Skip to main content

CloudWatch Agent Installation on Ubuntu Bionic

Installing and Configuring AWS CloudWatch agent on Ubuntu 18.04 LTS

Using CloudWatch for EC2 instances get you a lot of insight before trying to use third party monitoring solutions. Since it is an integrated service, setting up and make it available is a breeze. Lets see how to do that step by step.



Prerequisites:

  1. IAM Role attached to the instance with required permissions
  2. "collectd" - A system information collection tool that collects and organize metrics of your instance
To make aws cloudwatch agent to push data from the instance, you need to attach an IAM role. AWS provides a role by default called 
CloudWatchAgentServerRole
But, if, you have an IAM role attached to the instance already, make sure you attach  the following policy to the role. 
CloudWatchAgentServerPolicy
First thing first, update your ubuntu apt repository, 
sudo apt-get update
I would always prefer to go into tmp directory to download materials, so,
cd /tmp
Now, lets download the aws cloudwatch agent package
sudo wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
Installation is just a command away 
sudo dpkg -i -E ./amazon-cloudwatch-agent.deb
As part of installation, a service account called `cwagent` will be created for the agent to use. We need to grant the read permission to this user to read logs from various locations
sudo usermod -aG adm cwagent
At this time, the aws cloudwatch agent is just installed and it is neither started nor configured.
We need to install "collectd" as specified in the prerequisites section. Believe me, this is easy. 
sudo apt-get install collectd collectd-utils
Once the installation is completed, you can enable / disable plugins in "collectd" to collect metrics of your requirement.
sudo nano /etc/collectd/collectd.conf
Hostname "app_host"

If you have a real domain name configured, you can skip this and just leave `FQDNLookup` so that the server will use the DNS system to get the proper domain. 

LoadPlugin apache
LoadPlugin cpu
LoadPlugin df
LoadPlugin entropy
LoadPlugin interface
LoadPlugin load
LoadPlugin memory
LoadPlugin processes
LoadPlugin rrdtool
LoadPlugin users
We have completed all the steps for the agent to collect metrics. Now we need to configure the agent to complete the whole process. Surprisingly, this is made super easy by just calling the wizard.
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
Once the wizard is completed, a config file is created automatically for you and stored in,
/opt/aws/amazon-cloudwatch-agent/bin/config.json by default and you have to copy it to,
/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
I would do it simply by
sudo cp /opt/aws/amazon-cloudwatch-agent/bin/config.json /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
Now, lets start the cloudwatch agent by specifying its config file
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json -s
Let us also make sure the agent is enabled to start during boot,
sudo systemctl enable amazon-cloudwatch-agent.service
Check the status of the service, it should say active running
sudo service amazon-cloudwatch-agent status

Labels:
Location: Chennai, Tamil Nadu, India

Comments

Post a Comment

Popular posts from this blog

Welcome Message on Linux Systems

 Bored of the default advertisement banners? Let us see how to change the welcome message on most linux systems. There are two ways the message is displayed 1. Before the password prompt 2. After the user is logged in Before, $ sudo nano /etc/issue.net After, $ sudo nano /etc/motd Simple Message for banner This system is for authorized use only. All activities are logged and checked at frequent intervals. Unauthorized individuals attempting to connect to, port-scan, deface, hack, or otherwise interfere with any services on this system will be reported. Now, This will change the banner and the new users would see it. But will disappear when you reboot the system on AWS, Azure and other cloud as the update script will reset it to default. To make the banner permanent, disable the script at /usr/sbin/update-motd by, $ sudo update-motd --disable Or, Open ssh config and enable banners $ sudo nano /etc/ssh/sshd_config Look for "Banner" and update as below #Banner /etc/issue.net Sa...
Post a Comment
Read more

Setting up your first RDS CAL Licensing

Remote Desktop Services (RDS) is one of the roles under server roles provided by Microsoft Windows Server. What makes RDS different from a usual remote desktop connection is the the number of concurrent connections to the remote host. By default Windows enables only two concurrent session for a user to access a remote server using RDP. If you require many users to connect to a remote server (aka Remote Desktop Session Host (RDSH) ), you will to procure client access license (CAL) to achieve the same. We'll see how to provision this setup and their requirements.
1 comment
Read more