Resource: awsCloudwatchMetricStream
Provides a CloudWatch Metric Stream resource.
Example Usage
Filters
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketBucket = new aws.s3Bucket.S3Bucket(this, "bucket", {
bucket: "metric-stream-test-bucket",
});
new aws.s3BucketAcl.S3BucketAcl(this, "bucket_acl", {
acl: "private",
bucket: awsS3BucketBucket.id,
});
const dataAwsIamPolicyDocumentFirehoseAssumeRole =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"firehose_assume_role",
{
statement: [
{
actions: ["sts:AssumeRole"],
effect: "Allow",
principals: [
{
identifiers: ["firehose.amazonaws.com"],
type: "Service",
},
],
},
],
}
);
const dataAwsIamPolicyDocumentFirehoseToS3 =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"firehose_to_s3",
{
statement: [
{
actions: [
"s3:AbortMultipartUpload",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutObject",
],
effect: "Allow",
resources: [awsS3BucketBucket.arn, `\${${awsS3BucketBucket.arn}}/*`],
},
],
}
);
const dataAwsIamPolicyDocumentStreamsAssumeRole =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"streams_assume_role",
{
statement: [
{
actions: ["sts:AssumeRole"],
effect: "Allow",
principals: [
{
identifiers: ["streams.metrics.cloudwatch.amazonaws.com"],
type: "Service",
},
],
},
],
}
);
const awsIamRoleFirehoseToS3 = new aws.iamRole.IamRole(
this,
"firehose_to_s3_5",
{
assumeRolePolicy: dataAwsIamPolicyDocumentFirehoseAssumeRole.json,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRoleFirehoseToS3.overrideLogicalId("firehose_to_s3");
const awsIamRoleMetricStreamToFirehose = new aws.iamRole.IamRole(
this,
"metric_stream_to_firehose",
{
assumeRolePolicy: dataAwsIamPolicyDocumentStreamsAssumeRole.json,
name: "metric_stream_to_firehose_role",
}
);
const awsIamRolePolicyFirehoseToS3 = new aws.iamRolePolicy.IamRolePolicy(
this,
"firehose_to_s3_7",
{
name: "default",
policy: dataAwsIamPolicyDocumentFirehoseToS3.json,
role: awsIamRoleFirehoseToS3.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRolePolicyFirehoseToS3.overrideLogicalId("firehose_to_s3");
const awsKinesisFirehoseDeliveryStreamS3Stream =
new aws.kinesisFirehoseDeliveryStream.KinesisFirehoseDeliveryStream(
this,
"s3_stream",
{
destination: "s3",
name: "metric-stream-test-stream",
s3Configuration: {
bucketArn: awsS3BucketBucket.arn,
roleArn: awsIamRoleFirehoseToS3.arn,
},
}
);
const dataAwsIamPolicyDocumentMetricStreamToFirehose =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"metric_stream_to_firehose_9",
{
statement: [
{
actions: ["firehose:PutRecord", "firehose:PutRecordBatch"],
effect: "Allow",
resources: [awsKinesisFirehoseDeliveryStreamS3Stream.arn],
},
],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsIamPolicyDocumentMetricStreamToFirehose.overrideLogicalId(
"metric_stream_to_firehose"
);
new aws.cloudwatchMetricStream.CloudwatchMetricStream(this, "main", {
firehoseArn: awsKinesisFirehoseDeliveryStreamS3Stream.arn,
includeFilter: [
{
namespace: "AWS/EC2",
},
{
namespace: "AWS/EBS",
},
],
name: "my-metric-stream",
outputFormat: "json",
roleArn: awsIamRoleMetricStreamToFirehose.arn,
});
const awsIamRolePolicyMetricStreamToFirehose =
new aws.iamRolePolicy.IamRolePolicy(this, "metric_stream_to_firehose_11", {
name: "default",
policy: dataAwsIamPolicyDocumentMetricStreamToFirehose.json,
role: awsIamRoleMetricStreamToFirehose.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRolePolicyMetricStreamToFirehose.overrideLogicalId(
"metric_stream_to_firehose"
);
Additional Statistics
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.cloudwatchMetricStream.CloudwatchMetricStream(this, "main", {
firehoseArn: "${aws_kinesis_firehose_delivery_stream.s3_stream.arn}",
name: "my-metric-stream",
outputFormat: "json",
roleArn: "${aws_iam_role.metric_stream_to_firehose.arn}",
statisticsConfiguration: [
{
additionalStatistics: ["p1", "tm99"],
includeMetric: [
{
metricName: "CPUUtilization",
namespace: "AWS/EC2",
},
],
},
{
additionalStatistics: ["TS(50.5:)"],
includeMetric: [
{
metricName: "CPUUtilization",
namespace: "AWS/EC2",
},
],
},
],
});
Argument Reference
The following arguments are required:
firehoseArn- (Required) ARN of the Amazon Kinesis Firehose delivery stream to use for this metric stream.roleArn- (Required) ARN of the IAM role that this metric stream will use to access Amazon Kinesis Firehose resources. For more information about role permissions, see Trust between CloudWatch and Kinesis Data Firehose.outputFormat- (Required) Output format for the stream. Possible values arejsonandopentelemetry07. For more information about output formats, see Metric streams output formats.
The following arguments are optional:
excludeFilter- (Optional) List of exclusive metric filters. If you specify this parameter, the stream sends metrics from all metric namespaces except for the namespaces that you specify here. Conflicts withincludeFilter.includeFilter- (Optional) List of inclusive metric filters. If you specify this parameter, the stream sends only the metrics from the metric namespaces that you specify here. Conflicts withexcludeFilter.name- (Optional, Forces new resource) Friendly name of the metric stream. If omitted, Terraform will assign a random, unique name. Conflicts withnamePrefix.namePrefix- (Optional, Forces new resource) Creates a unique friendly name beginning with the specified prefix. Conflicts withname.tags- (Optional) Map of tags to assign to the resource. If configured with a providerdefaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.statisticsConfiguration- (Optional) For each entry in this array, you specify one or more metrics and the list of additional statistics to stream for those metrics. The additional statistics that you can stream depend on the stream'soutputFormat. If the OutputFormat isjson, you can stream any additional statistic that is supported by CloudWatch, listed in CloudWatch statistics definitions. If the OutputFormat isopentelemetry07, you can stream percentile statistics (p99 etc.). See details below.
Nested Fields
excludeFilter
namespace- (Required) Name of the metric namespace in the filter.
includeFilter
namespace- (Required) Name of the metric namespace in the filter.
statisticsConfigurations
additionalStatistics- (Required) The additional statistics to stream for the metrics listed inincludeMetrics.includeMetric- (Required) An array that defines the metrics that are to have additional statistics streamed. See details below.
includeMetrics
metricName- (Required) The name of the metric.namespace- (Required) The namespace of the metric.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn- ARN of the metric stream.creationDate- Date and time in RFC3339 format that the metric stream was created.lastUpdateDate- Date and time in RFC3339 format that the metric stream was last updated.state- State of the metric stream. Possible values arerunningandstopped.tagsAll- A map of tags assigned to the resource, including those inherited from the providerdefaultTagsconfiguration block.
Import
CloudWatch metric streams can be imported using the name, e.g.,