Create an instance and connect to it:
run sudo dnf install amazon-cloudwatch-agent:
Type y and hit ‘Enter’:
Create an IAM role
Navigate to IAM and under Access Management, select Roles and click on the ‘Create role’ button:
Select AWS Service and EC2:
Search up ‘CloudWatchAgentServerPolicy’ and ‘AmazonSSMFullAccess’:
Give the role a name and select the ‘Create role’ button:
Navigate back into the EC2 portal and right click the instance, go to Security and choose ‘Modify IAM role’:
Select the role created earlier in the drop down box and select ‘Update IAM role’:
Installing the Agent
Go back into the EC2 instance, run:
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
This will begin the CloudWatch Agent Configuration Manager From Adrian Cantrill’s command page summarized1 :
Accept all defaults, until default metrics .. pick advanced.
/var/log/secure
/var/log/httpd/access_log
/var/log/httpd/error_log
(Accept default instance ID)
Accept the default retention option
Answer no to any more logs
Save config into SSM
Use the default name.
# Config will be stored in /opt/aws/amazon-cloudwatch-agent/bin/config.json and stored in SSM
Once the configuration has been completed, navigate to the SSM in the portal:
This configuration can now be used in any EC2 deployment.
Create a folder named ‘collectd’ and a database file ‘types.db’, this is a bug workaround since CloudWatch expects this folder in the system and Amazon Linux does not have it installed:
sudo mkdir -p /usr/share/collectd/
sudo touch /usr/share/collectd/types.db
Run this command to start the agent and pull the configuration file from the parameter store in SSM, then it will load the data into CloudWatch Logs:
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c ssm:AmazonCloudWatch-linux -s
Checking CloudWatch Logs
Go to CloudWatch and under log groups you can see the logs that were generated:
Select the access_log and choose a stream:
You can see all the log events:
Checking Metrics
In the CloudWatch page, navigate to ‘All metrics’ and select ‘CWAgent’
Due to installing the CloudWatch agent on the instance, you can now see all the operating system level metrics:
A4L instance CPU metrics:
This project covered installing the CloudWatch Agent on an EC2 instance.
Footnotes
-
Adrian Cantrill’s Lab Commands: https://learn-cantrill-labs.s3.amazonaws.com/awscoursedemos/0013-aws-associate-ec2-cwagent/lesson_commands_AL2023.txt ↩