Most AWS Services have built in support for cloudwatch to collect and store operational data. In the case of EC2, Amazon EC2 sends metrics to CloudWatch such as CPU Utilization, Network IN/Out etc.
Let's say you want to monitor an application running inside the EC2, That is where cloudwatch agent comes into play.
Download the cloudwatch agent package from https://s3.amazonaws.com/amazoncloudwatch-agent/debian/amd64/latest/amazon-cloudwatch-agent.deb
Run the following command:
wget https://s3.amazonaws.com/amazoncloudwatch-agent/debian/amd64/latest/amazon-cloudwatch-agent.deb
if you downloaded RPM package, change to the directory containing the package and enter the following:
sudo dpkg -i -E ./amazon-cloudwatch-agent.deb
Attact IAM Role to give an instance access to SSM Parameter store and cloudwatch log permissions.
-
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
-
In the navigation pane on the left, choose Roles and then Create role.
-
Make sure that AWS service is selected under Trusted entity type.
-
For Use case, choose EC2 under Common use cases,
Choose Next.
-
In the list of policies, select the check box next to CloudWatchAgentServerPolicy and AmazonSSMFullAccess. If necessary, use the search box to find the policy.
-
Choose Next.
-
In Role name, enter a name for the role, such as CloudWatchAgentServerRole. Optionally give it a description. Then choose Create role.
-
Attact a role to an EC2 instance.
The role is now created.
Start the cloudwatch agent configuration wizard
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
Press Enter to use Default settings
Install the CollectD agent
sudo mkdir /usr/share/collectd
sudo touch /usr/share/collectd/types.db
Start the cloudwatch Agent with SSM paramter store configuration
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c ssm:AmazonCloudWatch-linux