Amazon Cloudwatch is a cloud monitoring service provided by AWS.  We can use AWS Cloudwatch to centrally monitor most of the AWS services and products available. The thing we monitor in a AWS service or product is called Cloudwatch metric.  In this blog post we discuss how we can effectively monitor an EC2 instance we created using the native and  custom metrics available in CloudWatch for EC2 instance.

AWS EC2 Metrics

By default for monitoring purposes, EC2 instances send certain periodic performance metrics to CloudWatch.  We call this as  basic monitoring  and CloudWatch display it every 5 minutes. This basic monitoring is free of cost and its available for all EC2 instance we create.

The other type of monitoring is detailed monitoring. If its enabled Cloudwatch publishes the metric we collect at every 1 Minute.

Below is the Cloudwatch metrics enabled by default for an EC2 Instance and the a screenshot for reference. Its available under CloudWatch console >> Click EC2 under “Alarms by AWS service” section.

CPU Utilisation Average

Disk Read Bytes Average

Disk Read Ops Average

Disk Write Bytes Average

Disk Write Ops Average

Network In Average

Network Out Average

Network Packets In Average

Network Packets Out Average

Status Check Failed Sum

Status Check Failed Instance Sum

Status Check Failed System Sum

In this what we mainly miss from monitoring is server aspects such as memory, swap and file systems. Using CloudWatch’s custom metrics and with the help of Amazon CloudWatch Monitoring Agent we can monitor the such server aspects too. Amazon currently charges $$0.30 per custom metric per month.  We can see details about pricing from below link.

So lets configure the memory, swap space and disk utilisation metric for EC2 at Cloudwatch which  cannot be fetched by default by AWS.

Below link includes the detail regarding what are the metrics currently supported by the CloudWatch agent, which includes, disk space, Memory usage etc.

Our Process overview is

Install the CloudWatch agent in the EC2 instance.

Create IAM Role with relevant permission and enable the agent to collect metrics from the server.
Prepare CloudWatch agent configuration file and specify the metrics that you want to collect.
Start the CloudWatch agent service in the instance.
Monitor the logs using CloudWatch  console.

We can either download and install the CloudWatch agent manually using the command line, or we  can integrate it with SSM. Right now we are following the command line method. The download link for cloudwatch agent differ depend on the Linux Operating system we use. We can get the details from below link.

So I have logged into our EC2 instance and I issued below commands for installation.

Copy to Clipboard

Now lets create the IAM role necessary to run the CloudWatch agent on EC2 instance.

Sign in to the AWS Management Console and open the IAM console.

In the navigation pane on the left, choose Roles and then Create role.

For Choose the service that will use this role, choose EC2 Allows EC2 instances to call AWS services on your behalf. Choose Next: Permissions.

In the list of policies, select the check box next to CloudWatchAgentServerPolicy.

Choose Next: Review.

Confirm that CloudWatchAgentServerPolicy appears next to Policies. In Role name, enter a name for the role, such as CloudWatchAgentServerRole. Then choose Create role.

Now the Role created will list under the IAM Role section.

Now lets go ahead and attach this policy to our EC2 instance we already have.

Go to the AWS EC2 console >> click instances >> Select our instance >> from top action pane >> Instance settings >> Attach/Replace IAM Role. Choose our IAM role just created and click Apply.

Now lets create CloudWatch agent configuration file. This file includes the details about which metrics we need to monitored from the EC2 instance. We use below command and use the agent configuration file wizard to setup the configuration file.

Copy to Clipboard

Answer the questions to customise the configuration file for your server. If we are  storing the configuration file locally, the configuration file config.json is stored in /opt/aws/amazon-cloudwatch-agent/bin/ directory.

We can use below link from AWS as reference to choose the options available in the configuration file.

Now lets start the EC2 Cloudwatch service using below command.

Copy to Clipboard

After running the command, I got below error. Which basically means that I have enabled collectd in my configuration file but no custom metric I have defined as per the AWS directions. Since right now I have no intention to do such things at this moment, I have rerun the configuration wizard command again and disabled the collectd and StatsD.

======== Error Log ========
2020/06/19 11:48:21 I! AmazonCloudWatchAgent Version 1.245315.0.
2020/06/19 11:48:21 E! Error parsing /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml, open /usr/share/collectd/types.db: no such file or directory

After that I rerun the start command again and it went successfully. Below is the successful output.

Copy to Clipboard

Now if we need to know the status of AWS cloudwatch service, we can use either of below two commands.

Copy to Clipboard

Now if you need to rename the config file into amazon-cloudwatch-agent.json, use below command. If you have a CloudWatch agent configuration file with a file name that doesn’t start with AmazonCloudWatch-, these policies can’t be used to write the file to Parameter Store or download it from Parameter Store. So after renaming the config file, restart the service again.

Copy to Clipboard

Now wait for 5 minutes, then select Metrics in the CloudWatch Management Console to get the metric stat report for the recently added metric for EC2 instance disk space and Memory usage. Attaching screenshots for reference.

Below is the sample json config file that being used for metric disk and memory.

Copy to Clipboard