Thursday 27 Jul 2023 @ 15:10
Government Digital Service (GDS)
Printable version

Enabling AWS Cross Account Monitoring Using Terraform

Also published by:
Cabinet Office

Blog posted by: , 26 July 2023 – Categories: Posts for Tech Specialists.

This is part of our blog series intended for a technical audience. While we try our best to explain things clearly, we will use technical terms in common use in the industry. As part of our practice of working in the open, GDS likes to write about our technical work, so that we can share and connect with technical specialists around the world.

On GOV.UK Pay, we're evaluating options to improve our monitoring and observability capabilities which help us ensure GOV.UK Pay is efficient and reliable.

In this post we show how to set up a new AWS feature called CloudWatch cross-account observability using Terraform.

GOV.UK Pay runs on AWS and like many organisations, it has multiple AWS accounts to separate our test, staging and live environments, as well as separating our deployment and testing infrastructure. We use a combination of Cloudwatch for our AWS generated Infrastructure metrics and a SaaS product to aggregate our application metrics. One of the downsides with this setup is that engineers need to log into multiple AWS accounts and the SaaS UI to view metrics, making it difficult to correlate behaviour across environments. We're considering ways to improve our monitoring systems and a recently launched AWS feature called "cross-account observability" looked like it could help fix this problem. It allows a single AWS account to access instrumentation data from multiple AWS accounts. The potential benefits of this are: 

  • it gives all technical staff on the team access to CloudWatch monitoring in one place, removing the need to have production access in order to view production metrics
  • it avoids the need to log in and out of different accounts to view metrics
  • we can potentially codify all CloudWatch alarms and dashboards in one place which could make for simpler code organisation
  • we could make correlation and contextualisation of data easier
  • there's no extra cost for logs and metrics — traces can be shared with one monitoring account at no cost, but will incur costs if shared with additional monitoring accounts — this will provide cost savings for us as our monitoring SaaS product pulls data from the CloudWatch API which comes at a cost

When exploring CloudWatch cross-account observability, we wanted to configure everything using Infrastructure as Code using Terraform and avoid having to manually configure ("click ops") anything at all. Unfortunately, all the examples found on the internet used the click ops method, and there is sparse documentation on how to configure it in Terraform. Thankfully, we were able to configure everything in Terraform and thought it would be good to share our solution with the world!

Click here for the full blog post

 

Channel website: https://gds.blog.gov.uk/

Original article link: https://gds.blog.gov.uk/2023/07/26/enabling-aws-cross-account-monitoring-using-terraform/

Share this article

Latest News from
Government Digital Service (GDS)

How we’re making it easier to access government forms online

12/04/2024 14:10:00

Blog posted by: Oliver Quinlan, Senior User Researcher, GDS, 12 January 2024 – Categories: GOV.UK Forms.

How we’re using Webinars to demonstrate how quick and easy it is to use GOV.UK Forms

01/03/2024 13:25:00

Blog posted by: Amanda Dahl, Deputy Director of Digital Service Platforms, GDS, 28 February 2024 – Categories: GOV.UK Forms.

GOV.UK launches new official crown logo for His Majesty The King

19/02/2024 14:22:00

The new official GOV.UK logo featuring the chosen crown of His Majesty King Charles III has launched today across the site. 

How we are improving GOV.UK Pay with user satisfaction feedback

29/01/2024 14:10:00

Blog posted by: Nadia Mugeni, Senior User Researcher, GDS, 29 January 2024 – Categories: GOV.UK Pay.

How we migrated our PostgreSQL database with 11 seconds downtime

18/01/2024 14:10:00

Blog posted by: David McDonald, 17 January 2024 – Categories: GOV.UK Notify, Posts for Tech Specialists.

How we’re making it easier to access government forms online

12/01/2024 13:10:00

Blog posted by: Oliver Quinlan, Senior User Researcher, GDS, 12 January 2024 – Categories: GOV.UK Forms.

How we reduced CSS size and improved performance across GOV.UK

19/12/2023 09:10:00

Blog posted by: Jon Kirwan, Front end developer, GDS and Martin Jones, Front end developer, GDS, 15 December 2023 – Categories: Posts for Tech Specialists.

Get involved with the launch of early access to GOV.UK Forms

28/11/2023 12:25:00

Blog posted by: Iain Boyd – Engagement Lead for GOV.UK Forms, Government Digital Service and Irina Pencheva, Lead Product Manager – GOV.UK Forms and GOV.UK Notify, 27 November 2023 – Categories: GOV.UK Forms.

How we’re opening up access to GOV.UK Forms

04/10/2023 10:20:00

Blog posted by: Adam Robertson, Senior Product Manager, Government Digital Service, 03 October 2023 – Categories: GOV.UK Forms.