Amazon Web Service has deprecated support for per-instance performance monitoring scripts. As of Entuity v21.0 P02 upwards, Entuity provides updated support for the AWS CloudWatch agent, which is deployed via AWS Systems and is the recommended method for enabling metric collection for most AWS instances (both Windows and Linux). Please see this article for updated help and information on enabling AWS CloudWatch monitoring.
If you are using an earlier version of Entuity, please see the below instructions.
These instructions apply to instrumenting Windows Guests on AWS in bulk, using SSM. This uses the recommended AWS CloudWatch agent.
For the first instance:
- You will need two IAM roles - one for monitoring (pushing results to CloudWatch) and one for configuring (pushing config to the Parameter Store). Unless you already have two appropriate IAM roles and servers, create them as follows:
- Create the server configuration role:
- From the AWS IAM Console, go to Roles > Create Role > select EC2 Allows EC2 instances to call AWS services on your behalf > Next: Permissions
- Tick the check boxes for "CloudWatchAgentAdminPolicy", "AmazonEC2RoleforSSM" and "AmazonSSMFullAccess".
- Click Next: Review
- Provide a name for the role, e.g. "CloudWatchServerAgentConfigRole".
- Click Create Role.
- Create the server agent monitoring role:
- From the AWS IAM Console, go to Roles > Create Role > select EC2 Allows EC2 instances to call AWS services on your behalf > Next: Permissions.
- Tick the check boxes for "CloudWatchAgentServerPolicy", "AmazonEC2RoleforSSM" and "AmazonSSMFullAcccess".
- Click Next: Review.
- Provide a name for the role, e.g. "CloudWatchServerAgentMonitoringRole".
- Click Create Role.
- Create the server agent configuration user (needed to push config into Parameter Store):
- From the AWS IAM Console, go to Users > Add User > provide name, e.g. "CloudWatchConfigUser".
- Click Programmatic access > Permissions > Attach existing policies directly.
- In the list of policies, select "CloudWatchAgentAdminPolicy", "AmazonEC2RoleforSSM" and "AmazonSSMFullAccess".
- Click Review > Create User.
- Next to the name of the new user, choose Show and make a note of the new access key and secret key.
- Click Close.
- Create the server agent monitoring user:
- From the AWS IAM Console, go to Users > Add User > provide name, e.g. "CloudWatchMonitoringUser".
- Click Programmatic access > Permissions > Attach existing policies directly.
- In the list of policies, select "CloudWatchAgentServerPolicy", "AmazonEC2RoleforSSM" and "AmazonSSMFullAccess".
- Click Review > Create User.
- Next to the name of the new user, choose Show and make a note of the new access key and secret key.
- Click Close.
- Create the server configuration role:
- Install CloudWatch Agent on the first instance:
- Attach SSM capable IAM role to the instance, e.g. CloudWatchServerAgentConfigRole (from above).
- Go to AWS > EC2 > Systems Manager Services > Run Command > Run a command.
- Select "AWS-ConfigureAWSPackage".
- Select the instance (Note, if the IAM role has only just been assigned to the instance, it might take several minutes before it appears in the "select instances" list).
- Set Action to Install.
- In Name, type "AmazonCloudWatchAgent".
- Check Version is "latest".
- Click Run.
- Click View Result.
- Wait until status changed from "In Progress" to "Success" or "Failed". If failed, check the output of the job to see what went wrong.
- Configure the first instance:
- Connect to the instance (RDP)
- Create C:\ProgramData\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent.json and change contents to:
{
"agent": {
"metrics_collection_interval": 60,
"logfile": "c:\\ProgramData\\Amazon\\AmazonCloudWatchAgent\\Logs\\amazon-cloudwatch-agent.log",
"debug": true
},
"metrics": {
"metrics_collected": {
"LogicalDisk": {
"measurement": [
{"name": "% Free Space", "rename": "Instance Logical Disk % Free Space", "unit": "Percent"},
{"name": "Free Megabytes", "rename": "Instance Logical Disk Free Megabytes"}
],
"resources": [
"*"
]
},
"Memory": {
"measurement": [
{"name": "Available MBytes", "rename": "Instance Memory Available MBytes"}
]
}
},
"append_dimensions": {
"InstanceId": "${aws:InstanceId}" }
}
}
- On the instance, Enable CloudWatch Monitoring > Enable Detailed Monitoring (right click action from instances list).
- Install AWS CLI in the instance from:
- https://s3.amazonaws.com/aws-cli/AWSCLI64.msi; or
- https://s3.amazonaws.com/aws-cli/AWSCLI32.msi, depending on the architecture.
- Run aws configure, e.g. (using CloudWatchConfigUser from above):
C:\ProgramData\Amazon\AmazonCloudWatchAgent>"C:\Program Files (x86)\Amazon\AWSCLI\aws.exe" configure <- if 64 bit
C:\ProgramData\Amazon\AmazonCloudWatchAgent>"C:\Program Files\Amazon\AWSCLI\aws.exe" configure <- if 32 bit
AWS Access Key ID [None]: <INSERT KEY HERE>
AWS Secret Access Key [None]: <INSERT KEY HERE>
Default region name [None]: eu-central-1
Default output format [None]:
C:\ProgramData\Amazon\AmazonCloudWatchAgent>
-
Then upload config from the instance to SSM Parameter Store:
(32bit):
C:\ProgramData\Amazon\AmazonCloudWatchAgent>"C:\Program Files (x86)\Amazon\AWSCLI\aws.exe" ssm put-parameter --name "CloudWatchConfigWin" --type "String" --value file://c:\ProgramData\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent.json --overwrite
{
"Version": 1
}(64 bit):
C:\ProgramData\Amazon\AmazonCloudWatchAgent>"C:\Program Files\Amazon\AWSCLI\aws.exe" ssm put-parameter --name "CloudWatchConfigWin" --type "String" --value file://c:\ProgramData\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent.json --overwrite
{
"Version": 1
} - Then in SSM, configure the agent (to check that config pull works):
- Run command: "AmazonCloudWatch-ManageAgent"
- Select instance.
- Action: configure
- Mode: ec2
- Optional Configuration Source: ssm
- Optional Configuration Location: CloudWatchConfigWin
- Optional Restart: yes
- Click Run.
- Check CloudWatch metrics. Browse Metrics and CW Agent:
- InstanceId, Instance, ObjectName for disks.
- InstanceId, ObjectName for memory.
- Check that the full set of metrics appear in Entuity - CPU, guest memory, disks' names and utilization %, network traffic in and out, bytes and packet.
For subsequent instances:
- For the instance, assign an IAM role with SSM and CloudWatch rights - e.g. "CloudWatchServerAgentMonitoringRole" above.
- On the instance - enable CloudWatch Monitoring > Enable Detailed Monitoring (right click action from instances list).
- Go to AWS > EC2 > Systems Manager Services > Run Command > Run a command:
- Choose AWS-ConfigureAWSPackage
- Select the instance(s) (Note, if the IAM role has only just been assigned to the instance, it might take several minutes before it appears in the "select instances" list).
- Set Action to "Install".
- In Name, type "AmazonCloudWatchAgent".
- Check Version is "Latest".
- Click Run.
- Click View Result.
- Wait until status changes from "In Progress" to "Success" or "Failed". If failed, check output of the job to see what went wrong.
- Then in SSM configure the agent (to check the config pull works):
- Run command: "AmazonCloudWatch-ManageAgent".
- Select instance(s).
- Action: configure.
- Mode: ec2.
- Optional Configuration Source: ssm.
- Optional Configuration Location: CloudWatchConfigWin.
- Optional Restart: yes
- Click Run.
- Check CloudWatch metrics. Browse Metrics and CW Agent:
- InstanceId, Instance, ObjectName for disks.
- InstanceId, ObjectName for memory.
- Check that the full set of metrics appear in Entuity - CPU, guest memory, disks' names and utilization %, network traffic in and out, bytes and packet.
Comments
0 comments
Please sign in to leave a comment.