Connect AWS services to Infrastructure

To start receiving Amazon data with New Relic AWS integrations, connect your Amazon account to New Relic Infrastructure. You must install the Infrastructure agent before you can activate AWS integrations from your Infrastructure account.

Anyone can view and explore the AWS data reporting to your New Relic Infrastructure account.

Only Owner, Admins, or Infrastructure add-on managers can manage the AWS integrations.

Connect AWS to New Relic Infrastructure

You must install the Infrastructure agent on each EC2 host to see data from that host. Connecting your EC2 account only allows Infrastructure to access EC2 metadata, not the underlying hosts.

To connect your Amazon account to Infrastructure:

  1. Go to infrastructure.newrelic.com > Integrations > Amazon Web Services. At the top of the Amazon Web Services Integrations page, select plus Add an AWS account. Follow the instructions in the UI to create a role in AWS.
  2. From the IAM console, click Create role, then click Another AWS account.

    • For Account ID, use 754728514883.
    • Check the Require external ID box.
    • For External ID, enter your New Relic account ID.
    • Do not enable the setting to Require MFA (multi-factor authentication).
  3. Attach the Policy: Search for ReadOnlyAccess, select the checkbox for the policy named ReadOnlyAccess, then click Next: Review.
  4. For the Role name, enter NewRelicInfrastructure-Integrations, then click Create role.
  5. Select the newly created role from the listed roles. On the Role summary page, select and copy the entire Role ARN (required later in this procedure).
  6. Configure a Budgets policy: While viewing the Role summary for your new role, select circle-plus Add inline policy.
  7. Create a Custom policy: Enter a policy name (for example, NewRelicBudget), add the following permission statement, and then select Apply policy.

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "budgets:ViewBudget"
          ],
          "Resource": "*"
        }
      ]
    }
    			
  8. Return to the New Relic UI to enter your AWS account name and the ARN for the new role.
  9. Select the Amazon Web Services to be monitored with New Relic Infrastructure integrations, then Save.

Connect multiple AWS integrations

To connect multiple AWS integrations to one Infrastructure account:

  1. If you previously set up an ARN with the more restrictive AmazonEC2ReadOnlyAccess policy, first unlink your existing integration, then create a new one with a broader policy.
  2. Follow the instructions to connect your Amazon account to Infrastructure.
  3. Provide the ARN that contains the ReadOnlyAccess policy.

Once setup is complete, select the integrations you want to monitor:

  1. Go to infrastructure.newrelic.com > Integrations > Amazon Web Services.
  2. Select the edit pencil icon icon.
  3. Select the checkbox for each integration you want to monitor.

Connect multiple AWS accounts

By default, the Amazon EC2 AmazonEC2ReadOnlyAccess permission grants Infrastructure access to all EC2 instances in the individual Amazon account you specify during the setup steps. If you have multiple AWS accounts, follow the steps to connect an AWS account for each AWS account you want to associate with New Relic Infrastructure.

Add or edit custom tags

Infrastructure automatically imports any custom tags you have added or edited for your EC2 instances. Custom EC2 tags are labeled ec2Tag_TAG_NAME in the Infrastructure UI.

If you do not see EC2 tags in the Add filter menu of the Filter sets sidebar within a few minutes, delete the integration and try again:

  1. Go to infrastructure.newrelic.com > Integrations > Amazon Web Services.
  2. Select the edit pencil icon icon.
  3. Remove individual integrations or the entire account linkage as needed.

Disconnect your AWS integrations

You can disable one or more integrations anytime and still keep your AWS account connected to New Relic Infrastructure. However, New Relic recommends that you do not disable EC2 or EBS monitoring. These two integrations add important metadata to your EC2 instances and EBS volumes in New Relic Infrastructure.

For more help

Recommendations for learning more: