Alertmanager in an AWS VPC with limited internet access?


Learner here. I have these AWS multi-accounts with multi-vpcs to monitor.

I would like to know how can I use alertmanager to send alerts out if it runs in a VPC without internet access? This VPC has a filtering proxy though, or because it runs within AWS maybe we can exfiltrate via SNS or something.

Do you have any recommendations?

I am still in the design phase… After reading a lot, it seems that the best in my scenario would be:

  1. One Prometheus per VPC (to be close from the resources)
  2. Alert manager on each prometheus sending to Opsgenie (but some VPC don’t have internet)
  3. Thanos to ship metrics in S3 for long storage and single pain of glass for metrics
  4. No need for Prometheus federation because Thanos aggregate metrics

If anyone has good documentation about multi-accounts architecture, I am happy to read

1 Like

Interesting use case. One thought: rather than managing AM and Thanos by yourself, have you considered using AMP which is essentially managed Cortex and also will bundle AM when we go GA?

PS: I do hope you mean “pane of glass”, tho :wink:

AMP is not supported imy region unfortunately. It’s something we thought about but anyway alertmanager is not supported yet on AMP (in preview).

Yes, single pane of glass :slight_smile: But I guess I said pain of glass because to get something it’s a lot of complexity and hoops to go through.

1 Like