Quickly Start Monitoring Your Workloads with the Amazon CloudWatch Agent
In the dynamic world of cloud computing, effective and swift monitoring of your system’s health and performance is essential. The Amazon CloudWatch Agent stands out as a robust solution that empowers you to track custom metrics with ease. An important reason to use the agent, instead of just using CloudWatch agentless, is to collect additional metrics. A typical metric would be memory usage, but you can also monitor Windows WMI performance counters or Linux metrics from the /proc/stat file. While some organizations may lean towards specialized third-party monitoring solutions for their comprehensive features and dedicated support, the CloudWatch Agent presents a streamlined and cost-effective alternative, all within your AWS environment.
The CloudWatch agent simplifies the monitoring process and integrates seamlessly with your existing AWS ecosystem. However, before running the agent on any servers, it’s crucial to create a CloudWatch agent configuration file. Otherwise, no additional metrics beyond the default EC2 metrics that are being sent to CloudWatch will be monitored. Utilizing the provided CloudFormation template, you can initiate your monitoring capabilities without the complexities typically associated with setup and configuration.
We use CloudFormation because it automates and simplifies the process of managing related AWS resources, helping us to build and replicate infrastructure in a predictable and controlled manner.
Let’s look at how this solution works in detail.
- The template can be downloaded from the Cloudar GitHub repository here: cloudwatch.yaml
The CloudFormation template includes the following resources:
- SSMDocumentCloudWatchAgent: an SSM document that combines the
AWS-ConfigureAWSPackage
with theAmazonCloudWatchAgent
andAmazonCloudWatch-ManageAgent
to install and configure the CloudWatch agent. - AgentConfigLinuxParameter and AgentConfigWinParameter: SSM parameters that store the configuration for Linux and Windows environments, respectively.
- CWAgentLinuxAssociation and CWAgentWinAssociation: SSM associations that ensure the execution of the CloudWatch agent installation and configuration.
- IAMPolicySSMParameter: an IAM policy that grants the necessary permissions for SSM and CloudWatch agent operations.
- IAMRoleforSSM and InstanceProfileforSSM: IAM role and instance profile that provide the required policies for SSM, CloudWatch agent, and access to the SSM parameters.
Deploying this template will create an SSM document, which is the result of merging two managed AWS SSM documents: AWS-ConfigureAWSPackage with AmazonCloudWatchAgent and AmazonCloudWatch-ManageAgent. This document will install the CloudWatch agent using the specified configuration.
The SSM associations will enforce the execution of this document to install and configure the CloudWatch agent. It will check the EC2 instances’ tags for the OS key (a dedicated OS tag is necessary for detecting the required configuration, an SSM association doesn’t explicitly detect OS details through e.g. metadata) and, depending on its value, will use either the Linux or Windows SSM parameter as its configuration. The created IAM resources are the preferred instance role, containing the necessary policies for SSM, the CloudWatch agent, and access to the SSM parameters that will be used.
The essential managed AWS policy for the CloudWatch agent is identified by the ARN: arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
We are using SSM State Manager associations for better control, flexibility, and ease of management compared to manual installation or embedding in userdata fields.
The provided CloudWatch agent configurations are examples to help you get started quickly. We recommend you review and adapt them to better suit your requirements.
Once the CloudFormation template is deployed in your environment, the following process occurs:
- When an instance starts or is already running, SSM performs these steps:
- Discovery & Association Evaluation : SSM identifies the instance based on the OS tag, as specified in our two associations which contains the installation and CloudWatch agent configuration.
- Execution: If the instance meets the criteria, SSM executes the association document and installs the CloudWatch agent.
- Configuration Application: As the final step, the relevant agent configuration is applied. (Windows or Linux).
If everything proceeds as expected, CloudWatch will begin collecting custom metrics from your instances.
With the additional metrics now available in Amazon CloudWatch, you’ve taken a significant step toward monitoring and optimizing your environment. But don’t stop there! The next logical move is to implement CloudWatch alarms. These alarms allow you to proactively respond to critical events, ensuring the health and performance of your AWS resources. So go ahead, set up those alarms, and gain even more control over your AWS infrastructure! 🚀