
```
PROMPT> mon-get-stats CPUUtilization --start-time 2009-05-15T00:00:00 --end-time 2009-05-16T00:00:00 --period 60 --statistics "Average" 
--namespace "AWS/EC2" --dimensions "ImageId=ami-60a54009"
```
Amazon CloudWatch returns a response similar to the following (the data has been truncated for brevity):
```
2009-05-15 	22:42:00   	0.38   Percent
2009-05-15 	22:48:00   	0.39   Percent
2009-05-15 	22:54:00   	0.38   Percent
```
Note
Amazon CloudWatch returns the data for this function in the following order: date, time, sample, CPUUtilization, and unit.

Query API

Query requests are HTTP or HTTPS requests that use the HTTP verb GET or POST and a Query parameter named Action or Operation. Action is used throughout this documentation, although Operation is supported for backward compatibility with other AWS Query APIs.

Amazon CloudWatch Endpoints

For information about this product's regions and endpoints, go to Regions and Endpoints in the Amazon Web Services General Reference.

Query Parameters

Each Query request must include some common parameters to handle authentication and selection of an action. For more information, see Common Query Parameters in the Amazon CloudWatch API Reference.

Note

Some API operations take lists of parameters. These lists are specified using the following notation: param.member.n. Values of n are integers starting from 1. All lists of parameters must follow this notation, including lists that contain only one parameter. For example, a Query parameter list looks like this:

&attribute.member.1=this
&attribute.member.2=that

The RequestId

In every response from Amazon Web Services (AWS), you will find ResponseMetadata, which contains a string element called RequestId. This is simply a unique identifier that AWS assigns to provide tracking information. Although RequestId is included as part of every response, it will not be listed on the individual API documentation pages to improve readability of the API documentation and to reduce redundancy.

Query API Authentication

You can send Query requests over either HTTP or HTTPS. Regardless of which protocol you use, you must include a signature in every Query request. This section describes how to create the signature. The method described in the following procedure is known as signature version 2.

To create the signature

Create the canonicalized query string that you will need later in this procedure:

Sort the UTF-8 query string components by parameter name with natural byte ordering.
The parameters can come from the GET URI or from the POST body (when Content-Type is application/x-www-form-urlencoded).

URL-encode the parameter name and values according to the following rules:

Do not URL-encode any of the unreserved characters that RFC 3986 defines.
These unreserved characters are A-Z, a-z, 0-9, hyphen ( - ), underscore ( _ ), period ( . ), and tilde ( ~ ).
Percent-encode all other characters with %XY, where X and Y are hex characters 0-9 and uppercase A-F.
Percent-encode extended UTF-8 characters in the form %XY%ZA and so on.
Percent-encode the space character as %20 (and not +, as common encoding schemes do).

	Note
	Currently, all AWS service parameter names use unreserved characters, so you don't need to encode them. However, you might want to include code to handle parameter names that use reserved characters, for possible future use.

Separate the encoded parameter names from their encoded values with the equals sign ( = ) (ASCII code 61), even if the parameter value is empty.
Separate the name-value pairs with an ampersand ( & ) (ASCII code 38).

Create the string to sign according to the following pseudo-grammar (the "\n" represents an ASCII newline).
```
StringToSign = HTTPVerb + "\n" +
ValueOfHostHeaderInLowercase + "\n" +
HTTPRequestURI + "\n" +         
CanonicalizedQueryString <from the preceding step> 
```
The HTTPRequestURI component is the HTTP absolute path component of the URI up to but not including the query string. If the HTTPRequestURI is empty, use a forward slash ( / ).
Calculate an RFC 2104-compliant HMAC with the string you just created, your Secret Access Key as the key, and SHA256 or SHA1 as the hash algorithm.
For more information, go to http://www.ietf.org/rfc/rfc2104.txt.
Convert the resulting value to base64.
Use the resulting value as the value of the Signature request parameter.

	Important
The final signature you send in the request must be URL-encoded as specified in RFC 3986 (for more information, go to http://www.ietf.org/rfc/rfc3986.txt). If your toolkit URL-encodes your final request, then it handles the required URL-encoding of the signature. If your toolkit doesn't URL-encode the final request, then make sure to URL-encode the signature before you include it in the request. Most importantly, make sure the signature is URL-encoded only once. A common mistake is to URL-encode it manually during signature formation, and then again when the toolkit URL-encodes the entire request.

Important

The final signature you send in the request must be URL-encoded as specified in RFC 3986 (for more information, go to http://www.ietf.org/rfc/rfc3986.txt). If your toolkit URL-encodes your final request, then it handles the required URL-encoding of the signature. If your toolkit doesn't URL-encode the final request, then make sure to URL-encode the signature before you include it in the request. Most importantly, make sure the signature is URL-encoded only once. A common mistake is to URL-encode it manually during signature formation, and then again when the toolkit URL-encodes the entire request.

Query API

Example ListMetrics API Request

This example uses the Amazon CloudWatch ListMetrics.

http://monitoring.amazonaws.com/?SignatureVersion=2
&Action=ListMetrics
&Version=2010-08-01
&AWSAccessKeyId=<Your AWS Access Key Id>
&SignatureVersion=2
&SignatureMethod=HmacSHA256
&Timestamp=2010-11-17T05%3A13%3A00.000Z

The following is the string to sign.

GET\n
monitoring.amazonaws.com\n
/\n
AWSAccessKeyId=<Your AWS Access Key Id>
&Action=ListMetrics
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2010-11-17T05%3A13%3A00.000Z
&Version=2010-08-01

The following is the signed request.

http://monitoring.amazonaws.com/?Action=ListMetrics
&SignatureVersion=2
&SignatureMethod=HmacSHA256
&Timestamp=2010-11-17T05%3A13%3A00.000Z
&Signature=<URLEncode(Base64Encode(Signature))>
&Version=2010-08-01
&AWSAccessKeyId=<Your AWS Access Key Id>

Available Libraries

AWS provides libraries, sample code, tutorials, and other resources for software developers who prefer to build applications using language-specific APIs instead of the command-line tools and Query. These libraries provide basic functions (not included in the APIs), such as request authentication, request retries, and error handling so that it is easier to get started. Libraries and resources are available for the following languages and platforms:

For libraries and sample code in all languages, go to Sample Code & Libraries.

Document Conventions
Terms of Use

Did this page help you? Yes No Tell us about it...

	Note
	Amazon CloudWatch returns the data for this function in the following order: date, time, sample, CPUUtilization, and unit.