API Health Monitoring using CloudWatch Alarms
We expose APIs using API Gateways day-in day-out along with implementing authorization, authentication, fault tolerance, resilience etc. but yet there are chances that our API backend code might fail/generate exception or expose to attacks like DDoS.
One common concern around APIs is having consolidated API performance/activity data available at once place which can visualized and inferred easily. Integration of API Gateway with CloudWatch is one simple way of doing it and below article explain how can you enable CloudWatch logging for your API Gateway endpoints:
For the scope of this article, you can set logging level as “Errors Only”.
Now go to CloudWatch > Alarms and click on “Creat alarm”
Click on “Select metric” and filter metrics by ApiGateway > By API Name > Search by API Name, you will see all the metrics captured for given API
For the scope of this article, select “4xxError” metric and click on “Select metric” button
After selecting metric, select metric statistics that you want to monitor
For the scope of this article, we have selected “Sum” for “Period” of 1 minutes, which means we will be monitoring total number of 4xxError in last 1 minute to decide on next steps
Now, select condition which you want to apply to above select metric statistics like “if sum of 4xxError per minute is greater than 2”. Click “Next”.
Select existing SNS topic or create new SNS topic which will be invoked when Alarm state is “In alarm”
Preview/Review and click on “Create alarm”
Search for newly create Alarm and see the status :
Alarm state might show “Insufficient data” if the API is not being used much in last few minutes.
In case API is being frequently used and resulted in 4xxErrors more than 2 times in last 1 minute then Alarm State will change to “In Alarm” and selected SNS topic will be called resulting in possible email or other notifications to subscribers of the SNS topic.
Conclusion : API Health Monitoring based on various available metrics along with timely notifications can be setup easily without any coding tasks. In this example we have considered API Health monitoring but same can be extended to other services which report or log required metrics to CloudWatch.