Overall, marbot is a chatbot for monitoring AWS with the following main features.
- Configures AWS monitoring
- Recieves alerts and notifications from AWS and other sources
- Delivers notifications to a channel
- Escalates alerts among team members
marbot automatically and continously configures AWS monitoring for your AWS accounts. For example, marbot creates CloudWatch alarms for all the EC2 instances currently running in your account. And in case you are launching a new instance, marbot will automatically create CloudWatch alarms as well.
Overall, marbot configures monitoring for the following AWS services out-of-the-box.
- Security: Trusted Advisor, Health, GuardDuty, Macie, SecurityHub, Inspector, ACM, root user logins;
- Compute: ElasticBeanstalk, EC2, EC2 Spot, EC2 Fleet, ECS, Fargate Spot, Auto Scaling Groups, Batch, OpsWorks;
- DevOps: CodePipeline, CodeBuild, CodeDeploy, CodeCommit, X-Ray;
- Storage: RDS, EBS, ES, OpenSearch, Backup;
- Analytics: EMR, Glue, IoT Analytics, Athena;
- Cost: monthly costs, savings plans coverage & utilization;
- Others: ECR, DLM, SSM, SQS, ALB, AppFlow;
Do not modify resources like CloudWatch alarms or EventBridge rules created by marbot. marbot does constantly apply the monitoring configuration and will override your modifications. In case you have concerns about the resources created by marbot, please contact email@example.com.
marbot assings each channel a unique endpoint ID, like
0a158950919c61240bc42cb72f6a4ad31ef2939f11e2f8bac397a6386d248a55. Each endpoint supports HTTPS and e-mail.
# Replace $ENDPOINT_ID with the channel's endpoint ID assigned by marbot
So, whenever marbot recieves an alert or notification via HTTPS or e-mail, it will deliver a message to the Slack or Microsoft Teams channel based on the endpoint ID.
By default, marbot configures SNS topics and EventBridge API destinations to deliver alerts and notifications to an endpoint.
Are you looking for the endpoint of a channel? Post the following message to the channel.
marbot is trained to classify incoming events into notifications and alerts. A notification does not require human interaction. Therefore, marbot posts incoming notifications straight to the channel.
This is how a notification looks in Slack.
And here is the same notification in Microsoft Teams.
In case you don’t want to recieve a similar notification again, click the Mute button.
Things work a little different for incoming events classified as alert. In that case, marbot will also post to the channel. After that, marbot waits for someone to acknowledge or close the alert. Again, it is also possible to mute similar alarms in the future.
This is how an alarm looks in Slack.
marbot for Slack mentions all active users by using
@here. In case no one acknowledges or closes the alert, marbot will edit the post and mentions active and inactive users by using
And here is the same alert in Microsoft Teams.
As an alternative, it is also possible to send incoming alarms via direct message to two active users one after the other, before the alarm is sent to all in the channel. Post the following message to a channel to enable the configuration option Escalate to individual users.
That’s it. You learned about the main concepts.