All Products
Search

This Product

    Application Real-Time Monitoring Service:Monitor ECS instances with Managed Service for Prometheus

    Document Center

    Application Real-Time Monitoring Service:Monitor ECS instances with Managed Service for Prometheus

    Last Updated:Mar 11, 2026

    Monitoring ECS infrastructure typically requires installing and maintaining agents on each instance. Managed Service for Prometheus eliminates this overhead: enable the Host Monitor component, select a VPC, and Node Exporter and Process Exporter are automatically installed on every Elastic Compute Service (ECS) instance in that virtual private cloud (VPC). The managed Prometheus agent scrapes approximately 1,000 metric entries per instance on each collection cycle, with built-in Grafana dashboards and alert rules available immediately.

    How it works

    1. Enable Host Monitor: Select a VPC. Node Exporter and Process Exporter are automatically installed on each ECS instance, and the managed Prometheus agent begins collecting metrics.

    2. (Optional) Modify Host Monitor: Change the service port, collection interval, or service discovery settings.

    3. (Optional) Discard metrics: Filter out unneeded metrics to reduce costs.

    4. (Optional) Configure alerting: Set up built-in or custom alert rules for metric thresholds.

    Workflow diagram

    Prerequisites

    • A VPC with one or more ECS instances. For more information, see Create and manage an ECS instance in the console (express version).

    • Alibaba Cloud Resource Center is activated. Managed Service for Prometheus relies on Resource Center to discover VPC and ECS data in your account. For more information, see Activate Resource Center.

    • The security group of each ECS instance allows inbound traffic from the 100.64.0.0/10 and 192.168.0.0/18 CIDR blocks to the following ports:

      ExporterDefault port
      Node Exporter9100
      Process Exporter9256

      If you changed the default ports, allow traffic to the modified ports instead. For information about security group rules, see Search for security groups.

    Enable Host Monitor

    Enable Host Monitor and select a VPC to automatically install Node Exporter and Process Exporter on each ECS instance. The managed Prometheus agent starts collecting metrics immediately.

    Enable the component

    1. In the left-side navigation pane of the ARMS console, click Integration Center. In the Infrastructure section, click Host Monitor.

      Integration Center - Host Monitor

    2. Select the VPC and configure the parameters. For details about each parameter, see Monitor ECS instances.

      Host Monitor configuration panel

    3. Click OK. Wait 1 to 2 minutes for the exporters to install.

    View dashboards

    1. In the left-side navigation pane of the ARMS console, click Integration Management. On the Integrated Environments tab, click ECS Instance, then click the VPC ID to open the environment details page.

      Integration Management - ECS Instance

    2. On the Component Management tab, click Dashboards in the Addon Type section to view the built-in Grafana dashboards.

      Component Management - Dashboards

      Grafana dashboard example

    Note

    If the dashboards show no data, verify that the security group rules meet the requirements in Prerequisites. For more details, see Why do the dashboards show no data?

    Verify exporter installation

    To confirm that an exporter is running on an ECS instance, query the metrics endpoint:

    http://<ECS-IP>:<PORT>/metrics
    PlaceholderDescriptionExample
    <ECS-IP>Private IP address of the ECS instance192.168.1.10
    <PORT>Exporter port9100 (Node Exporter) or 9256 (Process Exporter)

    If the endpoint returns metric data, the exporter is installed and running.

    (Optional) Modify Host Monitor settings

    Change settings such as the service port, collection interval, or service discovery configuration.

    1. In the left-side navigation pane of the ARMS console, click Integration Management. On the Integrated Environments tab, click ECS Instance, then click the VPC ID to open the environment details page.

      Integration Management - ECS Instance

    2. Find the exporter to modify and click Settings.

      Exporter Settings

    3. Update the settings and click OK. For details about each parameter, see Monitor ECS instances.

    4. Refresh the page and click Settings again to confirm the changes took effect. Check the dashboards to verify the data.

    (Optional) Discard unneeded metrics

    Filter out metrics you do not need to simplify analysis and reduce costs.

    1. In the left-side navigation pane of the ARMS console, click Integration Management. On the Integrated Environments tab, click ECS Instance, then click the VPC ID to open the environment details page.

      Integration Management - ECS Instance

    2. On the Metric Scraping tab, go to the Discard Metrics section. Select the metrics to discard and click Update. For the full list of available metrics, see Metrics.

      Discard Metrics section

    Note

    Basic metrics about ACK clusters cannot be discarded.

    1. Refresh the page to confirm the discarded metrics are removed. Check the dashboards to verify the data.

    (Optional) Configure alerting

    Managed Service for Prometheus provides built-in and custom alert rules. Built-in alert rules generate alert events by default but do not send notifications until you configure them. Custom alert rules let you define your own conditions and thresholds.

    Configure built-in alert rules

    1. In the left-side navigation pane of the ARMS console, click Integration Management. On the Integrated Environments tab, click ECS Instance, then click the VPC ID to open the environment details page.

      Integration Management - ECS Instance

    2. On the Component Management tab, click Alert Rule in the Addon Type section. Click View Alert Event to check existing alert events, or click Edit to modify a rule.

      Alert Rule addon type

    3. Update the alert rule and click OK. For more information, see Prometheus alert rules.

    Configure custom alert rules

    If the built-in alert rules do not cover your requirements, create custom rules.

    1. In the left-side navigation pane of the ARMS console, click Integration Management. On the Integrated Environments tab, click ECS Instance, then click the VPC ID to open the environment details page.

      Integration Management - ECS Instance

    2. On the Component Management tab, click the VPC link next to Default Metric Storage in the Basic Information section.

      Default Metric Storage VPC link

    3. On the Alert rules page, create, modify, or view custom alert rules. For more information, see Prometheus alert rules.

      Alert rules page

    Test alert delivery

    1. Refresh the page to confirm the alert rule is saved.

    2. To test, create a low-threshold, risk-free rule that is easy to trigger and verify that the alert notification arrives as expected.

    Note

    How notifications are delivered depends on the notification channel configured in the alert rule.

    FAQ

    Why do the dashboards show no data?

    The most common cause is a security group misconfiguration. The security group of each ECS instance must allow inbound traffic from the 100.64.0.0/10 and 192.168.0.0/18 CIDR blocks to the Node Exporter port (default: 9100) and Process Exporter port (default: 9256).

    If you changed the default ports during setup, use the modified ports instead.

    To check your security group rules, see Search for security groups.

    Why did Node Exporter fail to install?

    Check the following:

    1. Is the ECS instance running? Node Exporter can only be installed on a running instance.

    2. Is an existing Node Exporter already using port 9100? If open source Node Exporter was previously installed and occupies port 9100, find the Alibaba Cloud-provided Node Exporter on the Component Management tab, click Settings, and assign a different port.

    How do I manually configure security group rules?

    Log on to the ECS console. In the security group settings of each ECS instance, add an inbound rule that allows traffic from the VPC CIDR block to the Node Exporter port (default: 9100) and Process Exporter port (default: 9256). If you changed the default ports, use the modified ports.

    How do I troubleshoot network connectivity between ECS instances and the Prometheus agent?

    Each ECS instance and the Prometheus agent must be reachable through the VPC:

    1. Check the route table to confirm that traffic routes are correct.

    2. Check the firewall and security group rules to confirm that the required ports are open.

    Why is metric data inaccurate or missing?

    If Node Exporter or Process Exporter is enabled but metrics look wrong or incomplete:

    1. Query the exporter endpoint directly with cURL to check whether data is returned:

      curl http://<ECS-IP>:<PORT>/metrics

      Use port 9100 for Node Exporter or port 9256 for Process Exporter. If you changed the default ports, use the modified ports.

    2. If the response is empty or contains errors, check the exporter logs for exceptions.

    How do I collect process-level metrics?

    Process Exporter handles process-level metrics on port 9256 by default. Open port 9256 in the security group of each ECS instance.

    Process Exporter consumes minimal system resources and typically does not affect performance. However, if the system resources are insufficient, proceed with caution.

    What's next