Overview

How does marbot work?

marbot is a chatbot for monitoring AWS with the following main features.

• Configures AWS monitoring
• Receive alerts and notifications from AWS and other sources
• Delivers notifications to a channel
• Escalates alerts among team members

How does marbot configure AWS monitoring?

marbot automatically and continuously configures AWS monitoring for your AWS accounts. For example, marbot creates CloudWatch alarms for all the EC2 instances in your account. And if you are launching a new instance, marbot will also automatically create CloudWatch alarms.

Overall, marbot configures monitoring for the following AWS services out of the box.

• Security: Trusted Advisor, Health, GuardDuty, Macie, SecurityHub, Inspector, ACM, root user logins;
• Compute: ElasticBeanstalk, EC2, EC2 Spot, EC2 Fleet, ECS, Fargate Spot, Auto Scaling Groups, Batch, OpsWorks;
• DevOps: CodePipeline, CodeBuild, CodeDeploy, CodeCommit, X-Ray;
• Storage: RDS, EBS, ES, OpenSearch, Backup;
• Analytics: EMR, Glue, IoT Analytics, Athena;
• Cost: monthly costs, savings plans coverage & utilization;
• Others: ECR, DLM, SSM, SQS, ALB, AppFlow;

Do not modify resources like CloudWatch alarms or EventBridge rules created by marbot. marbot does constantly apply the monitoring configuration and will override your modifications. If you have concerns about the resources created by marbot, please contact hello@marbot.io.

How does marbot receive alerts and notifications?

marbot assigns each channel a unique endpoint ID, like 0a158950919c61240bc42cb72f6a4ad31ef2939f11e2f8bac397a6386d248a55. Each endpoint supports HTTPS and e-mail.

# Replace $ENDPOINT_ID with the channel's endpoint ID assigned by marbot
https://api.marbot.io/v1/endpoint/$ENDPOINT_ID
$ENDPOINT_ID@api-v1.marbot.io

# Example
https://api.marbot.io/v1/endpoint/0a158950919c61240bc42cb72f6a4ad31ef2939f11e2f8bac397a6386d248a55
0a158950919c61240bc42cb72f6a4ad31ef2939f11e2f8bac397a6386d248a55@api-v1.marbot.io

So, whenever marbot receives an alert or notification via HTTPS or e-mail, it will deliver a message to the Slack or Microsoft Teams channel based on the endpoint ID.

By default, marbot configures SNS topics and EventBridge API destinations to deliver alerts and notifications to an endpoint.

Are you looking for the endpoint of a channel? Post the following message to the channel.

@marbot endpoint

How does marbot deliver notifications to a channel?

marbot is trained to classify incoming events into notifications and alerts. A notification does not require human interaction. Therefore, marbot posts incoming notifications straight to the channel.

This is how a notification looks in Slack.

And here is the same notification in Microsoft Teams.

In case you don’t want to receive a similar notification again, click the Mute button.

How does marbot escalate alerts among team members?

Things work differently for incoming events classified as alerts. In that case, marbot will also post to the channel. After that, marbot waits for someone to acknowledge or close the alert. Again, it is also possible to mute similar alarms in the future.

This is how an alarm looks in Slack.

marbot for Slack mentions all active users by using @here. If no one acknowledges or closes the alert, marbot will edit the post and mention active and inactive users using @channel.

And here is the same alert in Microsoft Teams.

Alternatively, it is also possible to send incoming alarms via direct message to two active users, one after the other, before the alarm is sent to all in the channel. Post the following message to a channel to enable the configuration option Escalate to individual users.

@marbot configure

That’s it. You learned about the main concepts.