This rule raises an issue when AWS CloudWatch put_metric_data namespace begins with AWS/

Why is this an issue?

AWS CloudWatch has reserved namespaces that begin with 'AWS/' for its own internal services and metrics. These namespaces are used by AWS to publish official service metrics such as EC2 instance metrics, Lambda function metrics, S3 bucket metrics, and others. When you attempt to publish custom metrics using a namespace that begins with 'AWS/', you are essentially trying to use a reserved namespace that conflicts with AWS’s own metric publishing system.

What is the potential impact?

Using AWS service namespaces can lead to metric publishing failures, data corruption, or unexpected behavior in CloudWatch dashboards. It may also cause confusion between your custom metrics and official AWS service metrics, making monitoring and troubleshooting more difficult. Additionally, AWS may reject such metric publications, or they may interfere with existing service metrics.

How to fix it in Boto3

Use a custom namespace that does not begin with 'AWS/' when publishing metrics with CloudWatch. Choose a meaningful namespace that reflects your application or service name, such as 'MyApp/', 'CustomService/', or your organization name.

Code examples

Noncompliant code example

import boto3

cloudwatch = boto3.client('cloudwatch')

# Publishing to AWS reserved namespace
cloudwatch.put_metric_data(
    Namespace='AWS/MyCustomService',  # Noncompliant
    MetricData=[
        {
            'MetricName': 'CustomMetric',
            'Value': 123.0
        }
    ]
)

Compliant solution

import boto3

cloudwatch = boto3.client('cloudwatch')

# Publishing to custom namespace
cloudwatch.put_metric_data(
    Namespace='MyApp/CustomService',  # Compliant
    MetricData=[
        {
            'MetricName': 'CustomMetric',
            'Value': 123.0
        }
    ]
)

How to fix it in aiobotocore

When using aiobotocore for asynchronous CloudWatch operations, ensure you use a custom namespace that does not start with 'AWS/' to avoid conflicts with AWS reserved namespaces.

Code examples

Noncompliant code example

import aiobotocore.session

async def publish_metrics():
    session = aiobotocore.session.get_session()
    async with session.create_client('cloudwatch') as client:
        await client.put_metric_data(
            Namespace='AWS/Lambda/Custom',  # Noncompliant
            MetricData=[
                {
                    'MetricName': 'ProcessingTime',
                    'Value': 45.2
                }
            ]
        )

Compliant solution

import aiobotocore.session

async def publish_metrics():
    session = aiobotocore.session.get_session()
    async with session.create_client('cloudwatch') as client:
        await client.put_metric_data(
            Namespace='MyLambda/Custom',  # Compliant
            MetricData=[
                {
                    'MetricName': 'ProcessingTime',
                    'Value': 45.2
                }
            ]
        )

Resources

Documentation