Enable telemetry configuration for your organization - Amazon CloudWatch
Configuring telemetry for your organizationEnabling across Regions
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

Enable telemetry configuration for your organization

To turn on telemetry configuration for your organization, you must use a AWS Organization management account or a delegated administrator account. CloudWatch uses this account to discover your organization's AWS resources and configure their telemetry.

Before you can configure telemetry for your organization, you need to enable trusted access between AWS Organizations and CloudWatch. For more information, see Prerequisites and permissions.

To turn on telemetry auditing for your organization

  1. Open the CloudWatch console at https://eusc-de-east-1.console.amazonaws-eusc.eu/cloudwatch/.

  2. In the navigation pane, choose Settings.

  3. Choose the Organizations tab.

  4. On the CloudWatch settings page, in the Organizational settings management pane, choose Turn on trusted access. The Turn on trusted access page appears.

    To review the role policy, choose View permission details and the role policy appears in a window. Confirm that you want to provide these permissions to the management account by choosing Turn on trusted access.

  5. Under Manage Settings, in the Organizations tab in the CloudWatch Telemetry Config block choose Turn on.

  6. After Telemetry config is turned on for the organization, a notification appears. On the notification, choose Go to Telemetry config. The Telemetry Configuration experience can be accessed in the Ingestion page and CloudWatch begins discovering AWS resources in the organization. As CloudWatch discovers resources, it updates information on the Telemetry config page.

    Note

    The time delay before resources appear on the Telemetry config page depends on the number of member accounts and resources in your organization or account.

Configuring telemetry for your organization

Configure telemetry for AWS Organizations to monitor the telemetry for the AWS resources across all your member accounts. This also configures the telemetry for individual accounts. You can also configure telemetry for only your account. For more information, see Enable telemetry configuration for your account.

You can disable trusted access across all your member accounts. For more information, see Turning off trusted access for AWS Organizations.

To configure telemetry auditing for your organization

  1. Open the CloudWatch console at https://eusc-de-east-1.console.amazonaws-eusc.eu/cloudwatch/.

  2. In the navigation pane, choose Ingestion.

  3. Choose Data sources, and then choose the Enable Resources Discovery Button. CloudWatch begins discovering AWS resources in your organization. As CloudWatch discovers resources, it updates information in the Overview page.

    Note

    The delay before resources appear on the Overview page depends on the number of member accounts and resources in your organization.

Enabling across Regions

You can extend telemetry configuration to multiple AWS Regions from a single Region for your entire organization. When you enable multi-Region support, the current Region becomes your home Region. Telemetry configuration is replicated to the Regions you select for all member accounts.

To enable telemetry configuration across Regions for your organization (initial setup)

  1. Open the CloudWatch console at https://eusc-de-east-1.console.amazonaws-eusc.eu/cloudwatch/.

  2. In the navigation pane, choose Settings, and then choose the Organizations tab.

  3. In the CloudWatch telemetry config section on the Global tab, the status shows Off. When multi-Region is enabled, a Target regions selector appears inline below the status.

  4. Use the All regions toggle to include all Regions, or use the multiselect dropdown to choose individual Regions. The current Region is always included automatically and is not shown in the selector.

  5. Choose Turn on.

  6. After telemetry configuration is turned on, a Region status table appears showing the per-Region evaluation status.

To reconfigure Regions for your organization (telemetry already running)

  1. Open the CloudWatch console at https://eusc-de-east-1.console.amazonaws-eusc.eu/cloudwatch/.

  2. In the navigation pane, choose Settings, and then choose the Organizations tab.

  3. In the CloudWatch telemetry config section, choose Configure regions. The Target regions selector appears inline, pre-populated with the currently configured Regions.

  4. Modify the Region selection as needed, and then choose Save.

If you select All regions, new Regions are automatically included when you opt in to them. The system periodically reconciles configuration across Regions to correct any drift.