Quickly Start Monitoring Your Workloads with the Amazon CloudWatch Agent

21/03/2024
Posted in DevOps

Quickly Start Monitoring Your Workloads with the Amazon CloudWatch Agent

 

In the dynamic world of cloud computing, effective and swift monitoring of your system’s health and performance is essential. The Amazon CloudWatch Agent stands out as a robust solution that empowers you to track custom metrics with ease. An important reason to use the agent, instead of just using CloudWatch agentless, is to collect additional metrics. A typical metric would be memory usage, but you can also monitor Windows WMI performance counters or Linux metrics from the /proc/stat file. While some organizations may lean towards specialized third-party monitoring solutions for their comprehensive features and dedicated support, the CloudWatch Agent presents a streamlined and cost-effective alternative, all within your AWS environment.

The CloudWatch agent simplifies the monitoring process and integrates seamlessly with your existing AWS ecosystem. However, before running the agent on any servers, it’s crucial to create a CloudWatch agent configuration file. Otherwise, no additional metrics beyond the default EC2 metrics that are being sent to CloudWatch will be monitored. Utilizing the provided CloudFormation template, you can initiate your monitoring capabilities without the complexities typically associated with setup and configuration.

We use CloudFormation because it automates and simplifies the process of managing related AWS resources, helping us to build and replicate infrastructure in a predictable and controlled manner.

Let’s look at how this solution works in detail.

High Level Architecture

  • The template can be downloaded from the Cloudar GitHub repository here: cloudwatch.yaml

The CloudFormation template includes the following resources:

  • SSMDocumentCloudWatchAgent: an SSM document that combines the AWS-ConfigureAWSPackage with the AmazonCloudWatchAgent and AmazonCloudWatch-ManageAgent to install and configure the CloudWatch agent.
  • AgentConfigLinuxParameter and AgentConfigWinParameter: SSM parameters that store the configuration for Linux and Windows environments, respectively.
  • CWAgentLinuxAssociation and CWAgentWinAssociation: SSM associations that ensure the execution of the CloudWatch agent installation and configuration.
  • IAMPolicySSMParameter: an IAM policy that grants the necessary permissions for SSM and CloudWatch agent operations.
  • IAMRoleforSSM and InstanceProfileforSSM: IAM role and instance profile that provide the required policies for SSM, CloudWatch agent, and access to the SSM parameters.

Deploying this template will create an SSM document, which is the result of merging two managed AWS SSM documents: AWS-ConfigureAWSPackage with AmazonCloudWatchAgent and AmazonCloudWatch-ManageAgent. This document will install the CloudWatch agent using the specified configuration.
The SSM associations will enforce the execution of this document to install and configure the CloudWatch agent. It will check the EC2 instances’ tags for the OS key (a dedicated OS tag is necessary for detecting the required configuration, an SSM association doesn’t explicitly detect OS details through e.g. metadata) and, depending on its value, will use either the Linux or Windows SSM parameter as its configuration. The created IAM resources are the preferred instance role, containing the necessary policies for SSM, the CloudWatch agent, and access to the SSM parameters that will be used.

The essential managed AWS policy for the CloudWatch agent is identified by the ARN:  arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy

We are using SSM State Manager associations for better control, flexibility, and ease of management compared to manual installation or embedding in userdata fields.

The provided CloudWatch agent configurations are examples to help you get started quickly. We recommend you review and adapt them to better suit your requirements.

Once the CloudFormation template is deployed in your environment, the following process occurs:

  • When an instance starts or is already running, SSM performs these steps:
    1. Discovery & Association Evaluation : SSM identifies the instance based on the OS tag, as specified in our two associations which contains the installation and CloudWatch agent configuration.
    2. Execution: If the instance meets the criteria, SSM executes the association document and installs the CloudWatch agent.
    3. Configuration Application: As the final step, the relevant agent configuration is applied. (Windows or Linux).

If everything proceeds as expected, CloudWatch will begin collecting custom metrics from your instances.

CloudWatch metrics

 

With the additional metrics now available in Amazon CloudWatch, you’ve taken a significant step toward monitoring and optimizing your environment. But don’t stop there! The next logical move is to implement CloudWatch alarms. These alarms allow you to proactively respond to critical events, ensuring the health and performance of your AWS resources. So go ahead, set up those alarms, and gain even more control over your AWS infrastructure! 🚀

LET'S WORK
TOGETHER

Need a hand? Or a high five?
Feel free to visit our offices and come say hi
… or just drop us a message

We are ready when you are

Cloudar – Operations

Veldkant 7
2550 Kontich (Antwerp)
Belgium

info @ cloudar.be

+32 3 450 67 18

Cloudar – HQ

Veldkant 33A
2550 Kontich (Antwerp)
Belgium

VAT BE0564 763 890

    This contact form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    contact