Connect to CloudWatch
A Harness Cloud Provider is a connection to AWS and its monitoring tools, such as CloudWatch. Once Harness is connected, you can use Harness 24/7 Service Guard and Deployment Verification with your CloudWatch data and analysis.
Before You Begin
- See the CloudWatch Verification Overview.
Step 1: Assign the Required AWS Permissions
Harness requires the IAM user to be able to make API requests to AWS. The User Access Type required is Programmatic access. This enables an access key ID and secret access key for the AWS API, CLI, SDK, and other development tools. For more information, see Creating an IAM User in Your AWS Account from AWS.
Here is the CloudWatch policy used for this guide:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"cloudwatch:*",
"cloudtrail:*",
"logs:*",
"events:*"
],
"Resource": "*"
}
]
}
Step 2: Add AWS Cloud Provider for CloudWatch
To perform verification with CloudWatch, you must create a Harness Cloud Provider that can read from CloudWatch using your access key ID and secret access key. This Cloud Provider should have the permissions listed above in AWS Permissions Required.
You might have already set up a Workflow using a Harness Delegate installed in your AWS VPC. (For AWS, the Shell Script Delegate and ECS Delegate are most commonly used.) In this case, to add CloudWatch verification, you must now add a Cloud Provider with the above credentials.
For more information on setting up an AWS Cloud Provider in Harness, see Installation Example: Amazon Web Services and ECS and Amazon Web Services (AWS) Cloud.
Here is a summary of the steps to set up an AWS Cloud Provider in Harness:
- Click Setup, and then click Cloud Providers.
- Click Add Cloud Provider., and then select Amazon Web Services.
- Choose a name for this provider. This is to differentiate AWS providers in Harness. It is not the actual AWS account name.
- Select Assume IAM Role on Delegate (recommended), or Enter AWS Access Keys manually.
- If you selected Assume IAM Role on Delegate, in Delegate Selector, enter the Selector of the Delegate that this Cloud Provider will use for all connections. For information about Selectors, see Delegate Selectors.
- If you selected Enter AWS Access Keys manually, enter your Access Key and select/create a Harness Encrypted Text secret in Secret Key. For more information, see Access Keys (Access Key ID and Secret Access Key) from AWS.
The AWS IAM Policy Simulator is a useful tool for evaluating policies and access.For more details, see Amazon Web Services (AWS) Cloud.