How can I manually configure the credentials for a CloudWatch agent installed on a Ubuntu server, not running in AWS?
I downloaded this dep package for ubuntu and installed it on the server
wget https://amazoncloudwatch-agent.s3.amazonaws.com/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
with
dpkg -i -E ./amazon-cloudwatch-agent.deb
I also started the
amazon-cloudwatch-agent-config-wizard
to generate a simple config.
./amazon-cloudwatch-agent-config-wizard
================================================================
= Welcome to the Amazon CloudWatch Agent Configuration Manager =
= =
= CloudWatch Agent allows you to collect metrics and logs from =
= your host and send them to CloudWatch. Additional CloudWatch =
= charges may apply. =
================================================================
On which OS are you planning to use the agent?
1. linux
2. windows
3. darwin
default choice: [1]:
1
Trying to fetch the default region based on ec2 metadata...
I! imds retry client will retry 1 timesD! should retry true for imds error : EC2MetadataError: failed to make EC2Metadata request
Not Found
status code: 404, request id: D! should retry true for imds error : EC2MetadataError: failed to make EC2Metadata request
Not Found
status code: 404, request id: 2023/11/03 10:03:42 D! could not get region from imds v2 thus enable fallback
2023/11/03 10:03:42 I! WARN: failed to get session token, falling back to IMDSv1: 404 Not Found: Not Found
status code: 404, request id:
caused by: EC2MetadataError: failed to make EC2Metadata request
Not Found
status code: 404, request id:
W! could not get region from ec2 metadata... EC2MetadataRequestError: failed to get EC2 instance identity document
caused by: EC2MetadataError: failed to make EC2Metadata request
Not Found
status code: 404, request id: Are you using EC2 or On-Premises hosts?
1. EC2
2. On-Premises
default choice: [2]:
2
Please make sure the credentials and region set correctly on your hosts.
Refer to http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
Which user are you planning to run the agent?
1. root
2. cwagent
3. others
default choice: [1]:
1
Do you want to turn on StatsD daemon?
1. yes
2. no
default choice: [1]:
2
Do you want to monitor metrics from CollectD? WARNING: CollectD must be installed or the Agent will fail to start
1. yes
2. no
default choice: [1]:
2
Do you want to monitor any host metrics? e.g. CPU, memory, etc.
1. yes
2. no
default choice: [1]:
1
Do you want to monitor cpu metrics per core?
1. yes
2. no
default choice: [1]:
1
Would you like to collect your metrics at high resolution (sub-minute resolution)? This enables sub-minute resolution for all metrics, but you can customize for specific metrics in the output json file.
1. 1s
2. 10s
3. 30s
4. 60s
default choice: [4]:
2
Which default metrics config do you want?
1. Basic
2. Standard
3. Advanced
4. None
default choice: [1]:
2
Current config as follows:
{
"agent": {
"metrics_collection_interval": 10,
"run_as_user": "root"
},
"metrics": {
"metrics_collected": {
"cpu": {
"measurement": [
"cpu_usage_idle",
"cpu_usage_iowait"
],
"metrics_collection_interval": 10,
"resources": [
"*"
],
"totalcpu": true
},
"disk": {
"measurement": [
"used_percent"
],
"metrics_collection_interval": 10,
"resources": [
"*"
]
},
"diskio": {
"measurement": [
"io_time",
"write_bytes",
"read_bytes",
"writes",
"reads"
],
"metrics_collection_interval": 10,
"resources": [
"*"
]
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 10
},
"net": {
"measurement": [
"bytes_sent",
"bytes_recv",
"packets_sent",
"packets_recv"
],
"metrics_collection_interval": 10,
"resources": [
"*"
]
},
"swap": {
"measurement": [
"swap_used_percent"
],
"metrics_collection_interval": 10
}
}
}
}
Are you satisfied with the above config? Note: it can be manually customized after the wizard completes to add additional items.
1. yes
2. no
default choice: [1]:
1
Do you have any existing CloudWatch Log Agent (http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html) configuration file to import for migration?
1. yes
2. no
default choice: [2]:
2
Do you want to monitor any log files?
1. yes
2. no
default choice: [1]:
2
Do you want the CloudWatch agent to also retrieve X-ray traces?
1. yes
2. no
default choice: [1]:
2
Existing config JSON identified and copied to: /opt/aws/amazon-cloudwatch-agent/etc/backup-configs
Saved config file to /opt/aws/amazon-cloudwatch-agent/bin/config.json successfully.
Current config as follows:
{
"agent": {
"metrics_collection_interval": 10,
"run_as_user": "root"
},
"metrics": {
"metrics_collected": {
"cpu": {
"measurement": [
"cpu_usage_idle",
"cpu_usage_iowait"
],
"metrics_collection_interval": 10,
"resources": [
"*"
],
"totalcpu": true
},
"disk": {
"measurement": [
"used_percent"
],
"metrics_collection_interval": 10,
"resources": [
"*"
]
},
"diskio": {
"measurement": [
"io_time",
"write_bytes",
"read_bytes",
"writes",
"reads"
],
"metrics_collection_interval": 10,
"resources": [
"*"
]
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 10
},
"net": {
"measurement": [
"bytes_sent",
"bytes_recv",
"packets_sent",
"packets_recv"
],
"metrics_collection_interval": 10,
"resources": [
"*"
]
},
"swap": {
"measurement": [
"swap_used_percent"
],
"metrics_collection_interval": 10
}
}
}
}
Please check the above content of the config.
The config file is also located at /opt/aws/amazon-cloudwatch-agent/bin/config.json.
Edit it manually if needed.
Do you want to store the config in the SSM parameter store?
1. yes
2. no
default choice: [1]:
2
Program exits now.
How can I configure authentication without installing the AWS CLI, or is it really needed?
No, the AWS CLI is not needed to run the CloudWatch Agent.
It works separately & independently however it's ideal as you can use aws configure to set up the config & credentials for the agent.
If you don't want to use the AWS CLI, follow these steps:
.aws in your home directory (~/.aws)mkdir ~./aws
config in this directory (~/.aws/config) using the below commands, replacing the value for region with the destination for your logs.cd ~./aws
touch config
region="eu-west-1"
echo "[AmazonCloudWatchAgent]
region = $region" > config
➜ ~ cat config
[AmazonCloudWatchAgent]
region = eu-west-1
credentials in this directory (~/.aws/credentials) using the below commands, replacing aws_access_key_id & aws_secret_access_key with your respective credentials.touch credentials
access_key="xxx"
secret_key="yyy"
echo "[AmazonCloudWatchAgent]
aws_access_key_id = $access_key
aws_secret_access_key = $secret_key" > credentials
➜ ~ cat credentials
[AmazonCloudWatchAgent]
aws_access_key_id = xxx
aws_secret_access_key = yyy
Note that you're running the agent as the root user here, as you specified 1 as the answer to this question:
Which user are you planning to run the agent?
1. root
2. cwagent
3. others
This then sets the run_as_user field in the config JSON (/opt/aws/amazon-cloudwatch-agent/bin/config.json).
To run it as any other user other than root or cwagent, select 3 which prompts you for a username, or alternatively manually change the run_as_user field in the JSON yourself.
Ensure the config and credentials files exist in the correct home directory i.e. /home/{username}/.aws/credentials.