Do you want to configure CloudWatch on EC2 instance, but have no clue? Our Support Engineers are here to lend a helping hand.

The experts at Bobcares offer you a step-by-step guide to install & configure CloudWatch Logs agent using CloudWatch Logs agent installer on an EC2 instance.

Configure CloudWatch on EC2 instance

Once you install and configure CloudWatch on an existing EC2 instance, the logs will flow from to the log stream from the instance. This is confirmed by the agent and will continue running till it is disabled.

The log data can also be published by AWS CLI, CloudWatch Logs API or CloudWatch Logs SDK.

The AWS CLI is the best option for publishing data via command line or scripts, while CloudWatch Logs SDK is apt for building a custom log publishing application or publishing log data directly from applications.

Step 1:Configure user or your IAM role for CloudWatch Logs

Did you know that the CloudWatch Logs agent supports users and IAM roles? In case you have an existing IAM role associated with an instance, remember to include it is the IAM policy.

However, if you do not have one, you can utilize your IAM credentials in the next step or choose to assign an IAM role to the instance.

1. Open the AWS Identity and Access Management (IAM) console at this link.
2. Choose Roles from the navigation pane.
3. Select the role by choosing the role name.
4. Then, navigate to Attach Policies, Create Policy. This opens a new window or tab.
5. Select JSON tab and enter the following policy document:

   {
     "Version": "2012-10-17",
     "Statement": [
       {
         "Effect": "Allow",
         "Action": [
           "logs:CreateLogGroup",
           "logs:CreateLogStream",
           "logs:PutLogEvents",
           "logs:DescribeLogStreams"
       ],
         "Resource": [
           "*"
       ]
     }
    ]
   }
6. After that, select. Any syntax errors will be reported by the Policy Validator.
7. Then, type Name and Description on the Reviews Policy page. Verify the policy to check the permissions granted by the policy. Finally, select Create policy and save the new changes.
8. Next, close the window or tab and navigate to Add Permissions page. Click refresh and select the new policy.
9. Select Attach Policy.

Step 2: Install & configure CloudWatch Logs

According to our Support Team, the process differs based on whether the Amazon EC2 instance is running Ubuntu. Amazon Linux, Red Hat, or CentOS. Proceed to the section depending on the version of Linux on the existing instance.

Install & configure CloudWatch Logs: Amazon Linux instance

CloudWatch Logs agent is obtainable as an RPM installation along with the awslogs package from Amazon Linux AMI 2014.09 onward. If you have an earlier version of Amazon Linux, you can get hold of the awslogs package by updating the instance with sudo yum update -y command. This allows the instance to receive regular package patches and updates without reinstalling the CloudWatch Logs agent manually.

1. 1. First, connect to the Amazon Linux instance.
   2. Then, update the Amazon Linux instance for the latest changes in the package repositories.

      sudo yum update -y
   3. After that, install awslogs package with this command:

      sudo yum install -y awslogs
   4. After that, configure the logs to track by editing the /etc/awslogs/awslogs.conf file.
   5. The Region is set to us-east-1 by default in the /etc/awslogs/awscli.conf file. You can push the logs to another Region by editing the file and specifying the Region.
   6. Next, run the following command to initiate awslogs service:

      sudo service awslogs start

      For Amazon Linux 2, use this command:

      sudo systemctl start awslogsd
   7. You can look for logged errors in the /var/log/awslogs.log file.
   8. Next, run this command to start the awslogs service during each system boot.

      sudo chkconfig awslogs on

      For Amazon Linux 2, use this command:

      sudo systemctl enable awslogsd.service
   9. Now, you will be notice to see the recently created log stream and log group in the CloudWatch console once the agent has been running for a few minutes.

   Install & configure CloudWatch Logs: CentOs, Ubuntu Server, or Red Hat instance

   Use the following steps to manually install CloudWatch Logs agent on CentOs, Ubuntu Server, or Red Hat instance:

   1. First, connect to the Amazon EC2 instance.
   2. Then, run the CloudWatch Logs agent installer directly from the internet or run it standalone after downloading the files.

      Remember to run the command apt -get update prior to running the following commands.

      Run the CloudWatch Logs agent installer directly from the internet with the following commands:

      curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O
      sudo python ./awslogs-agent-setup.py --region us-east-1

      In case these commands do not work, try:

      sudo python3 ./awslogs-agent-setup.py --region us-east-1

      Run the CloudWatch Logs agent installer as a standalone with the following commands:

      curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O
      curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/AgentDependencies.tar.gz -O
      tar xvf AgentDependencies.tar.gz -C /tmp/
      sudo python ./awslogs-agent-setup.py --region us-east-1 --dependency-path /tmp/AgentDependencies

      Specify either us-west-1, us-west-2, us-east-1, p-southeast-1, ap-southeast-2, ap-south-1, eu-central-1, ap-northeast-2, aap-northeast-1, sa-east-1 or eu-west-1 while installing CloudWatch Logs agent.

      Furthermore, you have to enter additional information during the setup process. So keep the following information on hand before you proceed:

      Item	Description
      AWS access key	Enter AWS access key ID, or press Enter if using IAM role.
      AWS secret access key	Enter AWS secret access key ID, or press Enter if using IAM role.
      Default ouput format	Leave blank, press enter.
      Default Region name	Press Enter for default us-east-2. You can also change it to us-west-1, us-west-2, p-southeast-1, ap-southeast-2, ap-south-1, eu-central-1, ap-northeast-2, aap-northeast-1, sa-east-1 or eu-west-1
      Path of log file to upload	The installer will suggest a path for the location of the file that consists the log data.
      Destination Log Stream name	The installer will suggest a host name. By default it is set as the name of the host.
      Destination Log Group name	The installer will suggest a log group name.
      Timestamp format	Select the format of time stamp for specified log file. You can also select customize it.
      Initial position

      Once you have reached this point, you will be asked by the installer about configuring another log file. Run the process as many times as required for each log file. In case you have no more log files to monitor. Select N when asked to set up another log by the installer.
   3. Now you will see the recently created log stream and log group in the CloudWatch console once the agent has been running for a few minutes.

   [Need a helping hand?We are just a click away.]

   Conclusion

   In brief, we learned how to install and configure CloudWatch on an existing EC2 instance under the watchful eyes of the Support Team at Bobcares.

   PREVENT YOUR SERVER FROM CRASHING!

   Never again lose customers to poor server speed! Let us help you.

   Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

   GET STARTED