Skip to main content

CloudWatch Agent Installation on Ubuntu Bionic

Installing and Configuring AWS CloudWatch agent on Ubuntu 18.04 LTS

Using CloudWatch for EC2 instances get you a lot of insight before trying to use third party monitoring solutions. Since it is an integrated service, setting up and make it available is a breeze. Lets see how to do that step by step.



Prerequisites:

  1. IAM Role attached to the instance with required permissions
  2. "collectd" - A system information collection tool that collects and organize metrics of your instance
To make aws cloudwatch agent to push data from the instance, you need to attach an IAM role. AWS provides a role by default called 
CloudWatchAgentServerRole
But, if, you have an IAM role attached to the instance already, make sure you attach  the following policy to the role. 
CloudWatchAgentServerPolicy
First thing first, update your ubuntu apt repository, 
sudo apt-get update
I would always prefer to go into tmp directory to download materials, so,
cd /tmp
Now, lets download the aws cloudwatch agent package
sudo wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
Installation is just a command away 
sudo dpkg -i -E ./amazon-cloudwatch-agent.deb
As part of installation, a service account called `cwagent` will be created for the agent to use. We need to grant the read permission to this user to read logs from various locations
sudo usermod -aG adm cwagent
At this time, the aws cloudwatch agent is just installed and it is neither started nor configured.
We need to install "collectd" as specified in the prerequisites section. Believe me, this is easy. 
sudo apt-get install collectd collectd-utils
Once the installation is completed, you can enable / disable plugins in "collectd" to collect metrics of your requirement.
sudo nano /etc/collectd/collectd.conf
Hostname "app_host"

If you have a real domain name configured, you can skip this and just leave `FQDNLookup` so that the server will use the DNS system to get the proper domain. 

LoadPlugin apache
LoadPlugin cpu
LoadPlugin df
LoadPlugin entropy
LoadPlugin interface
LoadPlugin load
LoadPlugin memory
LoadPlugin processes
LoadPlugin rrdtool
LoadPlugin users
We have completed all the steps for the agent to collect metrics. Now we need to configure the agent to complete the whole process. Surprisingly, this is made super easy by just calling the wizard.
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
Once the wizard is completed, a config file is created automatically for you and stored in,
/opt/aws/amazon-cloudwatch-agent/bin/config.json by default and you have to copy it to,
/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
I would do it simply by
sudo cp /opt/aws/amazon-cloudwatch-agent/bin/config.json /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
Now, lets start the cloudwatch agent by specifying its config file
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json -s
Let us also make sure the agent is enabled to start during boot,
sudo systemctl enable amazon-cloudwatch-agent.service
Check the status of the service, it should say active running
sudo service amazon-cloudwatch-agent status

Labels:
Location: Chennai, Tamil Nadu, India

Comments

Post a Comment

Popular posts from this blog

Welcome Message on Linux Systems

 Bored of the default advertisement banners? Let us see how to change the welcome message on most linux systems. There are two ways the message is displayed 1. Before the password prompt 2. After the user is logged in Before, $ sudo nano /etc/issue.net After, $ sudo nano /etc/motd Simple Message for banner This system is for authorized use only. All activities are logged and checked at frequent intervals. Unauthorized individuals attempting to connect to, port-scan, deface, hack, or otherwise interfere with any services on this system will be reported. Now, This will change the banner and the new users would see it. But will disappear when you reboot the system on AWS, Azure and other cloud as the update script will reset it to default. To make the banner permanent, disable the script at /usr/sbin/update-motd by, $ sudo update-motd --disable Or, Open ssh config and enable banners $ sudo nano /etc/ssh/sshd_config Look for "Banner" and update as below #Banner /etc/issue.net Sa...
1 comment
Read more

AWS Security Best Practices

Security Best Practices Security is the key concern on the cloud. While most of the cloud providers do offer industry standard security features, it comes under the ownership of the customer (or in the hands of cloud devops engineers). So security breach is on you.....! Today, we are going to see how to leverage the security features provided by Amazon Web Services Cloud in terms of Infrastructure (the cloud itself) , EC2, VPC, RDS and Identity in general. Infrastructure IAM Usage Root account credentials and its Access and Secret Keys are like Credit Card numbers and can be used for any root level activities once compromised. Instead create and use IAM account with required privileges assigned. For multi-level privileged users with access to sensitive resources and programming interfaces, it is recommended to enable MFA It's more secure to start with a minimum set of permissions and grant additional permissions as necessary, rather than starting with permissions that are too lenie...
1 comment
Read more