CloudWatch is AWS service which can track your AWS resources and on-premise resources. You can use Collect metrics and logs. Can create alarm and notification if any threshold breaches or any application error logs using metric filters
Below article explain how to create simple log group with CloudFormation, install CloudWatch agent, and setting up CloudWatch, create role to CloudWatch agent to connect and log, configure logs in CloudWatch agent and create alarm with metric filter
Simply we are going configure to log PHP error, Apache error and Apache access log. create separate log groups for each logs
Create Log group with CloudFormation template
Below template shows json snippets for Log groups
"awsCloudwatchPHPErrorLogGroup": {
"Type": "AWS::Logs::LogGroup",
"Properties": {
"LogGroupName": "awsCloudwatchPHPErrorLog",
"RetentionInDays": 30
}
},
"awsCloudwatchApacheErrorLog": {
"Type": "AWS::Logs::LogGroup",
"Properties": {
"LogGroupName": "awsCloudwatchApacheErrorLog",
"RetentionInDays": 30
}
},
"awsCloudwatchApacheAccessLog": {
"Type": "AWS::Logs::LogGroup",
"Properties": {
"LogGroupName": "awsCloudwatchApacheAccessLog",
"RetentionInDays": 30
}
},
Then need to create role. To CloudWatch agent writes metrics and logs in CloudWatch. Simply you can get an Arn of AWS managed policy CloudWatchAgentServerRole. And also need to add extra policy which is logs:PutRetentionPolicy to CloudWatch agent add retention policy for logs
"awsCloudwatchInstanceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
},
"Description": "Instance Profile for cloudwatch agent agent",
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy",
],
"Policies": [
{
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "awsCloudwatchGroupLogPolicy",
"Effect": "Allow",
"Action": "logs:PutRetentionPolicy",
"Resource": [
{
"Fn::GetAtt": [
"awsCloudwatchPHPErrorLogGroup",
"Arn"
]
},
{
"Fn::GetAtt": [
"awsCloudwatchApacheErrorLog",
"Arn"
]
},
{
"Fn::GetAtt": [
"awsCloudwatchApacheErrorLog",
"Arn"
]
}
]
}
]
},
"PolicyName": "awsCloudwatchGroupLogPolicy"
}
],
"RoleName": "awsCloudwatchInstanceRole"
}
}
After you have added create stack with CloudFormation template you can see complete template here https://github.com/misyaath/awscloudwatch/blob/master/logs.template
Install and Configure CloudWatch agent
Below Paragraph shows only for ubuntu to install and configure CloudWatch agent If you need for other OS Take look at AWS official documentation https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-EC2-Instance.html
sudo wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
sudo dpkg -i -E ./amazon-cloudwatch-agent.deb
Then You need to configure CloudWatch agent. Can configure manually or with amazon-cloudwatch-agent-config-wizard
If you need to configure with amazon-cloudwatch-agent-config-wizard run
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
The agent configuration file wizard, amazon-cloudwatch-agent-config-wizard, asks a series of questions, including the following:
- Are you installing the agent on an Amazon EC2 instance or an on-premises server?
- Is the server running Linux or Windows Server?
- Do you want the agent to also send log files to CloudWatch Logs? If so, do you have an existing CloudWatch Logs agent configuration file? If yes, the CloudWatch agent can use this file to determine the logs to collect from the server.
- If the agent will send log files to CloudWatch Logs, what retention period do you want for those log files? The default value of -1 sets the log items to never expire.
- If you’re going to collect metrics from the server, do you want to monitor one of the default sets of metrics or customize the list of metrics that you collect?
- Do you want to collect custom metrics from your applications or services, using StatsD or collectd?
- Are you migrating from an existing SSM Agent?
After Answered above question, it will create config files in /opt/aws/amazon-cloudwatch-agent/bin/config.json
You need to learn more about configuration see https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Agent-Configuration-File-Details.html
Or You can create Config file manually. Create config.json. When you run as user cwagent you need to add enough permission to your log files otherwise use as root
{
"agent": {
"run_as_user": "root"
},
"logs": {
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "/var/log/php_errors.log",
"log_group_name": "awsCloudwatchPHPErrorLog",
"log_stream_name": "{instance_id}",
"retention_in_days": 30
},
{
"file_path": "/var/log/apache2/error.log",
"log_group_name": "awsCloudwatchApacheErrorLog",
"log_stream_name": "{instance_id}",
"retention_in_days": 30
},
{
"file_path": "/var/log/apache2/access.log",
"log_group_name": "awsCloudwatchApacheAccessLog",
"log_stream_name": "{instance_id}",
"retention_in_days": 30
}
]
}
}
}
}
Then you can run CloudWatch agent with amazon-cloudwatch-agent-ctl
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:configuration-file-path
Add your custom config.json file path configuration-file-path or add /opt/aws/amazon-cloudwatch-agent/bin/config.json created by amazon-cloudwatch-agent-config-wizard
Now you run this command to check status of CloudWatch agent
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a status
It will show something below
{ "status": "running", "starttime": "2022-06-16T15:24:09+00:00", "configstatus": "configured", "cwoc_status": "stopped", "cwoc_starttime": "", "cwoc_configstatus": "not configured", "version": "1.247352.0b251908" }
If it does not running status check here some troubleshoot methods here https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/troubleshooting-CloudWatch-Agent.html#CloudWatch-Agent-troubleshooting-update-no-new-metrics
Now CloudWatch agent successfully running it will take some time push logs in to CloudWatch. When you check it will show something below
Conclusion
CloudWatch Help to easily collect logs in centralized storage, track, analyze and alarm if any threshold breaches. You can install collectD, statusD to get more metrics about memory, disk I/o, space, cpu usage and etc.
And also, you can push custom metrics to profile your application. CloudWatch offer Dashboard, graphs, Custom query and etc. Thanks
Thanks