Skip to main content
New Relic Connection

This article describes how to set up a New Relic Connection for the first time within Drata.

Updated over 3 months ago

Connection Instructions

Important Note: At this time, Drata only supports New Relic's US data center region. EU region support coming soon. If you are uncertain of your region, an EU region URL will begin with "rpm.eu.newrelic.com/."

First, log into your company's New Relic with administrator permissions (you will need these permissions to set up a service account).

All of the New Relic tests require an AWS <> New Relic integration. If you have not set this up in your New Relic account, you can follow this New Relic Guide to connect AWS.

(Optional) Create a Custom Role:

Drata only requires the ability to view Alerts to satisfy the requirements for this integration. It is recommended to create a service account user to limit the access that Drata has to your New Relic instance. The steps below detail how to do that. Full permission capabilities can be found here: https://docs.newrelic.com/docs/accounts/accounts-billing/new-relic-one-user-management/user-capabilities/#alerts

Create an API Key:

  • Navigate to the user menu by hovering over your username, and select ‘API Keys’ in the context menu.

  • Click the "Create a key" button.

  • Select the correct Account for connection, and a key type of ‘User’.

  • Drata suggests adding the following name for the Key:
    Drata API Key

  • Click the "Create a key" button.

  • Once created, you can copy the key by pressing the “...” menu button, and selecting “Copy Key”.

  • Paste the Key into API Key input. Do not copy or paste the Key ID.

Expected New Relic Setup and Troubleshooting

Infrastructure Monitoring Tests

Warning: For these tests only customers with AWS Infrastructure and New Relic are supported. Azure, GCP, and other infrastructure combinations will be addressed at a future date.

The first set of tests require monitors to be created within New Relic that contain the following metrics in their monitoring queries. These monitors should be visible on your Alert conditions (policies) screen, found under the Alerts & AI section of New Relic. If they do not yet exist they will need to be created.

In the current New Relic implementation, these tests will only work in New Relic if there is an accompanying AWS connection that can inform Drata of the AWS infrastructure that needs monitoring.

On the AWS side, you need to add Amazon Web Services to your installed New Relic Integrations, if you haven't already, to be able to use the default metrics provided for AWS. Once installed, include these metrics in the query when creating a new monitor. The Drata integration only cares about a monitor existing with the defined metrics listed below for each test.

In addition, for the alarm-based monitoring tests to pass, you must set up active notifications against these alarms in New Relic. This is a similar concept to establishing an SNS topic and active subscription against a CloudWatch alarm in AWS.

Several metric names are supported, based on a match between patterns Drata looks for and offered metric names in New Relic. For example, when Drata supports a pattern like provider.freeStorageSpace.*, that means provider.freeStorageSpace.Average, provider.freeStorageSpace.Maximum, and provider.freeStorageSpace.Minimum should pass.

Please let us know if we should look at additional metrics you make use of today!

Monitoring Test

New Relic Metric Name

Database CPU Monitored

RDS:

  • provider.cpuUtilization

  • provider.cpuUtilization.*

  • aws.rds.CPUUtilization

  • aws.rds.CPUUtilization.*

DocDB:

  • provider.cpuUtilization

  • provider.cpuUtilization.*

  • aws.docdb.CPUUtilization

  • aws.docdb.CPUUtilization.*

Database Free Storage Space Monitored

RDS Free Storage Space:

  • provider.freeStorageSpace

  • provider.freeStorageSpace.*

  • provider.freeStorageSpaceBytes

  • provider.freeStorageSpaceBytes.*

  • aws.rds.FreeStorageSpace

  • aws.rds.FreeStorageSpace.*

RDS Free Local Storage:

  • provider.freeLocalStorageBytes

  • provider.freeLocalStorageBytes.*

  • aws.rds.FreeLocalStorage

  • aws.rds.FreeLocalStorage.*

DocDB Free Local Storage:

  • provider.freeLocalStorageBytes

  • provider.freeLocalStorageBytes.*

  • aws.docdb.FreeLocalStorage

  • aws.docdb.FreeLocalStorage.*

Database Read I/O Monitored

RDS Read IOPS and SelectThroughput:

  • provider.readIops

  • provider.readIops.*

  • aws.rds.ReadIOPS

  • aws.rds.ReadIOPS.*

  • aws.rds.select_throughput

  • aws.rds.select_throughput.*

DocDB ReadIOPS and SelectThroughput:

  • provider.readIops

  • provider.readIops.*

  • aws.docdb.ReadIOPS

  • aws.docdb.ReadIOPS.*

  • aws.docdb.select_throughput

  • aws.docdb.select_throughput.*

Messaging Queue Message Age Monitored

provider.approximateAgeOfOldestMessage

aws.sqs.ApproximateAgeOfOldestMessage

Infrastructure Instance CPU Monitored

Instance CPUUtilization:

  • provider.cpuUtilization

  • provider.cpuUtilization.*

  • aws.ec2.CPUUtilization

  • aws.ec2.CPUUtilization.*

  • cpuPercent

  • cpuPercent.*

Cluster CPUUtilization:

  • provider.cpuUtilization

  • provider.cpuUtilization.*

  • aws.ecs.CPUUtilization

  • aws.ecs.CPUUtilization.*

  • cpuPercent

  • cpuPercent.*

Did this answer your question?