1 - CloudWatch Connection Setup

Updated 1 month ago by Michael Cretzman

The first step in using CloudWatch with Harness is to set up an AWS Cloud Provider in Harness.

A Harness Cloud Provider is a connection to AWS and its monitoring tools, such as CloudWatch. Once Harness is connected, you can use Harness 24/7 Service Guard and Deployment Verification with your CloudWatch data and analysis.

AWS Permissions Required

Harness requires the IAM user to be able to make API requests to AWS. The User Access Type required is Programmatic access. This enables an access key ID and secret access key for the AWS API, CLI, SDK, and other development tools. For more information, see Creating an IAM User in Your AWS Account from AWS.

Here is the CloudWatch policy used for this guide:

"Version": "2012-10-17",
"Statement": [
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"Resource": "*"

Add AWS Cloud Provider for CloudWatch

To add AWS as a Harness Cloud Provider, you need a Harness Delegate installed in your AWS VPC. For AWS, the Shell Script Delegate and ECS Delegate are most commonly used.

Once the Delegate in installed in your VPC, you can use its credentials to connect the AWS Cloud Provider. For example, see the Assume IAM Role on Delegate and Delegate Tag options and in the AWS Cloud Provider:

For more information on setting up an AWS Cloud Provider in Harness, see Installation Example: Amazon Web Services and ECS and Amazon Web Services (AWS) Cloud.

Here is a summary of the steps to set up an AWS Cloud Provider in Harness:

  1. Click Setup, and then click Cloud Providers.
  2. Click Add Cloud Provider. The Cloud Provider dialog appears.
  3. When you select Amazon Web Services in Type, the Cloud Provider dialog changes for the AWS settings.
  4. Choose a name for this provider. Theis to differentiate AWS providers in Harness. It is not the actual AWS account name.
  5. Select Assume the IAM Role of the Delegate (recommended), or Enter AWS Access Keys manually.
    1. If you selected Assume the IAM Role of the Delegate, in Delegate Tag, enter the Tag of the Delegate that this Cloud Provider will use for all connections. For information about Tags, see Delegate Tags.
    2. If you selected Enter AWS Access Keys manually, enter your Access Key and your Secret Key. For more information, see Access Keys (Access Key ID and Secret Access Key) from AWS.
The AWS IAM Policy Simulator is a useful tool for evaluating policies and access.

For more details, see Amazon Web Services (AWS) Cloud.

Next Step

How did we do?