Configure EC2 monitoring easily with the Amazon CloudWatch Agent Config Wizard. Our AWS Support team is ready to assist you.
Quick Guide to Amazon CloudWatch Agent Config Wizard
Monitoring your AWS EC2 instances is key to ensuring performance and reliability. The CloudWatch Agent collects metrics and logs, giving you real-time insights into your system. Proper setup helps track CPU, memory, disk usage, and application logs efficiently.
This guide will show you how to install, configure, and start the CloudWatch Agent on Linux and Windows EC2 instances, along with tips to optimize monitoring and maintain security.
Create an IAM Role for Running the CloudWatch Agent on an EC2 Instance
Monitoring your EC2 instances with CloudWatch is crucial for performance tracking and system health. To make this seamless, you need an IAM role that allows the CloudWatch Agent to send metrics and logs securely. Follow these steps to set it up efficiently.
Sometimes, incorrect IAM or network settings can lead to unexpected issues such as an AWS ELB 400 Error, so ensuring proper permissions and configurations from the start helps prevent such problems.
1: Open the IAM Console
Start by signing in to your AWS Management Console and navigating to the IAM service. This is where you manage roles, users, and permissions.
2: Create a New Role
- Select Roles from the left menu and click Create Role.
- Choose AWS service as the trusted entity.
- Under common use cases, select EC2. Click Next to proceed.
3: Attach Permissions Policies
- Search for CloudWatchAgentServerPolicy and attach it. This allows the CloudWatch Agent to send metrics and logs.
- Optionally, attach AmazonSSMManagedInstanceCore. This lets AWS Systems Manager manage your instance, which simplifies installation and configuration of the CloudWatch Agent.
- Click Next after selecting the policies.
4: Name and Create the Role
- Enter a descriptive role name such as CloudWatchAgentEC2Role.
- Add a description if desired.
- Review the attached policies and trusted entities.
- Click Create Role to finalize.
5: Attach the Role to Your EC2 Instance
- For a new instance, select the IAM role during launch.
- For an existing instance, go to the EC2 Console, select the instance, choose Actions, then Security, and Modify IAM Role. Assign the newly created role and save changes.
Looking to configure EC2 monitoring quickly?
Install the CloudWatch Agent on an EC2 Instance
Monitoring EC2 instances with CloudWatch ensures optimal performance and reliability. Follow these steps to install the unified CloudWatch Agent.
If your monitoring indicates storage-related issues, it might be necessary to manage disk space effectively, for example using AWS centos to extend volume to increase capacity without downtime.
Prerequisites
- IAM Role: Attach a role with CloudWatchAgentServerPolicy to the instance.
- Connectivity: Ensure outbound access to CloudWatch endpoints. Use VPC endpoints for private subnets.
Installation Methods
Using AWS Systems Manager (Recommended)
- Ensure SSM Agent is installed and running.
- Open Systems Manager, select Run Command, and choose AWS-ConfigureAWSPackage.
- Set action to Install and name to AmazonCloudWatchAgent, then run on your instance.
Manual Installation
Linux
- Amazon Linux 2: sudo yum install amazon-cloudwatch-agent -y
- RPM systems: download and install the RPM package.
- Debian systems: download and install the DEB package.
Windows
- Download the MSI installer from S3 and run it
.
Configure the Agent
- Run the configuration wizard:
- Linux: /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
- Windows: C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-config-wizard.exe
- Save the generated config.json locally or in the Parameter Store.
Start and Enable the Agent
- Apply configuration and start:
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.jsonEnable auto-start on reboot:
sudo systemctl enable amazon-cloudwatch-agentVerify Installation
- Check logs: sudo tail -f /opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log
- Confirm metrics and logs appear in CloudWatch.
Create a CloudWatch Agent Configuration File
Setting up the CloudWatch Agent correctly allows your EC2 instance to collect important metrics and logs for monitoring and troubleshooting. Using the configuration wizard simplifies this process, while giving you the flexibility to customize settings later.
Using the Wizard on Amazon Linux, Amazon Linux 2, and Amazon Linux
- Open a terminal on your EC2 instance.
- Run the configuration wizard by entering:
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizardFollow the prompts carefully to select the metrics and logs you want to monitor.
Using the Wizard on Windows
- Open an elevated Command Prompt or PowerShell.
- Navigate to the CloudWatch Agent installation folder:
cd "C:\Program Files\Amazon\AmazonCloudWatchAgent"- Start the wizard by running:
.\amazon-cloudwatch-agent-config-wizard.exeFollow the instructions to configure the desired metrics and logs.
After Completing the Wizard
- On Linux, the configuration file is saved at:
/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.jsonOn Windows, the configuration file is saved at:
C:\Program Files\Amazon\AmazonCloudWatchAgent\config.jsonYou can edit this file manually to add or remove metrics and logs. After making changes, restart the CloudWatch Agent to apply the updates.
Start the CloudWatch Agent
After creating the configuration file, you need to start the CloudWatch Agent to begin sending metrics and logs to CloudWatch. Follow the steps for your operating system.
For Amazon Linux, Amazon Linux 2, and Amazon Linux 2023
- Open a terminal on your EC2 instance.
- Run the following command, replacing configuration-file-path with the path to your configuration file:
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:configuration-file-path -sThis command applies your configuration and starts the agent.
For Windows
- Open PowerShell as an administrator.
- Run the following command, replacing configuration-file-path with your configuration file path:
& $Env:ProgramFiles\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-ctl.ps1 -a fetch-config -m ec2 -c file:configuration-file-path -sWhat Happens Next
Once the agent starts, it immediately begins sending metrics and logs to CloudWatch. By default, metrics are pushed to the CWAgent namespace. You can verify the data in the CloudWatch console to ensure the agent is running correctly.
CloudWatch Agent Configuration Tips
- Know What to Monitor: Decide which metrics and logs are important for your instance.
- Prepare Your Environment: Make sure software, network access, and permissions are ready.
- Follow the Wizard Carefully: Complete each step accurately without skipping.
- Check Settings: Understand each option and refer to documentation if needed.
- Secure the Agent: Set credentials, encryption, and communication safely.
- Choose Monitoring Scope: Select only the applications, directories, or metrics needed.
- Set Alerts and Reports: Configure notifications and reporting schedules.
- Test the Setup: Verify that the agent collects data as expected.
- Document Your Configuration: Keep a record for troubleshooting or future setups.
- Restart Services if Required: Apply changes by restarting related services.
[Need assistance with a different issue? Our team is available 24/7.]
Conclusion
The Amazon cloudWatch agent config wizard simplifies the process of setting up monitoring and logging on EC2 instances. It guides you through configuring metrics, logs, and alerts, helping you maintain system performance and security. Proper configuration ensures real-time insights and reliable monitoring across your AWS environment.
