View a markdown version of this page

What is telemetry discovery and enablement? - Amazon CloudWatch
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

What is telemetry discovery and enablement?

CloudWatch telemetry configuration gives you two core capabilities:

  • Discovery and auditing – Discover Amazon resources across your account or organization and audit which resources have telemetry enabled. The experience shows the configuration status at the resource-type level and at more granular telemetry-detail levels.

  • Enablement rules – Create rules that automatically configure telemetry collection for Amazon resources that match your criteria. Rules help you standardize telemetry collection across your organization or accounts and ensure consistent monitoring coverage.

Telemetry configuration supports the following data sources:

  • Amazon Amazon VPC Flow Logs

  • Amazon EKS Control Plane Logs

  • Amazon WAF Logs

  • Amazon Route 53 Resolver Query Logs

  • NLB Access Logs

  • Amazon CloudTrail Data Events and Management Events

  • Amazon Bedrock AgentCore Logs

  • Amazon Amazon EC2 Detailed Metrics

  • Amazon Security Hub

  • Amazon Bedrock Agentcore Gateway

  • Amazon Bedrock Agentcore Memory

  • Amazon CloudFront Distribution

When you enable telemetry configuration, CloudWatch creates Amazon Config service-linked configuration recorders that discover resources and their associated telemetry configuration metadata. For more information, see Configuration Recorder in the Amazon Config Developer Guide.

Note

Amazon Config periodically takes inventory of, or discovers, all the resources in your account as an anti-entropy behavior, regardless of the resource types in scope for your configuration recorders. The inventory includes deleted resources and resources that Amazon Config is not currently recording. This behavior helps maintain data consistency.

This means that although the service-linked configuration recorder for the CloudWatch telemetry configuration feature is configured to record specific resource types, you might see describe calls from ConfigResourceCompositionSession and AWSConfig-Describe in Amazon CloudTrail. For more information, see Non-recorded Resources in the Amazon Config Developer Guide.

Amazon CloudWatch uses Amazon Config Internal service linked recorder. You are not charged for CIs that CloudWatch uses as part of the Internal Service Linked Recorders.

You can manage telemetry configuration across multiple Amazon Regions from a single Region. When you enable multi-Region support, the current Region becomes your home Region and telemetry configuration is replicated to the Regions you select. For more information, see Setting up telemetry configuration.