Amazon CloudWatch
User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

CloudWatch Anomaly Detection

CloudWatch anomaly detection is in open preview. The preview is open to AWS accounts in all commercial AWS Regions. You do not need to request access. Features may be added or changed before announcing General Availability. Please contact anomalydetectionfeedback@amazon.com for any feedback, questions, or if you would like to be informed when updates are available.

On August 29, 2019, we added support for using AWS CloudFormation to deploy alarms based on anomaly detection models.For more information, see AWS::CloudWatch::Alarm.

On August 27, 2019, we deployed the preview anomaly detection band feature. Now when you enable anomaly detection, you can immediately see a preview band which is an approximation of the anomaly detection band that will be generated by the model.

When you enable anomaly detection for a metric, CloudWatch applies machine-learning algorithms to the metric's past data to create a model of the metric's expected values. The model generates two metrics, one that represents the upper band of normal metric behavior, and another that represents the lower band.

You can use the model of expected values in two ways:

  • You can create anomaly detection alarms based on a metric's expected value. These types of alarms don't have a static threshold for determining alarm state, but instead compare the metric's value to the expected value based on the anomaly detection model. You specify a number of standard deviations that CloudWatch uses along with the model to determine the "normal" range of values for the metric, where a higher number of standard deviations produces a thicker band of "normal" values.

    You can choose whether the alarm is triggered when the metric value is above the band of expected values, below the band, or either above or below the band.

    For more information, see Creating a CloudWatch Alarm Based on Anomaly Detection.

  • When viewing a graph of metric data, you can overlay the expected values onto the graph as a band, instantly making it visually clear which values in the graph are out of the normal range. For more information, see Creating a Graph.

    You can enable anomaly detection using the AWS Management Console, the AWS CLI, AWS CloudFormation, or the AWS SDK. You can also retrieve the upper and lower values of the model's band by using the GetMetricData API request with the ANOMALY_DETECTION_BAND metric math function. For more information, see GetMetricData.

The links in the previous list are for creating an anomaly detection model using the AWS Management Console. You can also create anomaly detection models using the AWS API, the AWS CLI, and AWS CloudFormation.


      The
        metrics console showing anomaly detection enabled for the CPUUtilization
        metric.

How CloudWatch Anomaly Detection Works

When you enable anomaly detection for a metric, CloudWatch applies machine-learning algorithms to the metric's past data to create a model of the metric's expected values, taking into account trends and hourly, daily, and weekly patterns of the metric. The machine-learning algorithm trains on up to two weeks of metric data, but you can enable anomaly detection on a metric even if the metric does not have a full two weeks of data.

When you enable anomaly detection, you can immediately see a preview anomaly detection band which is an approximation of the anomaly detection band that will be generated by the model. It takes up to 15 minutes for the actual anomaly detection band to appear.

The machine-learning model is specific to a metric and a statistic. For example, if you enable anomaly detection for a metric using the AVG statistic, the model is specific to the AVG statistic.

After you have created a model, it constantly updates itself, using the latest data from the metric.

After you enable anomaly detection on a metric, you can optionally choose to exclude specified time periods of the metric from being used to train the model. This way, you can exclude deployments or other unusual events from being used for model training, ensuring the most accurate model is created.

Using anomaly detection models for alarms incurs charges on your AWS account. For more information, see Amazon CloudWatch Pricing.