본문 바로가기

퍼블릭 클라우드

[AWS] CloudWatch Agent 설치

728x90

AWS CloudWatch Agent 설치

 Cloudwatch에서는 메모리 및 디스크 사용률에 대해서 모니터링이 불가능하여 EC2의 메모리 및 디스크 사용률을 보기 위해서는 Cloudwatch Agent로 메트릭을 수집하여 모니터링할 수 있습니다.

AWS CloudWatch Agent 설치 작업 순서

- IAM Role 설정
- EC2 인스턴스에 IAM Role 연결
- EC2 인스턴스에 CloudWatch Agent 설치
- CloudWatch Agent로 메모리 사용량 확인

IAM 역할 설정(생성)

IAM 기존 역할에  CloudWatchAgentServerPolicy 정책 추가

IAM > 액세스 관리 > 정책 > 기존 역할 > 권한 추가 > 정책 연결 > CloudWatchAgentServerPolicy, AmazonSSMFullAccess

arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "cloudwatch:PutMetricData",
                "ec2:DescribeVolumes",
                "ec2:DescribeTags",
                "logs:PutLogEvents",
                "logs:DescribeLogStreams",
                "logs:DescribeLogGroups",
                "logs:CreateLogStream",
                "logs:CreateLogGroup"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ssm:GetParameter"
            ],
            "Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"
        }
    ]
}

arn:aws:iam::aws:policy/AmazonSSMFullAccess

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "cloudwatch:PutMetricData",
                "ds:CreateComputer",
                "ds:DescribeDirectories",
                "ec2:DescribeInstanceStatus",
                "logs:*",
                "ssm:*",
                "ec2messages:*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*",
            "Condition": {
                "StringLike": {
                    "iam:AWSServiceName": "ssm.amazonaws.com"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:DeleteServiceLinkedRole",
                "iam:GetServiceLinkedRoleDeletionStatus"
            ],
            "Resource": "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ssmmessages:CreateControlChannel",
                "ssmmessages:CreateDataChannel",
                "ssmmessages:OpenControlChannel",
                "ssmmessages:OpenDataChannel"
            ],
            "Resource": "*"
        }
    ]
}

EC2 인스턴스에 IAM Role 연결

작업 > 보안 > IAM 역할 수정

IAM 역할 적용

EC2 인스턴스에서 cloudwatchagent(amazon-cloudwatch-agent) 설치 및 설정

cloudwatchagent(amazon-cloudwatch-agent) 설치

yum install -y amazon-cloudwatch-agent

cloudwatchagent(amazon-cloudwatch-agent) 설정

CloudWatch Agent Configuration File Wizard Parameter
On which OS are you planning to use the agent? 1. linux
Are you using EC2 or On-Premises hosts? 1. EC2
Which user are you planning to run the agent? 1. root
Do you want to turn on StatsD daemon? 1. yes
Which port do you want StatsD daemon to listen to? 8125
What is the collect interval for StatsD daemon? 1. 10s
What is the aggregation interval for metrics collected by StatsD daemon? 4. 60s
Do you want to monitor metrics from CollectD?
WARNING: CollectD must be installed or the Agent will fail to start
1. yes
Do you want to monitor any host metrics?
e.g. CPU, memory, etc.
1. yes
Do you want to monitor cpu metrics per core? 1. yes
Do you want to add ec2 dimensions (ImageId, InstanceId, InstanceType, AutoScalingGroupName) into all of your metrics if the info is available? 1. yes
Do you want to aggregate ec2 dimensions (InstanceId)? 1. yes
Would you like to collect your metrics at high resolution (sub-minute resolution)?
This enables sub-minute resolution for all metrics, but you can customize for specific metrics in the output json file.
4. 60s
Which default metrics config do you want? 3. Advanced
Are you satisfied with the above config?
Note: it can be manually customized after the wizard completes to add additional items.
1. yes
Do you have any existing CloudWatch Log Agent (http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html) configuration file to import for migration? 2. no
Do you want to monitor any log files? 1. yes
-- default choice: [1]: 1  
-- Log file path: /var/log/nginx/access.log  
-- Log group name: default choice: [access.log]  
-- Log stream name: default choice: [{instance_id}]  
-- Log Group Retention in days: 1. -1  
Do you want to specify any additional log files to monitor? 2. no
Do you want to store the config in the SSM parameter store? 1. yes
What parameter store name do you want to use to store your config?
(Use 'AmazonCloudWatch-' prefix if you use our managed AWS policy)
AmazonCloudWatch-linux
Which region do you want to store the config in the parameter store? ap-northeast-2
Which AWS credential should be used to send json config to parameter store?  
   
/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
$ /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
================================================================
= Welcome to the Amazon CloudWatch Agent Configuration Manager =
=                                                              =
= CloudWatch Agent allows you to collect metrics and logs from =
= your host and send them to CloudWatch. Additional CloudWatch =
= charges may apply.                                           =
================================================================
On which OS are you planning to use the agent?
1. linux
2. windows
3. darwin
default choice: [1]:
1
Trying to fetch the default region based on ec2 metadata...
Are you using EC2 or On-Premises hosts?
1. EC2
2. On-Premises
default choice: [1]:
1
Which user are you planning to run the agent?
1. root
2. cwagent
3. others
default choice: [1]:
1
Do you want to turn on StatsD daemon?
1. yes
2. no
default choice: [1]:
2
Do you want to monitor metrics from CollectD? WARNING: CollectD must be installed or the Agent will fail to start
1. yes
2. no
default choice: [1]:
2
Do you want to monitor any host metrics? e.g. CPU, memory, etc.
1. yes
2. no
default choice: [1]:
1
Do you want to monitor cpu metrics per core?
1. yes
2. no
default choice: [1]:
1
Do you want to add ec2 dimensions (ImageId, InstanceId, InstanceType, AutoScalingGroupName) into all of your metrics if the info is available?
1. yes
2. no
default choice: [1]:
1
Do you want to aggregate ec2 dimensions (InstanceId)?
1. yes
2. no
default choice: [1]:
1
Would you like to collect your metrics at high resolution (sub-minute resolution)? This enables sub-minute resolution for all metrics, but you can customize for specific metrics in the output json file.
1. 1s
2. 10s
3. 30s
4. 60s
default choice: [4]:
4
Which default metrics config do you want?
1. Basic
2. Standard
3. Advanced
4. None
default choice: [1]:
3
Current config as follows:
{
	"agent": {
		"metrics_collection_interval": 60,
		"run_as_user": "root"
	},
	"metrics": {
		"aggregation_dimensions": [
			[
				"InstanceId"
			]
		],
		"append_dimensions": {
			"AutoScalingGroupName": "${aws:AutoScalingGroupName}",
			"ImageId": "${aws:ImageId}",
			"InstanceId": "${aws:InstanceId}",
			"InstanceType": "${aws:InstanceType}"
		},
		"metrics_collected": {
			"cpu": {
				"measurement": [
					"cpu_usage_idle",
					"cpu_usage_iowait",
					"cpu_usage_user",
					"cpu_usage_system"
				],
				"metrics_collection_interval": 60,
				"resources": [
					"*"
				],
				"totalcpu": false
			},
			"disk": {
				"measurement": [
					"used_percent",
					"inodes_free"
				],
				"metrics_collection_interval": 60,
				"resources": [
					"*"
				]
			},
			"diskio": {
				"measurement": [
					"io_time",
					"write_bytes",
					"read_bytes",
					"writes",
					"reads"
				],
				"metrics_collection_interval": 60,
				"resources": [
					"*"
				]
			},
			"mem": {
				"measurement": [
					"mem_used_percent"
				],
				"metrics_collection_interval": 60
			},
			"netstat": {
				"measurement": [
					"tcp_established",
					"tcp_time_wait"
				],
				"metrics_collection_interval": 60
			},
			"swap": {
				"measurement": [
					"swap_used_percent"
				],
				"metrics_collection_interval": 60
			}
		}
	}
}
Are you satisfied with the above config? Note: it can be manually customized after the wizard completes to add additional items.
1. yes
2. no
default choice: [1]:
1
Do you have any existing CloudWatch Log Agent (http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html) configuration file to import for migration?
1. yes
2. no
default choice: [2]:
2
Do you want to monitor any log files?
1. yes
2. no
default choice: [1]:
1
Log file path:
/var/log/nginx/access.log
Log group name:
default choice: [access.log]

Log stream name:
default choice: [{instance_id}]

Log Group Retention in days
1. -1
2. 1
3. 3
4. 5
5. 7
6. 14
7. 30
8. 60
9. 90
10. 120
11. 150
12. 180
13. 365
14. 400
15. 545
16. 731
17. 1827
18. 3653
default choice: [1]:
1
Do you want to specify any additional log files to monitor?
1. yes
2. no
default choice: [1]:
2
Saved config file to /opt/aws/amazon-cloudwatch-agent/bin/config.json successfully.
Current config as follows:
{
	"agent": {
		"metrics_collection_interval": 60,
		"run_as_user": "root"
	},
	"logs": {
		"logs_collected": {
			"files": {
				"collect_list": [
					{
						"file_path": "/var/log/nginx/access.log",
						"log_group_name": "access.log",
						"log_stream_name": "{instance_id}",
						"retention_in_days": -1
					}
				]
			}
		}
	},
	"metrics": {
		"aggregation_dimensions": [
			[
				"InstanceId"
			]
		],
		"append_dimensions": {
			"AutoScalingGroupName": "${aws:AutoScalingGroupName}",
			"ImageId": "${aws:ImageId}",
			"InstanceId": "${aws:InstanceId}",
			"InstanceType": "${aws:InstanceType}"
		},
		"metrics_collected": {
			"cpu": {
				"measurement": [
					"cpu_usage_idle",
					"cpu_usage_iowait",
					"cpu_usage_user",
					"cpu_usage_system"
				],
				"metrics_collection_interval": 60,
				"resources": [
					"*"
				],
				"totalcpu": false
			},
			"disk": {
				"measurement": [
					"used_percent",
					"inodes_free"
				],
				"metrics_collection_interval": 60,
				"resources": [
					"*"
				]
			},
			"diskio": {
				"measurement": [
					"io_time",
					"write_bytes",
					"read_bytes",
					"writes",
					"reads"
				],
				"metrics_collection_interval": 60,
				"resources": [
					"*"
				]
			},
			"mem": {
				"measurement": [
					"mem_used_percent"
				],
				"metrics_collection_interval": 60
			},
			"netstat": {
				"measurement": [
					"tcp_established",
					"tcp_time_wait"
				],
				"metrics_collection_interval": 60
			},
			"swap": {
				"measurement": [
					"swap_used_percent"
				],
				"metrics_collection_interval": 60
			}
		}
	}
}
Please check the above content of the config.
The config file is also located at /opt/aws/amazon-cloudwatch-agent/bin/config.json.
Edit it manually if needed.
Do you want to store the config in the SSM parameter store?
1. yes
2. no
default choice: [1]:
2
Program exits now.

dcloudwatch agent 실행

./amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 file:/opt/aws/amazon-cloudwatch-agent/bin/config.json -s
$ ./amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 file://opt/aws/amazon-cloudwatch-agent/bin/config.json -s
****** processing amazon-cloudwatch-agent ******
/opt/aws/amazon-cloudwatch-agent/bin/config-downloader --output-dir /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d --download-source default --mode ec2 --config /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml --multi-config default
Successfully fetched the config and saved in /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/default.tmp
Start configuration validation...
/opt/aws/amazon-cloudwatch-agent/bin/config-translator --input /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json --input-dir /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d --output /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml --mode ec2 --config /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml --multi-config default
2022/04/29 07:40:07 Reading json config file path: /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/default.tmp ...
Valid Json input schema.
I! Detecting run_as_user...
No csm configuration found.
No log configuration found.
Configuration validation first phase succeeded
/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent -schematest -config /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml
Configuration validation second phase succeeded
Configuration validation succeeded

amazon-cloudwatch-agent-ctl 상태 확인

-  status : stopped

$ amazon-cloudwatch-agent-ctl -m ec2 -a status
{
  "status": "stopped",
  "starttime": "",
  "configstatus": "configured",
  "cwoc_status": "stopped",
  "cwoc_starttime": "",
  "cwoc_configstatus": "not configured",
  "version": "1.247350.0"
}

amazon-cloudwatch-agent-ctl 시작

amazon-cloudwatch-agent-ctl -m ec2 -a start
$ amazon-cloudwatch-agent-ctl -m ec2 -a start
****** processing cwagent-otel-collector ******
cwagent-otel-collector will not be started as it has not been configured yet.

****** processing amazon-cloudwatch-agent ******
Created symlink from /etc/systemd/system/multi-user.target.wants/amazon-cloudwatch-agent.service to /etc/systemd/system/amazon-cloudwatch-agent.service.
Redirecting to /bin/systemctl restart amazon-cloudwatch-agent.service

amazon-cloudwatch-agent-ctl 상태 확인

amazon-cloudwatch-agent-ctl -m ec2 -a status
$ amazon-cloudwatch-agent-ctl -m ec2 -a status
{
  "status": "running",
  "starttime": "2022-04-29T07:42:04+0000",
  "configstatus": "configured",
  "cwoc_status": "stopped",
  "cwoc_starttime": "",
  "cwoc_configstatus": "not configured",
  "version": "1.247350.0"
}
$ ps -ef | grep -v grep | grep amazon-cloudwatch-agent
cwagent  29296     1  0 07:42 ?        00:00:00 /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent -config /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml -envconfig /opt/aws/amazon-cloudwatch-agent/etc/env-config.json -pidfile /opt/aws/amazon-cloudwatch-agent/var/amazon-cloudwatch-agent.pid

로그 상태 확인(amazon-cloudwatch-agent.log)

tail -f /opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log
$ tail -f /opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log
2022-04-29T07:42:04Z I! Loaded processors: ec2tagger
2022-04-29T07:42:04Z I! Loaded outputs: cloudwatch
2022-04-29T07:42:04Z I! Tags enabled: host=ip-10-201-7-222.ap-northeast-2.compute.internal
2022-04-29T07:42:04Z I! [agent] Config: Interval:1m0s, Quiet:false, Hostname:"ip-10-201-7-222.ap-northeast-2.compute.internal", Flush Interval:1s
2022-04-29T07:42:04Z I! [logagent] starting
2022-04-29T07:42:04Z I! [processors.ec2tagger] ec2tagger: EC2 tagger has started initialization.
2022-04-29T07:42:04Z I! cloudwatch: get unique roll up list []
2022-04-29T07:42:04Z I! cloudwatch: publish with ForceFlushInterval: 1m0s, Publish Jitter: 32s
2022-04-29T07:42:04Z I! [processors.ec2tagger] ec2tagger: Initial retrieval of tags succeded
2022-04-29T07:42:04Z I! [processors.ec2tagger] ec2tagger: EC2 tagger has started, finished initial retrieval of tags and Volumes

CloudWatch 대시보드 설정

CloudWatch에서 메모리 사용량 확인

CloudWatch > 지표 > 모든 지표 > Custom namespaces

728x90