Set up a metric stream - Amazon CloudWatch

Set up a metric stream

Use the steps in the following sections to set up a CloudWatch metric stream.

After a metric stream is created, the time it takes for metric data to appear at the destination depends on the configured buffering settings on the Firehose delivery stream. The buffering is expressed in maximum payload size or maximum wait time, whichever is reached first. If these are set to the minimum values (60 seconds, 1MB) the expected latency is within 3 minutes if the selected CloudWatch namespaces have active metric updates.

In a CloudWatch metric stream, data is sent every minute. Data might arrive at the final destination out of order. All specified metrics in the specified namespaces are sent in the metric stream, except metrics with a timestamp that is more than two days old.

For each combination of metric name and namespace that you stream, all dimension combinations of that metric name and namespace are streamed.

For metric streams in monitoring accounts, you can choose whether to include metrics from the source accounts linked to that monitoring account. For more information, see CloudWatch cross-account observability.

To create and manage metric streams, you must be logged on to an account that has the CloudWatchFullAccess policy and the iam:PassRole permission, or an account that has the following list of permissions:

  • iam:PassRole

  • cloudwatch:PutMetricStream

  • cloudwatch:DeleteMetricStream

  • cloudwatch:GetMetricStream

  • cloudwatch:ListMetricStreams

  • cloudwatch:StartMetricStreams

  • cloudwatch:StopMetricStreams

If you're going to have CloudWatch set up the IAM role needed for metric streams, you must also have the iam:CreateRole and iam:PutRolePolicy permissions.

Important

A user with the cloudwatch:PutMetricStream has access the CloudWatch metric data that is being streamed, even if they don't have the cloudwatch:GetMetricData permission.