Auditing CloudWatch telemetry configurations

You can use Amazon CloudWatch to discover and understand the state of telemetry configuration for your Amazon resources from a central view in the CloudWatch console. This simplifies the process of auditing your telemetry collection configurations across multiple resource types within an account or across multiple accounts in Amazon Organizations. With a consolidated view, you can easily review and manage telemetry settings, helping you to ensure proper monitoring and data collection across your Amazon environment.

CloudWatch Telemetry config can be used to audit telemetry for the following types of Amazon resource types:

Amazon EC2 instances that provide detailed metrics. For more information, see Manage detailed monitoring for your EC2 instances in the Amazon EC2 User Guide.
Amazon VPC virtual networks that provide flow logs. For more information, see Logging IP traffic using VPC Flow Logs in the Amazon VPC User Guide.
Lambda functions that provide traces. For more information, see Visualize Lambda function invocations using Amazon X-Ray in the Amazon X-Ray Developer Guide.

To begin auditing and configuring your telemetry, you must first enable the telemetry configuration feature for your Amazon Web Services account or organization. Enabling this feature creates Amazon Config service-linked configuration recorders that discover resources and their associated telemetry configuration metadata. For more information, see Configuration Recorder in the Amazon Config Developer Guide.

Note

Amazon Config periodically takes inventory of, or discovers, all the resources in your account as an anti-entropy behavior, regardless of the resource types in scope for your configuration recorders. The inventory includes deleted resources and resources that Amazon Config is not currently recording. This behavior helps maintain data consistency.

This means that although the service-linked configuration recorder for the CloudWatch telemetry configuration feature is configured to record three resource types (Amazon EC2 instances, Amazon EC2 VPC virtual networks, and Lambda functions), you might see describe calls from ConfigResourceCompositionSession and AWSConfig-Describe in Amazon CloudTrail. For more information, see Non-recorded Resources in the Amazon Config Developer Guide.

Telemetry config uses this information and offers visibility into the configuration status, at the resource type level and at more granular telemetry detail levels. You can customize your view of the resources or telemetry details using filters, and modify the telemetry configuration directly from the resource's console page.

You can enable Telemetry config at no additional cost. When you use enablement rules to automatically manage telemetry, Amazon Config charges apply based on the number of configuration items recorded for the resource types you specify in the enablement rule. For more information, see Amazon Config pricing.

Topics

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Troubleshooting

Turning on telemetry auditing