Connect AWS polling integrations

In some cases, you may need to use a legacy solution to receive AWS data in New Relic. While our recommended method is to set up our AWS CloudWatch Metric Streams integration, certain AWS integrations are unsupported by CloudWatch Metric Streams. In this case, you can deploy a polling fleet and make regular calls to multiple, individual AWS APIs to retrieve metrics and metadata. You should choose this method if you use the following AWS services:

AWS CloudTrail
AWS Health
AWS Trusted Advisor
AWS X-Ray

AWS API polling and CloudWatch Metric Streams

For AWS users who want to collect data about all other services, we recommend opting in to AWS CloudWatch Metric Streams. CloudWatch Metric Streams addresses limitations present in the API polling method:

API polling requires making individual calls to each individual AWS service, while the CloudWatch Metric Streams collects metrics from all AWS services and custom namespaces at once.
The fastest polling interval for API polling is 5 minutes, while CloudWatch Metric Streams streams metrics in under 2 minutes.
AWS throttles API polling, while the CloudWatch Metric Streams integration eliminates API throttling altogether.

Check out our doc to install the New Relic CloudWatch Metric Streams integration or to migrate your API polling integrations to CloudWatch Metric Streams.

Set up API polling

Follow these procedures to set up API polling. Both procedures require you to move between the New Relic UI and your AWS account.

To connect additional API Polling integrations to New Relic:

Go to one.newrelic.com > All capabilities > Infrastructure > AWS. Click on one of the available service tiles. From the IAM console, click Roles > Create role > AWS account > Another AWS account. Input the following:
- For Account ID, use 754728514883
- Check the Require external ID box
- For External ID, enter your New Relic account ID
- Don't enable the setting to Require MFA (multi-factor authentication)
Attach the Policy: Search for ReadOnlyAccess in the Permissions policies text box, select the checkbox for the policy named ReadOnlyAccess, then click Next. Alternatively, you can create your own managed policy and limit the permissions you grant New Relic according to the AWS services you want to monitor.
Enter NewRelicInfrastructure-Integrations for the Role name, then click Create role to select the newly created role from the list. On the Role summary page, select and copy the entire Role ARN (required later in this procedure).
Configure a Budgets policy by viewing the Role summary for your new role. Open the Add permissions drop-down and click on Create inline policy. Open the JSON tab and add the following permission statement:
```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["budgets:ViewBudget"],
      "Resource": "*"
    }
  ]
}
```
Click Review policy to enter a policy name (like NewRelicBudget), then select Create policy.
Return to the New Relic UI to enter your AWS account name and the ARN for the new role that you saved in step 2.
Select the AWS services you want to monitor with the infrastructure integrations, then Save.

It may take few minutes until new resources are detected and synthesized as entities. See Cloud integrations system limits for more information.

If you previously set up an ARN with a restrictive AmazonEC2ReadOnlyAccess policy, unlink your existing integration and create a new ARN with a broader policy.

Follow the instructions to connect your Amazon account to New Relic . Provide the ARN that contains the ReadOnlyAccess policy.

Once you complete your setup, you can see your integrations at one.newrelic.com > All capabilities > Infrastructure > AWS.

If you want to forward your AWS logs from AWS RDS Enhanced or AWS VPC Flow Logs, follow these procedures to send CloudWatch logs with Lambda.

Connect multiple AWS accounts

By default, the Amazon EC2 AmazonEC2ReadOnlyAccess permission grants New Relic access to all EC2 instances in the individual Amazon account you specify during the setup steps. If you have multiple AWS accounts, follow the steps to connect an AWS account for each AWS account you want to associate with New Relic.

Add or edit custom tags

For API polling integrations, if you don't see any tags within a few minutes of set up, delete the integration and try the set-up procedures again.

You can delete the integration by going to one.newrelic.com > All capabilities > Infrastructure > AWS > Manage services**. Remove individual integrations or the entire account linkage as needed.

Note that not all integrations support tags collection. You can enable (or disable) tags collection in the integration settings. New Relic automatically imports custom tags you have added or edited for your AWS resources. Most metrics received via CloudWatch metric streams will have custom tags as dimensions.

Disconnect your AWS integrations

You can disable one or more integrations anytime and still keep your AWS account connected to New Relic. However, New Relic recommends that you don't disable EC2 or EBS monitoring. These two integrations add important metadata to your EC2 instances and EBS volumes in New Relic.

To uninstall your services completely from New Relic infrastructure Integrations, unlink your AWS account.

Regional support

We don't support Chinese AWS regions.

AWS API polling and CloudWatch Metric Streams

Set up API polling

Connect individual AWS integrations to New Relic

Connect multiple AWS integrations to New Relic

Connect multiple AWS accounts

Add or edit custom tags

Disconnect your AWS integrations

Regional support

Connect AWS polling integrations

AWS API polling and CloudWatch Metric Streams .css-21sua1{background:none;border:none;width:0;padding:0;}

Set up API polling

Connect multiple AWS integrations to New Relic

Connect multiple AWS accounts

Add or edit custom tags

Disconnect your AWS integrations

Regional support

AWS API polling and CloudWatch Metric Streams