AWS VPC monitoring integration

Access to this feature depends on your subscription level. Requires Infrastructure Pro.

New Relic Infrastructure's integrations include an integration for reporting your AWS VPC data to New Relic products. This document explains how to activate the integration and describes the data reported.

Features

The Amazon Virtual Private Cloud (VPC) is a virtual network that utilizes the scalable infrastructure of Amazon Web Services (AWS). With New Relic's VPC integration, you can gain visibility into configuration event changes that are overlaid across your Amazon services.

The AWS VPC integration generates a feed of configuration/inventory changes that occur in your VPC. VPC data is available in pre-built dashboards, and you can create custom queries and charts in New Relic Insights. You can also create alert conditions to notify you about changes in the VPC.

Additionally, Amazon's Enhanced AWS VPC Flow Logs enables you to capture information about IP traffic to and from network interfaces in your VPC.

Activate

To enable this integration:

  1. Make sure you have installed the Infrastructure agent before you activate AWS integrations from your Infrastructure account.
  2. Follow standard procedures to Connect AWS services to Infrastructure.

Configuration and polling

You can change the polling frequency and filter data using configuration options.

Default polling information for the AWS VPC integration:

  • Default New Relic polling interval: 15 minutes
  • Amazon CloudWatch data interval: 1 minute

Find and use data

To find your integration data in Infrastructure, go to infrastructure.newrelic.com > Integrations > Amazon Web Services and select one of the VPC integration links.

In New Relic Insights, data is attached to the PrivateNetworkSample event type, with provider values of:

By default, collection of VpcNatGateway, VpcVpnTunnel, and VpcVpnConnection data is disabled. This is because if you have many NAT gateways or many VPNs (connections and tunnels), it might lead to an increase on your CloudWatch bill. For this reason, the integration provides configuration settings to set whether you want to fetch that data.

For more on how to use your data, see Understand integration data.

Metric data

VPC NAT Gateway data

This integration collects the following data from PrivateNetworkSample with a provider value of VpcNatGateway:

For full descriptions, see Amazon VPC NAT Gateway Metrics and Dimensions.

Name Description
activeConnectionCount The total number of concurrent active TCP connections through the NAT gateway.
bytesInFromDestination The number of bytes received by the NAT gateway from the destination.
bytesInFromSource The number of bytes received by the NAT gateway from clients in your VPC.
bytesOutToDestination The number of bytes sent out through the NAT gateway to the destination.
bytesOutToSource The number of bytes sent through the NAT gateway to the clients in your VPC.
connectionAttemptCount The number of connection attempts made through the NAT gateway.
connectionEstablishedCount The number of connections established through the NAT gateway.
errorPortAllocation The number of times the NAT gateway could not allocate a source port.
idleTimeoutCount The number of connections that transitioned from the active state to the idle state. An active connection transitions to idle if it was not closed gracefully and there was no activity for the last 350 seconds.
packetsDropCount The number of packets dropped by the NAT gateway.
packetsInFromDestination The number of packets received by the NAT gateway from the destination.
packetsInFromSource The number of packets received by the NAT gateway from clients in your VPC.
packetsOutToDestination The number of packets sent out through the NAT gateway to the destination.
packetsOutToSource The number of packets sent through the NAT gateway to the clients in your VPC.

VPC VPN Tunnel

This integration collects the following data from PrivateNetworkSample with a provider value of VpcVpnTunnel:

For full descriptions, see Amazon VPC VPN Metrics and Dimensions.

Name Description
tunnelState The state of the tunnel. 0 indicates DOWN and 1 indicates UP.
tunnelDataIn The bytes received through the VPN tunnel. Each metric data point represents the number of bytes received after the previous data point. Use the Sum statistic to show the total number of bytes received during the period.
tunnelDataOut The bytes sent through the VPN tunnel. Each metric data point represents the number of bytes sent after the previous data point. Use the Sum statistic to show the total number of bytes sent during the period.

Inventory data

This integration reports the following VPC configuration options and metadata as inventory data. For more about inventory data, see Understand integration data.

Inventory category Data
aws/vpc/network-interface
  • awsRegion
  • subnetId
  • status
  • sourceDestCheck
  • requesterManaged
  • requesterId
  • privateIpAddress
  • privateDnsName
  • networkInterfaceId
  • macAddress
  • ipv6Addresses
  • securityGroups
  • description
  • availabilityZone
  • attachmentInstanceId
  • attachmentDeleteOnTermination
  • attachmentStatus
  • attachmentInstanceOwnerId
  • publicIp
  • publicDnsName
aws/vpc/endpoint
  • awsRegion
  • creationTimestamp
  • policyDocumentMd5
  • routeTableIds
  • serviceName
  • state
  • vpcId
  • vpcEndpointId
aws/vpc/nat-gateway
  • awsRegion
  • natGatewayId
  • createTime
  • natGatewayAddresses
  • state
  • subnetId
  • vpcId
aws/vpc/peering-connection
  • awsRegion
  • vpcPeeringConnectionId
  • accepterVpcInfo
  • requesterVpcInfo
  • tags
aws/vpc/vpn/connection
  • awsRegion
  • vpnId
  • state
  • type
  • category
  • customerGatewayConfiguration
  • vpnGatewayId
  • customerGatewayId
  • staticRoutesOnly
aws/vpc/vpn/tunnel
  • awsRegion
  • acceptedRouteCount
  • outsideIpAddress
  • status
  • statusChange
  • statusMessage
aws/vpc/internet-gateway
  • region
  • internetGatewayId
  • attachments
  • tags
aws/vpc/network-acl
  • region
  • networkAclId
  • associations
  • entries
  • isDefault
  • vpcId
  • tags
aws/vpc/route-table
  • region
  • routeTableId
  • associations
  • propagatingVgws
  • routes
  • vpcId
  • tags
aws/vpc/security-group
  • region
  • description
  • groupName
  • groupId
  • ipPermissions
  • ipPermissionsEgress
  • ownerId
  • vpcId
  • tags
aws/vpc/subnet
  • region
  • availabilityZone
  • cidrBlock
  • defaultForAz
  • mapPublicIpOnLaunch
  • subnetId
  • state
  • vpcId
aws/vpc/vpc
  • region
  • cidrBlock
  • dhcpOptionsId
  • enableDnsHostname
  • enableDnsSupport
  • instanceTenancy
  • isDefault
  • state
  • vpcId

For more help

Recommendations for learning more: