Below reviews 2 ways to collect extra metrics from an ec2 instance and send to cloudwatch. The first is a procedural,quick n dirty way. The second is the aws preferred way using the cloudwatch agent & agent configuration.
This advice is not production ready but just to get your feet wet.
Quick 'n Dirty
This is a setup for Ubuntu but pretty much everything should transfer to RHEL based. The idea is to have a cron job execute a script that checks free memory then use aws-cli to write to cloudwatch. You can extend by generating additional variables and doing moreput-metric-data calls.
- Setup a role with CloudWatch permissions and attach it to your instance.
- Install AWS CLI
Script, i placed this at
~/mem.shfor testing. We retrieve and inject the token because we're usingIMDSv2 to protect against SSRF.#!/usr/bin/env bashreadonlyTOKEN=$(curl-X PUT-H"X-aws-ec2-metadata-token-ttl-seconds: 30""http://169.254.169.254/latest/api/token")USEDMEMORY=$(free-m |awk'NR==2{printf "%.2f\t", ($3/$2)*100 }')INSTANCE_ID=$(curl-H"X-aws-ec2-metadata-token:$TOKEN" http://169.254.169.254/latest/meta-data/instance-id)REGION=$(curl-H"X-aws-ec2-metadata-token:$TOKEN"-s http://169.254.169.254/latest/dynamic/instance-identity/document |grep'\"region\"' |cut-d\"-f4)aws cloudwatch put-metric-data--metric-name memory-usage--dimensionsInstance=$INSTANCE_ID--namespace"Custom"--value$USEDMEMORY--region$REGIONCreate Cron job:
echo '*/5 * * * * ubuntu /home/ubuntu/mem.sh' | sudo tee /etc/cron.d/cw_mem
AWS Preferred Method
AWS publishes a tool, the CloudWatch Agent, which can run as a daemon and publish metrics for you. This requires a configuration file as well as systemd scaffolding. If you install via SSM the systemd files come free and only require minor tweaking.
- IAM Instance Role:
- Cloudwatch Permissions
- ec2:DescribeTags
- Install Cloudwatch Agent (prefer SSM)
- Install collectd
sudo apt-get update && sudo apt-get install collectd - Populate a configuration file for cloudwatch agent,example. I located my file to
/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json - start service:
- manually:
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -m ec2 -a start -c /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json - Alternatively you can update the unit file located at
/etc/systemd/system/amazon-cloudwatch-agent.service
- manually:
Thanks to@danquack for helping me adjust mycurl calls so I can enforce and comply with IMDSv2
Top comments(0)
For further actions, you may consider blocking this person and/orreporting abuse
