Cloudwatch is an Amazon Web Service that is available when you spin up an EC2 instance. In order to configure this integration, you must sign up for an EC2 instance by going Here.
In this lab, I am using a Amazon Linux AMI
- You must download and import the AWS Communication Plan titled AWSCloudWatch.zip into your xMatters instance. You can find the file in this repo
- Slight familiarity with AWS
The CloudWatch Logs agent supports IAM roles and users. If your instance already has an IAM role associated with it, make sure that you include the IAM policy below. If you don't already have an IAM role assigned to your instance, you can use your IAM credentials for the next steps or you can assign an IAM role to that instance. For more information, see Attaching an IAM Role to an Instance.
- To configure your IAM role or user for CloudWatch Logs
-
Open the IAM console at https://console.aws.amazon.com/iam/.
-
In the navigation pane, choose Roles.
-
Choose the role by selecting the role name (do not select the check box next to the name).
-
On the Permissions tab, expand Inline Policies and choose the link to create an inline policy.
-
On the Set Permissions page, choose Custom Policy, Select.
-
For more information about creating custom policies, see IAM Policies for Amazon EC2 in the Amazon EC2 User Guide for Linux Instances.
-
On the Review Policy page, for Policy Name, type a name for the policy.
-
For Policy Document, paste in the following policy:
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Resource": [
"arn:aws:logs:*:*:*"
]
}
]
}
- Click on the Amazon Simple Notification Service
- Create a topic
3.) Create a Subscription
- Make sure the end point is protocol is https
- Take the ARN from your previous topic and paste it into the ARN field
- In the endpoint field, grab the endpoint from the integration builder in "Inbound from SNS" in your AWS Cloudwatch Communication Plan.
The process for installing the CloudWatch Logs agent differs depending on whether your Amazon EC2 instance is running Amazon Linux, Ubuntu, CentOS, or Red Hat. Use the steps appropriate for the version of Linux on your instance. However, remember, in this example we are using a Amazon Linux instance
To install and configure CloudWatch Logs on an existing Amazon Linux instance
Starting with Amazon Linux AMI 2014.09, the CloudWatch Logs agent is available as an RPM installation with the awslogs package. Earlier versions of Amazon Linux can access the awslogs package by updating their instance with the sudo yum update -y
command. By installing the awslogs package as an RPM instead of the using the CloudWatch Logs installer, your instance receives regular package updates and patches from AWS without having to manually reinstall the CloudWatch Logs agent.
Do not update the CloudWatch Logs agent using the RPM installation method if you previously used the Python script to install the agent. Doing so may cause configuration issues that prevent the CloudWatch Logs agent from sending your logs to CloudWatch.
- Connect to your Amazon Linux instance. For more information, see Connect to Your Instance in the Amazon EC2 User Guide for Linux Instances.
If you have trouble connecting, see Troubleshooting Connecting to Your Instance in the Amazon EC2 User Guide for Linux Instances.
- Update your Amazon Linux instance to pick up the latest changes in the package repositories.
sudo yum update -y
sudo yum install -y awslogs
- Edit the
/etc/awslogs/awscli.conf
file and in the [default] section, specify the region in which to view log data and add your credentials.region = us-east-1 aws_access_key_id = <YOUR ACCESS KEY> aws_secret_access_key = <YOUR SECRET KEY>
- Install apache web service by running
sudo yum install httpd
. One Apache is installed, start the service by runningservice httpd start
- Next, we will need to configure which logs we want to track
- We will do this by downloading the following script
wget https://s3.amazonaws.com/aws-cloudwatch/downloads/awslogs-agent-setup-v1.0.py
- And then running the following
sudo python ./awslogs-agent-setup-v1.0.py --region us-east-1
- When prompt, input your AWS Access Key ID
- When prompt, input your AWS Secret Access Key
- You can leave the default region name blank
- You can leave the default output format blank
- When prompt for the Log stream name, enter option 3 and type "Apache Error Logs"
- Chose a timestamp for your output
- One the configuration is complete you should run
sudo service awslogs restart
- Head over to AWS Cloudwatch
6 Click on Logs
7.) You should see your apache logs
- After your logs are being sent to CloudWatch, In the CloudWatch console click on Logs
- Find your Apache logs
- Click on Create Metric Filter
- In the Filter Pattern type
shutting down
- Define the Metric
- Name the filter
shutting-down
- Name the Metric
apacheShutDown
- Go back to the CloudWatch Console
- Click on Alarm
- Click on Create Alarm
- Name the alarm
apache is down
- Description
Apache Web Service has stopped
- Whenever: apacheShutDown is
>=1
for1
consecutive period - Whenever this alarm:
State is ALARM
- Send notification to
Send_to_XM
- Log into your EC2 instance
- Type the following command
sudo service httpd stop
- Your Alarm should be triggered in Cloudwatch
- You should also get an alert from xMatters telling you Apache has stopped
- Run
sudo yum update -y
- Install Docker by running
sudo yum install -y docker
- The docker Deamon is located at
/var/log/docker
- Repeat Step 3 part 4 to log the docker deamon logs
- Repeat Step 5 to configure your alarm in CloudWatch