Automating the installation of CloudWatch agent

1
votes

I just want to know if there are other ways to approach this problem:

I have an AWS multi account setup. The EC2's are going to be monitored over all the accounts and when alerts are triggered via sns there is a mail going to be sent. For all EC2's with Windows Server 2016 and later, Amazon Linux and Ubuntu 16.04 and 18.04 the SSM agents come pre-installed. That way I can push the CloudWatch agent via System Manager Run Command to the EC2's per AWS account.

I was wondering is there a more simple way that i can force that CloudWatch Agent is installed with every new EC2 deployed in an AWS account, without installing the agent manually on the instance or via Run Command?

I was thinking working with tags, something like: "IsMonitored" and as value true or false. for example everyday at 17hr a Lambda function will go over all the instances in that account and search for IsMonitored = false, Get that instance ID and with a (boto3?) cript push the agent on that instance. This seemed to complicated so i wanted to check if there is maybe other simple solutions that would do the same.

Thanks in advance,

Iman

2
amazon-web-servicesamazon-ec2aws-lambdaamazon-cloudwatchaws-systems-manager

2 Answers

1
votes

One simpler approach could be using prebaked AMI. First, spin up an EC2 with the normal AMI you use. Next, install the CloudWatch agent and create an image. From now on, you can spin up EC2's using the new AMI which has CloudWatch agent preinstalled.

If prebaked AMI doesn't work for you, I recommend using an infrastructure-as-code (IaC) tool like Ansible to automate the installation process.

0
votes

To install a cloudwatch agent in each instance particular region you can implement by shell script.

The approach is:

  • Manual work is create some default configuration file in parameter store for both the type of instance a. for windows b. for linux based

In shell script
For particular region

  1. Get the total number of ec2 instance id list
  2. Check the platform which type of machine is using Windows or Linux based
  3. If the platform is Windows then add Windows type configuration file from parameter store else add Linux configuration file

For getting platform name :

platform=$(aws ec2 describe-instances --instance-ids <instance id> --query 'Reservations[*].Instances[*].[Platform]' --output text)

For installing packages :

aws ssm send-command --instance-ids <instance id> --document-name "AWS-ConfigureAWSPackage" --parameters "name=AmazonCloudWatchAgent,action=Install,installationType=Uninstall and reinstall"  --comment "Install CloudWatch Agent on EC2 Windows/Linux machine"

For start CWagent :

aws ssm send-command  --instance-ids $one_instance --document-name "AmazonCloudWatch-ManageAgent" --parameters "mode=ec2,optionalRestart=yes,optionalConfigurationSource=ssm,action=configure,optionalConfigurationLocation=AmazonLinuxCloudWatchAgentConfig"  --comment "Configure CloudWatch Agent on EC2 Linux machine"

For more reference you can use this link.