CloudWatch Dashboards Are Great (If You Build Them Right)

#aws #cloudwatch #terraform #iac #observability #devops

CloudWatch dashboards are great if you need a quick high-level look at your instance metrics.

It’s the kind of thing that helps you catch:

  • a weird CPU issue
  • the occasional memory leak

…and you can do it without deep diving into logs yet.

But to get a good dashboard you actually need to build it properly.

You need to choose the right metrics, and make sure the picture you see has real meaning. Otherwise you get a “nice looking” dashboard that lies to you.

”Ok, so let’s have dashboards going forward”

We recently decided we want dashboards for our project going forward.

Meaning: we have to somehow programmatically add them, not do it manually in every account / environment / service.

So I took it up with Terraform and decided we’ll add dashboards with IaC.

Terraform makes it easy… until you hit the JSON wall

You can easily find the Terraform resources/providers for CloudWatch dashboards.

But you will quickly learn one thing:

Terraform needs a dashboard JSON.

And now you have a few options.

One thing we can do is to let AI generate the JSON.

It will probably do an OK job.

But it will be hard to control the outcome we really want.

AI will give you something close, but when you actually care about:

  • the exact widgets
  • the exact metrics
  • the exact layout
  • the exact names and dimensions

…it becomes annoying fast.

The approach that worked for us: build in the console, export, Terraform

So we went the other way around.

We built the dashboard in the AWS console first.

Then we exported it to JSON.

Then we pasted it into the Terraform files.

And only then we did the Terraform part:

  • add the right variables when needed
  • replace hardcoded instance IDs / regions / etc
  • make it work across environments

This way we got a dashboard we actually liked visually, and it also became repeatable and consistent.

Final thoughts

Dashboards are great tools for observability.

And building them with Terraform is actually pretty easy once you start from a real dashboard and export it.

You should try adding them in your projects — it’s one of those “small” CloudOps things that pays off during incidents.

Code examples

Terraform resource

resource "aws_cloudwatch_dashboard" "main" {
  dashboard_name = "${var.project}-${var.env}"
  dashboard_body = file("${path.module}/dashboard.json")
}

The “vars” part (what you’ll usually change after export)

If your exported dashboard has values like instance IDs, log groups, or region — replace them with variables.

variable "project" { type = string }
variable "env"     { type = string }

If you paste your exported dashboard JSON (even a chunk), I can rewrite it minimally into a Terraform-friendly version with variables — while keeping it readable and close to what you built in the console.