Beta

AWS CloudWatch

Advanced Observability with CloudWatch

Internet Monitor

Enhance observability of your applications by tracking public internet performance with CloudWatch Internet Monitor. Learn how to diagnose latency issues, leverage anomaly detection, and integrate insights into your monitoring workflows.

1. Challenge: Diagnosing Public Internet Latency

Your application is hosted in an AWS US Region, while users in the UK and Europe typically see latencies between 40 ms and 100 ms. Occasionally they experience as low as 5 ms or spikes up to 70 ms. One day, a London user reports 900 ms latency, even though backend health checks remain steady at 100–200 ms.

Since your application metrics are healthy, the issue is likely somewhere on the public internet path. How can you pinpoint and resolve performance problems outside your AWS infrastructure?

2. Introducing Internet Monitor

CloudWatch Internet Monitor provides end-to-end visibility into internet traffic for your AWS resources. By analyzing real user network flow data, it helps you quickly identify and troubleshoot routing issues, ISP outages, or misconfigurations.

Key Features

FeatureBenefit
Monitor Network FlowTrack traffic patterns and performance across the public internet.
Source & Destination AnalysisIdentify IP prefixes and autonomous systems affecting your traffic.
Anomaly DetectionAutomatically surface spikes in latency, packet loss, or throughput.
AWS Service IntegrationCorrelate internet-path data with CloudWatch dashboards, alarms, and Logs.
Real-Time VisibilityView live network performance to troubleshoot issues immediately.
Thresholds & AlarmsSet custom alerts on latency, bandwidth, or active connections.
Detailed Traffic RecordsAggregate IP traffic data for security audits and compliance.

The image is an infographic titled "Internet Monitor," highlighting features such as monitoring network flow data, anomaly detection, AWS integration, real-time visibility, setting alarms, and supporting VPC flow logs.

Note

Ensure VPC Flow Logs are enabled and your IAM role has internetmonitor:* permissions before creating a monitor. See the CloudWatch IAM Policies for details.

Example: Enable Internet Monitor via AWS CLI

Replace the placeholders with your resource ARN and desired settings:

aws internetmonitor create-monitor \
  --monitor-name MyInternetMonitor \
  --resources "arn:aws:ec2:us-east-1:123456789012:vpc/vpc-0a1b2c3d4e5f6g7h" \
  --traffic-visibility "ALL" \
  --client-token "$(uuidgen)"

3. Real-World Use Case: Troubleshooting a Latency Spike

  1. Alert Triggered
    A CloudWatch alarm notifies you when latency exceeds 200 ms.

  2. Path Analysis
    Internet Monitor shows a European ISP with elevated packet loss and latency.

  3. AWS Correlation
    You confirm via CloudWatch metrics (ELB latency, EC2 network stats) that your backend is healthy.

  4. Remediation
    You coordinate with the ISP to resolve routing issues or update Route 53 to reroute traffic through a different edge location.

Warning

Continuous monitoring may incur additional data processing and transfer charges. Review CloudWatch Pricing to estimate costs.

References

Watch Video

Watch video content

Practice Lab

Practice lab

Previous
Demo Setting up X Ray with a Sample Application
Next
Synthetics Canaries