Install CloudWatch Agent on Windows and collect data

TOC

Install CloudWatch Agent on Windows instance and configure to collect logs and metrics

The CloudWatch Agent can be used to collect logs and metrics.

Collect internal system-level metrics from Amazon EC2 instances across operating systems…

Collect logs from Amazon EC2 instances and on-premises servers, running either Linux or Windows Server.

Collecting metrics and logs from Amazon EC2 instances and on-premises servers with the CloudWatch agent

This time, we will target a Windows instance (Windows Server 2019).

For the procedure to install CloudWatch Agent on a Linux instance (Amazon Linux 2), please refer to the following page.

あわせて読みたい
Install CloudWatch Agent on Linux and collect data 【Install CloudWatch Agent on Linux instance and configure to collect logs and metrics】 The CloudWatch Agent can be used to collect logs and metrics. Collec...

Environment

The configuration is the same as the Linux version. For details, please refer to Install CloudWatch Agent on Linux and collect data – Environment.

CloudFormation template files

Diagram of install CloudWatch Agent on Windows.

The configuration differs from the Linux version.
In the Linux version, access to various services (Sysmtem Manager, CloudWatch, S3) was via VPC endpoints, but this time a NAT gateway is used.

CloudFormation template files

Build the above configuration with CloudFormation.
The CloudFormation template is located at the following URL

https://github.com/awstut-an-r/awstut-fa/tree/main/016

Template file points

The configuration differs between the Linux and Windows versions, but the approach is similar.
This means that whether you are using Linux or Windows, you can install the CloudWatch Agent in the same way by using the following two SSM documents.

  • AWS-ConfigureAWSPackage
  • AmazonCloudWatch-ManageAgent

This page focuses on the differences from the Linux version.

NAT gateway to access various services

The first difference from the Linux version is the access routes to the various services, which use NAT gateways.

Resources:
  EIP:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc

  NATGateway:
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: !GetAtt EIP.AllocationId
      SubnetId: !Ref PublicSubnetCode language: CSS (css)

The Linux version used a VPC endpoint. This was because the instance was Amazon Linux 2 and we could run yum against the S3 bucket. Therefore, there was no need to go through the Internet to install the CloudWatch agent.
Please see the following page for more details.

あわせて読みたい
yum/dnf on private subnet instances 【Configuration for running yum/dnf on instance in private subnet】 We will check how to run yum/dnf on an instance in a private subnet. In this case, the fo...

In contrast, this Windows version requires access to the Internet when installing the CloudWatch agent. Therefore, VPC endpoints alone cannot meet the requirement. Therefore, a NAT gateway is installed to provide a pathway for Windows instances in the private subnet to access the Internet.

CloudWatch agent config

The method of storing CloudWatch agent configurations in SSM parameters is the same as in the Linux version, but the contents are slightly different.

Resources:
  CloudWatchConfigParemeter:
    Type: AWS::SSM::Parameter
    Properties:
      Name: AmazonCloudWatch-windows
      Type: String
      Value: !Sub |
        {
          "logs": {
            "logs_collected": {
              "windows_events": {
                "collect_list": [
                  {
                    "event_format": "xml",
                    "event_levels": [
                      "VERBOSE",
                      "INFORMATION",
                      "WARNING",
                      "ERROR",
                      "CRITICAL"
                    ],
                    "event_name": "System",
                    "log_group_name": "${Prefix}"
                  }
                ]
              }
            }
          },
          "metrics": {
            "append_dimensions": {
              "ImageId": "${!aws:ImageId}",
              "InstanceId": "${!aws:InstanceId}",
              "InstanceType": "${!aws:InstanceType}"
            },
            "metrics_collected": {
              "Memory": {
                "measurement": [
                  "% Committed Bytes In Use"
                ],
                "metrics_collection_interval": 60
              },
              "Paging File": {
                "measurement": [
                  "% Usage"
                ],
                "metrics_collection_interval": 60,
                "resources": [
                  "*"
                ]
              }
            }
          }
        }
Code language: YAML (yaml)

In the Windows version, define the logs and metrics sections and configure them to collect logs and metrics for the instance. Specifically, the logs section should be set to collect system-related content from the event log, and the metrics section should be set to collect items related to memory paging.

Architecting

We will use CloudFormation to build this environment and check its actual behavior.

Create CloudFormation stacks and check resources in stacks

Create a CloudFormation stacks.
For more information on how to create stacks and check each stack, please refer to the following page.

あわせて読みたい
CloudFormation’s nested stack 【How to build an environment with a nested CloudFormation stack】 Examine nested stacks in CloudFormation. CloudFormation allows you to nest stacks. Nested ...

After checking the resources for each stack, the information for the main resources created this time is as follows

  • ID of Instance1: i-0d6ab5e24e2453ef4
  • S3 bucket name: fa-016
  • CloudWatch Logs log group name: fa-016

Checking execution status of SSM Run Command

Check the execution status from the AWS Management Console.

Two SSM Run Commands are being executed.

You can see that the two commands have indeed been executed and completed successfully.

Next, access the S3 bucket and check the log of the SSM Run Command execution.
First, here is the execution result of the CloudWatch Agent installation.

Execution result of AWS-ConfigureAWSPackage.

The contents of the file are as follows

Initiating arn:aws:ssm:::package/AmazonCloudWatchAgent 1.247349.0b251399 install
Plugin aws:runPowerShellScript ResultStatus Success
install output: Running install.ps1

Successfully installed arn:aws:ssm:::package/AmazonCloudWatchAgent 1.247349.0b251399
Code language: plaintext (plaintext)

You can see that it has been installed successfully.

Next is the result of running the CloudWatch Agent.

Execution result of AmazonCloudWatch-ManageAgent.

The contents of the file are as follows

****** processing amazon-cloudwatch-agent ******
Region: ap-northeast-1
credsConfig: map[]
Successfully fetched the config and saved in C:\ProgramData\Amazon\AmazonCloudWatchAgent\Configs\ssm_AmazonCloudWatch-windows.tmp
Start configuration validation...
2021/12/28 07:32:23 Reading json config file path: C:\ProgramData\Amazon\AmazonCloudWatchAgent\Configs\ssm_AmazonCloudWatch-windows.tmp ...
Valid Json input schema.
No csm configuration found.
Configuration validation first phase succeeded
Configuration validation second phase succeeded
Configuration validation succeeded
AmazonCloudWatchAgent has been stopped
AmazonCloudWatchAgent has been started
Code language: plaintext (plaintext)

You can see that it has been started successfully.

Access instance and check CloudWatch Agent is running

In the meantime, we will access the instance and check the activation status of CloudWatch Agent.
To access the instance, we will use SSM Session Manager.

$ aws ssm start-session \
--target i-0d6ab5e24e2453ef4

Starting session with SessionId: root-04cc7fc7ea067957c
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

PS C:\Windows\system32>
Code language: Bash (bash)

For more information on accessing instances using the SSM Session Manager, please refer to the following page.

あわせて読みたい
Accessing Windows instance via SSM Session Manager 【Configure Windows instances to be accessed via SSM Session Manager】 We will check a configuration that accesses a Windows instance via SSM Session Manager...

Now that you have access, check the startup status.

PS C:\Windows\system32> Get-Service -Name AmazonCloudWatchAgent

Status   Name               DisplayName
------   ----               -----------
Running  AmazonCloudWatc... Amazon CloudWatch Agent
Code language: PowerShell (powershell)

You can see that the “Status” item is “Running”, indicating that it is working properly.

Check logs delivered by CloudWatch Agent

Let’s check the data that was delivered.
First, check the status of the streams in the log group.

A stream has been created in CloudWatch Logs by launching the CloudWatch Agent.

The log group name and stream name are as specified in the CloudWatch Agent configuration.

Next, we will check the logs delivered to the stream.

Logs are being delivered through CloudWatch Agent.

You can see that the logs are being distributed normally.

Check metrics delivered by CloudWatch Agent

Finally, we will check the metrics.
In the AWS Management Console, access the following

CloudWatch > Metrics > All metrics > CWAgent

The graph was created by CloudWatch custom metrics.

As shown above, the metrics have been delivered and the graph has been created.

Summary

We have reviewed the steps to install CloudWatch Agent on a Windows instance using SSM.

Verified that CloudWatch Agent can be used to deliver logs and metrics.

TOC