In the realm of cloud computing, monitoring the performance of your Windows and Linux servers is paramount. Users often inquire, “How can I determine if my disks are nearing capacity?” or “Is my application fully utilizing available memory or resorting to disk paging?” This guide aims to provide clarity by detailing the steps necessary to establish a monitoring system that captures crucial internal performance metrics.
Overview of the Solution
Upon accessing the Amazon EC2 console and selecting a running EC2 instance, you can navigate to the Monitoring tab to observe Amazon CloudWatch metrics. This AWS monitoring service offers insights into various metrics external to the instance, such as CPU utilization and network activity. However, to gain visibility into disk usage or memory consumption, internal operating system metrics must be gathered. By default, AWS has implemented restrictions on capturing this data within customer instances.
To monitor internal performance metrics, it is essential to install the CloudWatch agent on your server. For Windows, the agent can track performance monitor counters; for Linux, it can capture system-level metrics. For a comprehensive list of metrics collected by the CloudWatch agent, refer to this resource. Additionally, the agent can gather logs from the server and send this data to Amazon CloudWatch, enabling the creation of alerts for specific conditions like low disk space and automated responses, such as performing backups to clear transaction logs. Dashboards can also be constructed to assess the health of your servers.
Implementing internal monitoring involves four key steps:
- Install the CloudWatch agent on the desired servers. AWS Systems Manager Run Command simplifies this process by allowing agent installation across multiple servers.
- Run the CloudWatch agent configuration wizard to specify what to monitor, including performance counters and logs. This configuration is then saved in AWS Systems Manager Parameter Store.
- Configure the CloudWatch agents to utilize the configuration stored in Parameter Store via the Run Command.
- Verify that the CloudWatch agents are successfully transmitting monitoring data to CloudWatch.
The following image illustrates the flow of these four steps.
Throughout this guide, I will walk you through each step, ensuring clarity in the process. Note that you will incur costs for the resources outlined here; therefore, it is advisable to delete any unnecessary resources post-implementation. For details on the costs associated with these servers, refer to Amazon EC2 On-Demand Pricing. For information on CloudWatch pricing, please visit this page, as they are an authority on this topic.
If you prefer a visual overview, check out the video on Monitoring Amazon EC2 Windows Instances using the Unified CloudWatch Agent.
Deploying the CloudWatch Agent
The initial step involves deploying the Amazon CloudWatch agent. There are various methods to achieve this; this guide focuses on using AWS Systems Manager Run Command for deployment. AWS Systems Manager utilizes the Systems Manager agent, which is pre-installed on each AWS instance. Ensure that this agent is granted appropriate permissions to connect to AWS Systems Manager and write configuration data to the Parameter Store. These permissions are managed through IAM roles.
Creating Two IAM Roles
IAM roles serve as identity objects to which IAM policies can be attached, defining access to AWS services. Users, services, or applications can assume these roles to gain the permissions specified in the policy.
Typically, two IAM roles are created to use Systems Manager. The first role, named CloudWatchAgentAdminRole, has permissions to write the CloudWatch agent configuration to Parameter Store. The second role, named CloudWatchAgentServerRole, is restricted to reading the configuration from Parameter Store. For more information on creating these roles, please refer to the documentation on creating IAM Roles and Users for the CloudWatch Agent.
Attaching IAM Roles to EC2 Instances
After creating the roles, attach them to your Amazon EC2 instances. By doing so, you grant the processes on the EC2 instance the permissions defined in the IAM roles. In this guide, you will create two EC2 instances: attach CloudWatchAgentAdminRole to the first instance for configuration creation, and CloudWatchAgentServerRole to the second instance and any others you wish to monitor. For instructions on attaching IAM roles to EC2 instances, consult the documentation on assigning existing IAM roles to EC2 instances.
Installing the CloudWatch Agent
With the permissions configured, you can proceed to install the CloudWatch agent on the servers you intend to monitor. For detailed installation instructions via Systems Manager, consult the documentation on Downloading and Configuring the CloudWatch Agent.
Creating the CloudWatch Agent Configuration
After installing the CloudWatch agent, run the configuration wizard to establish the agent settings. For instructions on running the CloudWatch Agent configuration wizard, please reference the documentation on creating the configuration file with the wizard. You can utilize AWS Systems Manager Session Manager to connect to the server and run the configuration wizard. If monitoring both Linux and Windows servers, remember to run the configuration on each OS to create separate configuration files.
For Linux instances, execute the following command:
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizardFor Windows instances, run these commands:
cd "C:Program FilesAmazonAmazonCloudWatchAgent"
amazon-cloudwatch-agent-config-wizard.exeNote for Linux instances: avoid selecting the collectd metrics option in the wizard unless collectd is installed; otherwise, an error may occur.
Reviewing the Agent Configuration
The configuration generated by the wizard is saved in Systems Manager Parameter Store. You can review and modify this configuration as needed to capture additional metrics. To do so, follow these steps:
- Navigate to the Systems Manager console.
- Click on Parameter Store in the left-hand navigation.
- Locate the parameter created by the CloudWatch agent configuration program. For Linux servers, the configuration is stored as AmazonCloudWatch-linux, and for Windows servers, it is stored as AmazonCloudWatch-windows.
For further insights into server monitoring, consider visiting this excellent resource.
Amazon IXD – VGT2, 6401 E Howdy Wells Ave, Las Vegas, NV 89115
Leave a Reply