Applicable to Entuity v21.0 P02 upwards. If you are using an earlier version of Entuity, please see the following articles as appropriate. Note, the below articles pertain to support for performance monitoring scripts, installed per instance, that has been deprecated by AWS.
To enable metric collection for instances outside of the guest OS (i.e. from the AWS framework)
To enable metric collection from within the guest OS using the AWS CloudWatch agent)
Assign required instances to the configuration IAM role
Check the agent is running
Configure CloudWatch agents
Introduction:
Entuity v21.0 P02 upwards provides support for Amazon Web Service's CloudWatch agent, which is deployed via AWS System Manager (SSM). The CloudWatch agent replaces AWS' deprecated per-instance performance monitoring scripts. It caters for both Windows and Linux.
To enable metric collection for instances outside of the guest OS (i.e. from the AWS framework):
- From the AWS portal, navigate to EC2.
- From the list of Instances, select the instance of interest, and from the Actions dropdown click Monitor and troubleshoot > Manage detailed monitoring.
- A confirmation dialog will open. Click Confirm.
The CloudWatch EC2 namespace provides the following metrics:- CPU utilization
- Network in bytes
- Network out bytes
- Network in packets
- Network out packets
To enable metric collection from within the guest OS using the AWS CloudWatch agent:
The recommended method to enable metric collection from within the guest OS (i.e. using an OS-deployed agent) is via Amazon Web Service's CloudWatch agent. The CloudWatch agent is deployed using AWS System Manager.
- Create new IAM roles
- Assign required instances to the configuration IAM role
- Check the agent is running
- Configure CloudWatch agents
1. Create new IAM roles
To enable AWS System Manager deployment, you need to create two new IAM roles, if they have not already been created:
- a role with permissions allowing agent deployment.
- a role with permissions allowing agent execution and metric return.
To create a role with permissions allowing agent deployment:
- From the AWS portal, navigate to IAM.
- Click Roles and then Create Role.
- Specify the following parameters:
- Trusted entity type = "AWS service"
- Use case = "EC2 - Allows EC2 instances to call AWS services on your behalf"
- Check the following Permission Policies boxes:
- CloudWatchAgentAdminPolicy
- AmazonSSMFullAccess
- AmazonEC2RoleForSSM
- Click Next. Specify a name for this role, e.g. 'CloudWatchServerAgentConfigRole'.
To create a role with permissions allowing agent execution and metric return:
- From the AWS portal, navigate to IAM.
- Click Roles and then Create Role.
- Specify the following parameters:
- Trusted entity type = "AWS service"
- Use case = "EC2 - Allows EC2 instances to call AWS services on your behalf"
- Check the following Permission Policies boxes:
- CloudWatchAentServerPolicy
- AmazonSSMFullAcccess
- AmazonEC2RoleForSSM
- Click Next. Specify a name for this role, e.g. 'CloudWatchServerAgentMonitoringRole'
2. [Assign required instances to the configuration IAM role]
- From the AWS portal, navigate to EC2.
- Navigate to System Manager and then Node Management.
- Click Run Command and then the next Run Command.
- Select 'AWS-ConfigureAWSPackage'.
- Check Action = 'Install'.
- Leave the Version blank so that it picks up the latest version.
- Specify Name as 'AmazonCloudWatchAgent', which is the package to be installed.
- Select Choose instances manually and pick the instances on which the agent is to be installed.
- Note, if the instances are not listed for selection, check the SM agent is running (it can take a little while for SSM to be registered for newly created instances). For example, to install the SSM agent on Linux (if not already installed):
ssh -i "Jeff-PEM.pem" ec2-user@***.**.*.***
sudo dnf install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
- Note, if the instances are not listed for selection, check the SM agent is running (it can take a little while for SSM to be registered for newly created instances). For example, to install the SSM agent on Linux (if not already installed):
- Click Run.
3. Check the agent is running
- Ensure the agents are running:
-
To check the agent is running on Linux:
[root@ip-***-**-**-** ec2-user]# sudo systemctl status amazon-ssm-agent
amazon-ssm-agent.service - amazon-ssm-agent
Loaded: loaded (/etc/systemd/system/amazon-ssm-agent.service; enabled; preset: disabled)
Active: active (running) since Tue 2023-07-04 08:06:26 UTC; 22s ago
Main PID: 6845 (amazon-ssm-agen)
Tasks: 16 (limit: 4421)
Memory: 30.5M
CPU: 272ms
CGroup: /system.slice/amazon-ssm-agent.service
??6845 /usr/bin/amazon-ssm-agent
??6916 /usr/bin/ssm-agent-worker
... -
To check the agent is running on Windows:
PS C:\Users\Administrator> get-service AmazonSSMAgent
Status Name DisplayName
------ ---- -----------
Running AmazonSSMAgent Amazon SSM Agent
PS C:\Users\Administrator
-
- Soon after, the instance should appear in the list of selectable instances for AWS System Management.
- Check the Run command succeeds, e.g. that it changes from:
to:
4. Configure CloudWatch agents
Next you need to configure CloudWatch agents. Note, the configurations in the below examples are written to the SSM Parameter Store for reusing with other instances using the fetch-config action, but they are using local configurations themselves.
To configure the agent on Windows, using the wizard:
PS C:\Users\Administrator> cd 'C:\Program Files\Amazon\AmazonCloudWatchAgent\'
PS C:\Program Filess\Amazon\AmazonCloudWatchAgent> .\amazon-cloudwatch-agent-config-wizard.exe
===============================================================
= Welcome to the Amazon CloudWath Agent Configuration Manager =
= =
= CloudWatch Agent allows you to collect metrics and logs from =
= your host and send them to CloudWatch. Additional CloudWatch =
= charges may apply =
Selection:
OS = 2 (windows)
Location = 1 (EC2)
StatsD = 1 (yes)
Port = 8125 (default)
Collect = 1 (10s)
Aggregate = 4 (60s)
Import existing configuration = 2 (no)
Monitor host metrics = 1 (yes)
Monitor CPU per core = 1 (yes)
Add ec2 dimensions = 1 (yes)
Aggregate ec2 dimensions = 1 (yes)
Collect metrics at high resolution = 4 (60s)
Default metrics config = 3 (advanced)
Satisfied with config = 1 (yes)
Custom log = 2 (no)
Event log = 2 (no)
Saves config to config.json:
Wish to store config in SSM parameter store = 1 (yes)
Parameter store name = "AmazonCloudWatch-windows" (default suggestion)
Region = us-east-1 (default)
Credentials = 1 (the one used for this instance, not 2 = other)
To modify config.json to add some missing metrics (in bold in the below example):
{
"metrics": {
"aggregation_dimensions": [
[
"InstanceId"
]
],
"append_dimensions": {
"AutoScalingGroupName": "${aws:AutoScalingGroupName}",
"ImageId": "${aws:ImageId}",
"InstanceId": "${aws:InstanceId}",
"InstanceType": "${aws:InstanceType}"
},
"metrics_collected": {
"LogicalDisk": {
"measurement": [
"% Free Space", "Free Megabytes"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"Memory": {
"measurement": [
"% Committed Bytes In Use", "Available MBytes"
],
"metrics_collection_interval": 60
},
"Paging File": {
"measurement": [
"% Usage"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"PhysicalDisk": {
"measurement": [
"% Disk Time",
"Disk Write Bytes/sec",
"Disk Read Bytes/sec",
"Disk Writes/sec",
"Disk Reads/sec"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"Processor": {
"measurement": [
"% User Time",
"% Idle Time",
"% Interrupt Time"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"TCPv4": {
"measurement": [
"Connections Established"
],
"metrics_collection_interval": 60
},
"TCPv6": {
"measurement": [
"Connections Established"
],
"metrics_collection_interval": 60
},
"statsd": {
"metrics_aggregation_interval": 60,
"metrics_collection_interval": 10,
"service_address": ":8125"
}
}
}
}
You then should change the instance's IAM role to the monitoring role (e.g. CloudWatchServerAgentMonitoringRole), and then start the agent:
& "C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-ctl.ps1" -m ec2 stop
& "C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-ctl.ps1" -m ec2 fetch-config -c file:"C:\Program Files\Amazon\AmazonCloudWatchAgent\config.json"
& "C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-ctl.ps1" -m ec2 start
Alternatively, you can fetch and restart:
PS C:\Program Files\Amazon\AmazonCloudWatchAgent> & "C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-ctl.ps1" -m ec2 fetch-config -c file:"C:\Program Files\Amazon\AmazonCloudWatchAgent\config.json" -s
****** processing amazon-cloudwatch-agent ******
I! Trying to detect region from ec2
D! [EC2] Found active network interface
Successfully fetched the config and saved in C:\ProgramData\Amazon\AmazonCloudWatchAgent\Configs\file_config.json.tmp
Start configuration validation...
2023/07/05 09:09:24 Reading json config file path: C:\ProgramData\Amazon\AmazonCloudWatchAgent\Configs\file_config.json.tmp ...
2023/07/05 09:09:24 I! Valid Json input schema.
I! Trying to detect region from ec2
D! [EC2] Found active network interface
No csm configuration found.
No log configuration found.
Configuration validation first phase succeeded
Configuration validation second phase succeeded
Configuration validation succeeded
AmazonCloudWatchAgent has been stopped
AmazonCloudWatchAgent has been started
PS C:\Program Files\Amazon\AmazonCloudWatchAgent>
To configure the agent on Linux RedHat:
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-loudwatch-agent-config-wizard
OS = 1 (linux)
Location = 1 (EC2)
User = 1 (root)
StatsD = 1 (yes)
Port = 8125 (default)
Collect = 1 (10s)
Aggregate = 4 (60s)
Monitor collectD = 2 (no)
Monitor host metrics = 1 (yes)
Monitor CPU per core = 1 (yes)
Add ec2 dimensions = 1 (yes)
Aggregate ec2 dimensions = 1 (yes)
Collect metrics at high resolution = 4 (60s)
Default metrics config = 3 (advanced)
Satisfied with config = 1 (yes)
Existing cloudwatch config = 2 (no)
Custom log = 2 (no)
Event log = 2 (no)
Saves config to config.json:
Wish to store config in SSM parameter store = 1 (yes)
Parameter store name = “AmazonCloudWatch-linux” (default suggestion)
Region = us-east-1 (default)
Credentials = 1 (the one used for this instance, not 2 = other)
You then should change the instance's IAM role to the monitoring role (e.g. CloudWatchServerAgentMonitoringRole), and then start the agent:
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -m ec2 -a start
To check the agent is running:
[ec2-user@ip-***-**-**-** ~]$ ps -ef | fgrep -i cloud
cwagent 7342 1 0 09:06 ? 00:00:00 /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent -config /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml -envconfig /opt/aws/amazon-cloudwatch-agent/etc/env-config.json -pidfile /opt/aws/amazon-cloudwatch-agent/var/amazon-cloudwatch-agent.pid
ec2-user 7355 7200 0 09:06 pts/0 00:00:00 grep -F --color=auto -i cloud
Comments
0 comments
Please sign in to leave a comment.