728x90
Amazon CloudWatch Agent 설치
Cloudwatch에서는 메모리 및 디스크 사용률에 대해서 모니터링이 불가능하여 EC2의 메모리 및 디스크 사용률을 보기 위해서는 Cloudwatch Agent로 메트릭을 수집하여 모니터링할 수 있습니다.
- AWS CloudWatch Agent 설치 작업 순서
- IAM Role 설정
- EC2 인스턴스에 IAM Role 연결
- EC2 인스턴스에 CloudWatch Agent 설치
- CloudWatch Agent로 메모리 사용량 확인
IAM 역할 설정(생성)
- IAM 기존 역할에 CloudWatchAgentServerPolicy 정책 추가
- IAM > 액세스 관리 > 정책 > 기존 역할 > 권한 추가 > 정책 연결 > CloudWatchAgentServerPolicy, AmazonSSMFullAccess
arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"ec2:DescribeVolumes",
"ec2:DescribeTags",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups",
"logs:CreateLogStream",
"logs:CreateLogGroup"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ssm:GetParameter"
],
"Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"
}
]
}
arn:aws:iam::aws:policy/AmazonSSMFullAccess{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"ds:CreateComputer",
"ds:DescribeDirectories",
"ec2:DescribeInstanceStatus",
"logs:*",
"ssm:*",
"ec2messages:*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "ssm.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Resource": "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*"
},
{
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": "*"
}
]
}
EC2 인스턴스에 IAM Role 연결
- 작업 > 보안 > IAM 역할 수정
- IAM 역할 적용
EC2 인스턴스에서 cloudwatchagent(amazon-cloudwatch-agent) 설치 및 설정
cloudwatchagent(amazon-cloudwatch-agent) 설치
yum install -y amazon-cloudwatch-agentcloudwatchagent(amazon-cloudwatch-agent) 설정
| CloudWatch Agent Configuration File Wizard | Parameter |
| On which OS are you planning to use the agent? | 1. linux |
| Are you using EC2 or On-Premises hosts? | 1. EC2 |
| Which user are you planning to run the agent? | 1. root |
| Do you want to turn on StatsD daemon? | 1. yes |
| Which port do you want StatsD daemon to listen to? | 8125 |
| What is the collect interval for StatsD daemon? | 1. 10s |
| What is the aggregation interval for metrics collected by StatsD daemon? | 4. 60s |
| Do you want to monitor metrics from CollectD? WARNING: CollectD must be installed or the Agent will fail to start |
1. yes |
| Do you want to monitor any host metrics? e.g. CPU, memory, etc. |
1. yes |
| Do you want to monitor cpu metrics per core? | 1. yes |
| Do you want to add ec2 dimensions (ImageId, InstanceId, InstanceType, AutoScalingGroupName) into all of your metrics if the info is available? | 1. yes |
| Do you want to aggregate ec2 dimensions (InstanceId)? | 1. yes |
| Would you like to collect your metrics at high resolution (sub-minute resolution)? This enables sub-minute resolution for all metrics, but you can customize for specific metrics in the output json file. |
4. 60s |
| Which default metrics config do you want? | 3. Advanced |
| Are you satisfied with the above config? Note: it can be manually customized after the wizard completes to add additional items. |
1. yes |
| Do you have any existing CloudWatch Log Agent (http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html) configuration file to import for migration? | 2. no |
| Do you want to monitor any log files? | 1. yes |
| -- default choice: [1]: 1 | |
| -- Log file path: /var/log/nginx/access.log | |
| -- Log group name: default choice: [access.log] | |
| -- Log stream name: default choice: [{instance_id}] | |
| -- Log Group Retention in days: 1. -1 | |
| Do you want to specify any additional log files to monitor? | 2. no |
| Do you want to store the config in the SSM parameter store? | 1. yes |
| What parameter store name do you want to use to store your config? (Use 'AmazonCloudWatch-' prefix if you use our managed AWS policy) |
AmazonCloudWatch-linux |
| Which region do you want to store the config in the parameter store? | ap-northeast-2 |
| Which AWS credential should be used to send json config to parameter store? | |
/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard$ /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
================================================================
= Welcome to the Amazon CloudWatch Agent Configuration Manager =
= =
= CloudWatch Agent allows you to collect metrics and logs from =
= your host and send them to CloudWatch. Additional CloudWatch =
= charges may apply. =
================================================================
On which OS are you planning to use the agent?
1. linux
2. windows
3. darwin
default choice: [1]:
1
Trying to fetch the default region based on ec2 metadata...
Are you using EC2 or On-Premises hosts?
1. EC2
2. On-Premises
default choice: [1]:
1
Which user are you planning to run the agent?
1. root
2. cwagent
3. others
default choice: [1]:
1
Do you want to turn on StatsD daemon?
1. yes
2. no
default choice: [1]:
2
Do you want to monitor metrics from CollectD? WARNING: CollectD must be installed or the Agent will fail to start
1. yes
2. no
default choice: [1]:
2
Do you want to monitor any host metrics? e.g. CPU, memory, etc.
1. yes
2. no
default choice: [1]:
1
Do you want to monitor cpu metrics per core?
1. yes
2. no
default choice: [1]:
1
Do you want to add ec2 dimensions (ImageId, InstanceId, InstanceType, AutoScalingGroupName) into all of your metrics if the info is available?
1. yes
2. no
default choice: [1]:
1
Do you want to aggregate ec2 dimensions (InstanceId)?
1. yes
2. no
default choice: [1]:
1
Would you like to collect your metrics at high resolution (sub-minute resolution)? This enables sub-minute resolution for all metrics, but you can customize for specific metrics in the output json file.
1. 1s
2. 10s
3. 30s
4. 60s
default choice: [4]:
4
Which default metrics config do you want?
1. Basic
2. Standard
3. Advanced
4. None
default choice: [1]:
3
Current config as follows:
{
"agent": {
"metrics_collection_interval": 60,
"run_as_user": "root"
},
"metrics": {
"aggregation_dimensions": [
[
"InstanceId"
]
],
"append_dimensions": {
"AutoScalingGroupName": "${aws:AutoScalingGroupName}",
"ImageId": "${aws:ImageId}",
"InstanceId": "${aws:InstanceId}",
"InstanceType": "${aws:InstanceType}"
},
"metrics_collected": {
"cpu": {
"measurement": [
"cpu_usage_idle",
"cpu_usage_iowait",
"cpu_usage_user",
"cpu_usage_system"
],
"metrics_collection_interval": 60,
"resources": [
"*"
],
"totalcpu": false
},
"disk": {
"measurement": [
"used_percent",
"inodes_free"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"diskio": {
"measurement": [
"io_time",
"write_bytes",
"read_bytes",
"writes",
"reads"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 60
},
"netstat": {
"measurement": [
"tcp_established",
"tcp_time_wait"
],
"metrics_collection_interval": 60
},
"swap": {
"measurement": [
"swap_used_percent"
],
"metrics_collection_interval": 60
}
}
}
}
Are you satisfied with the above config? Note: it can be manually customized after the wizard completes to add additional items.
1. yes
2. no
default choice: [1]:
1
Do you have any existing CloudWatch Log Agent (http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html) configuration file to import for migration?
1. yes
2. no
default choice: [2]:
2
Do you want to monitor any log files?
1. yes
2. no
default choice: [1]:
1
Log file path:
/var/log/nginx/access.log
Log group name:
default choice: [access.log]
Log stream name:
default choice: [{instance_id}]
Log Group Retention in days
1. -1
2. 1
3. 3
4. 5
5. 7
6. 14
7. 30
8. 60
9. 90
10. 120
11. 150
12. 180
13. 365
14. 400
15. 545
16. 731
17. 1827
18. 3653
default choice: [1]:
1
Do you want to specify any additional log files to monitor?
1. yes
2. no
default choice: [1]:
2
Saved config file to /opt/aws/amazon-cloudwatch-agent/bin/config.json successfully.
Current config as follows:
{
"agent": {
"metrics_collection_interval": 60,
"run_as_user": "root"
},
"logs": {
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "/var/log/nginx/access.log",
"log_group_name": "access.log",
"log_stream_name": "{instance_id}",
"retention_in_days": -1
}
]
}
}
},
"metrics": {
"aggregation_dimensions": [
[
"InstanceId"
]
],
"append_dimensions": {
"AutoScalingGroupName": "${aws:AutoScalingGroupName}",
"ImageId": "${aws:ImageId}",
"InstanceId": "${aws:InstanceId}",
"InstanceType": "${aws:InstanceType}"
},
"metrics_collected": {
"cpu": {
"measurement": [
"cpu_usage_idle",
"cpu_usage_iowait",
"cpu_usage_user",
"cpu_usage_system"
],
"metrics_collection_interval": 60,
"resources": [
"*"
],
"totalcpu": false
},
"disk": {
"measurement": [
"used_percent",
"inodes_free"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"diskio": {
"measurement": [
"io_time",
"write_bytes",
"read_bytes",
"writes",
"reads"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 60
},
"netstat": {
"measurement": [
"tcp_established",
"tcp_time_wait"
],
"metrics_collection_interval": 60
},
"swap": {
"measurement": [
"swap_used_percent"
],
"metrics_collection_interval": 60
}
}
}
}
Please check the above content of the config.
The config file is also located at /opt/aws/amazon-cloudwatch-agent/bin/config.json.
Edit it manually if needed.
Do you want to store the config in the SSM parameter store?
1. yes
2. no
default choice: [1]:
2
Program exits now.728x90
cloudwatch agent 실행
./amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 file:/opt/aws/amazon-cloudwatch-agent/bin/config.json -s$ ./amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 file://opt/aws/amazon-cloudwatch-agent/bin/config.json -s
****** processing amazon-cloudwatch-agent ******
/opt/aws/amazon-cloudwatch-agent/bin/config-downloader --output-dir /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d --download-source default --mode ec2 --config /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml --multi-config default
Successfully fetched the config and saved in /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/default.tmp
Start configuration validation...
/opt/aws/amazon-cloudwatch-agent/bin/config-translator --input /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json --input-dir /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d --output /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml --mode ec2 --config /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml --multi-config default
2022/04/29 07:40:07 Reading json config file path: /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/default.tmp ...
Valid Json input schema.
I! Detecting run_as_user...
No csm configuration found.
No log configuration found.
Configuration validation first phase succeeded
/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent -schematest -config /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml
Configuration validation second phase succeeded
Configuration validation succeededamazon-cloudwatch-agent-ctl 상태 확인
- status : stopped
$ amazon-cloudwatch-agent-ctl -m ec2 -a status
{
"status": "stopped",
"starttime": "",
"configstatus": "configured",
"cwoc_status": "stopped",
"cwoc_starttime": "",
"cwoc_configstatus": "not configured",
"version": "1.247350.0"
}amazon-cloudwatch-agent-ctl 시작
amazon-cloudwatch-agent-ctl -m ec2 -a start$ amazon-cloudwatch-agent-ctl -m ec2 -a start
****** processing cwagent-otel-collector ******
cwagent-otel-collector will not be started as it has not been configured yet.
****** processing amazon-cloudwatch-agent ******
Created symlink from /etc/systemd/system/multi-user.target.wants/amazon-cloudwatch-agent.service to /etc/systemd/system/amazon-cloudwatch-agent.service.
Redirecting to /bin/systemctl restart amazon-cloudwatch-agent.serviceamazon-cloudwatch-agent-ctl 상태 확인
amazon-cloudwatch-agent-ctl -m ec2 -a status$ amazon-cloudwatch-agent-ctl -m ec2 -a status
{
"status": "running",
"starttime": "2022-04-29T07:42:04+0000",
"configstatus": "configured",
"cwoc_status": "stopped",
"cwoc_starttime": "",
"cwoc_configstatus": "not configured",
"version": "1.247350.0"
}$ ps -ef | grep -v grep | grep amazon-cloudwatch-agent
cwagent 29296 1 0 07:42 ? 00:00:00 /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent -config /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml -envconfig /opt/aws/amazon-cloudwatch-agent/etc/env-config.json -pidfile /opt/aws/amazon-cloudwatch-agent/var/amazon-cloudwatch-agent.pid로그 상태 확인(amazon-cloudwatch-agent.log)
tail -f /opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log$ tail -f /opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log
2022-04-29T07:42:04Z I! Loaded processors: ec2tagger
2022-04-29T07:42:04Z I! Loaded outputs: cloudwatch
2022-04-29T07:42:04Z I! Tags enabled: host=ip-10-201-7-222.ap-northeast-2.compute.internal
2022-04-29T07:42:04Z I! [agent] Config: Interval:1m0s, Quiet:false, Hostname:"ip-10-201-7-222.ap-northeast-2.compute.internal", Flush Interval:1s
2022-04-29T07:42:04Z I! [logagent] starting
2022-04-29T07:42:04Z I! [processors.ec2tagger] ec2tagger: EC2 tagger has started initialization.
2022-04-29T07:42:04Z I! cloudwatch: get unique roll up list []
2022-04-29T07:42:04Z I! cloudwatch: publish with ForceFlushInterval: 1m0s, Publish Jitter: 32s
2022-04-29T07:42:04Z I! [processors.ec2tagger] ec2tagger: Initial retrieval of tags succeded
2022-04-29T07:42:04Z I! [processors.ec2tagger] ec2tagger: EC2 tagger has started, finished initial retrieval of tags and VolumesCloudWatch 대시보드 설정
- CloudWatch에서 메모리 사용량 확인
- CloudWatch > 지표 > 모든 지표 > Custom namespaces
참고URL
728x90
'퍼블릭 클라우드' 카테고리의 다른 글
| [draft] Amazon Linux 2에 PHP 8을 설치하는 방법 (0) | 2022.05.17 |
|---|---|
| [클라우드] 2021 클라우드 보안 가이드(ADT캡스|infosec) (0) | 2022.05.06 |
| [클라우드] 클라우드 취약점 점검 가이드(KISA, 한국인터넷진흥원) (0) | 2022.04.25 |
| EC2 인스턴스에 Docker를 설치하고 Nginx Docker 컨테이너를 올리는 방법 (0) | 2022.04.24 |
| AL2022(Amazon Linux 2022) 운영체제 (0) | 2022.04.22 |
