In this article, we will see step-by-step instructions to setup AWS EC2 Instance Monitoring Alarms using AWS Cloudwatch and CloudWatch Agent. The purpose of this post is to create a unified guide document to implement CloudWatch alarms as I couldn’t find any such documents when I tried to implement this for the first time.
This guide is written with the basic assumption that you want to implement Cloudwatch alarms in Linux based operating systems and the instructions are given for Ubuntu 16.04 and 18.04 operating system, however, it will work for other Linux variants also but commands like “apt” or “apt-get” must be replaced with command like “yum” relevant to the operating system.
CloudWatch is an AWS Service that monitors EC2 Instances and let create Alarms for monitoring metrics such as CPU Utilization, Network Usage, StatusCheckFailed_Instance, StatusCheckFailed_System etc by default and doesn’t require any installation.
However, if detailed metrics such as Memory, Network & Storage usages etc are required, then the CloudWatch Agent (CWAgent) has to be installed on the EC2 Instance(s) to be monitored. Before proceeding to create the Alarms, then the CWAgent has to be installed on the EC2 Instance(s).
Amazon Simple Notification Service (SNS)
Amazon SNS Will be used to send notifications to email / Squadcast, when the Alarms are triggered in CloudWatch.
Installing CWAgent on an EC2 Instance
Follow the below steps to properly install the CWAgent on an EC2 Instance.
1. Create IAM Role
To create the IAM role necessary for each server to run CloudWatch agent
- Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
- In the navigation pane on the left, choose Roles, Create role.
- Choose the service that will use this role, choose EC2 Allows EC2 instances to call AWS services on your behalf. Choose Next: Permissions.
- In the list of policies, select the checkbox next to CloudWatchAgentServerPolicy. Use the search box to find the policy, if necessary.
- Choose Next: Review
- Confirm that CloudWatchAgentServerPolicy appears next to Policies. In Role name, type a name for the role, such as CloudWatch. Optionally give it a description, and choose “Create role.
The role is now created. Let’s call this role as:
2. Attach IAM Role to the Instance
- Go to the EC2 console and select the Instance you want to install the CWAgent
- Select Actions -> Instance Settings -> Attach / Replace IAM Role
- Select the role created in the earlier step
Cloudwatchand click Apply.
- If the Instance already has a role associated with it, please add policy “CloudWatchAgentServerPolicy” to the existing role.
3. Download the CloudWatch Agent Package on an Amazon EC2 Instance Using a Download Link
- Make a directory for downloading and unzipping the agent package. For example, “cwagent”. Then change into that directory.
sudo mkdir cwagent
2. Download the CloudWatch agent. For a Linux server, type the following:
sudo wget https://s3.amazonaws.com/amazoncloudwatch-agent/linux/amd64/latest/AmazonCloudWatchAgent.zip
3. Unzip the package
sudo unzip AmazonCloudWatchAgent.zip
4. Install the package. On a Linux server, change to the directory containing the package and type:
4. Create the Agent Configuration File on the Instance
To create the CloudWatch agent configuration file
- Start the CloudWatch agent configuration wizard by typing the following:
2. Answer the questions to customize the configuration file for your server.
3. The config file can be located and edited manually at:
sudo nano /opt/aws/amazon-cloudwatch-agent/bin/config.json
For details of the Metrics, that can be collected using the Cloudwatch Agent, refer: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/metrics-collected-by-CloudWatch-agent.html
5. Start the CloudWatch Agent on an Amazon EC2 Instance Using the Command Line
On a Linux server, type the following if you saved the configuration file on the local computer (Replace the configuration-file-path with the file path from the previous step)
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json -s
Configuring Amazon SNS for Alarm email alerts
Follow the below steps to create and configure Amazon SNS for email alerts
- Go to https://console.aws.amazon.com/sns/
- Click on Create Topic and Enter a Topic Name & display name and click Create Topic.
- To create a Topic Subscription, click on Create Subscription, select the Topic ARN, protocol as Email and enter the user email ID in Endpoint and click Create Subscription.
- The users whose email are subscribed needs to verify the confirmation mail in order to start receiving notifications.
- The Same step can be used to create a Squadcast entry by using protocols such as http/https instead of email, and the endpoint will be the http request url.
As many as such Topics and subscriptions can be created depending on requirement.
Creating Monitoring Alerts
- Go to CloudWatch console here: https://console.aws.amazon.com/cloudwatch/
- Click on Create Alarm
- Select EC2 Metrics / Custom Metrics -> CWAgent and select the Metric for which Monitoring is required corresponding to the Instance ID and Click Next.
- Provide a Name & Description for the Alarm, select the condition, and under Actions, select “State is ALARM” and choose a Notification alert from SNS (Topic) and Click on Create Alarm button.
The Alarm will be created and will get an email Notification, whenever the ALARM is triggered and we can work to optimize the resource accordingly. We can also use similar Alarms to create an entry in Squadcast using http requests in Amazon SNS.