Download Scripts
Install Prerequisite Packages
sudo yum install wget unzip perl-core perl-DateTime perl-Sys-Syslog perl-CPAN perl-libwww-perl perl-Crypt-SMIME perl-Crypt-SSLeay
Install LWP Perl Bundles
- Launch cpan
-
sudo perl -MCPAN -e shell
-
- Install Bundle
-
install Bundle::LWP6 LWP YAML
-
Install Script
wget http://aws-cloudwatch.s3.amazonaws.com/downloads/CloudWatchMonitoringScripts-1.2.1.zip
unzip CloudWatchMonitoringScripts-1.2.1.zip -d /opt
rm -f CloudWatchMonitoringScripts-1.2.1.zip
Setup Credentials
API Access Key (Option 1)
This is good for testing, but it’s better to use IAM roles covered in Option 2.
- Copy awscreds template
-
cp /opt/aws-scripts-mon/awscreds.template /opt/aws-scripts-mon/awscreds.conf
-
- Add access key id and secret access key
-
vim /opt/aws-scripts-mon/awscreds.conf
-
- Lock down file access
-
chmod 0400 /opt/aws-scripts-mon/awscreds.conf
-
IAM Role (Option 2)
- Login to AWS web console
- Select Identity & Access Management
- Select Roles | Create New Role
- Enter Role Name
- i.e. ec2-cloudwatch
- Select Next Step
- Select Amazon EC2
- Search for cloudwatch
- Select CloudwatchFullAccess
- Select Next Step | Create Role
- Launch a new instance and assign the ec2-cloudwatch IAM role
You can not add an IAM Role to an existing EC2 Instance; you can only specify a role when you launch a new instance.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html?console_help=true
Test
This won’t send data to Cloudwatch.
/opt/aws-scripts-mon/mon-put-instance-data.pl --mem-util --verify --verbose
Example
MemoryUtilization: 31.7258903184253 (Percent) Using AWS credentials file <./awscreds.conf> Endpoint: https://monitoring.us-west-2.amazonaws.com Payload: {"MetricData":[{"Timestamp":1443537153,"Dimensions":[{"Value":"i-12e1fac4","Name":"InstanceId"}],"Value":31.7258903184253,"Unit":"Percent","MetricName":"MemoryUtilization"}],"Namespace":"System/Linux","__type":"com.amazonaws.cloudwatch.v2010_08_01#PutMetricDataInput"} Verification completed successfully. No actual metrics sent to CloudWatch.
Report to Cloudwatch Test
Test that communication to Cloudwatch works and design the command you’ll want to cron out in the next step.
/opt/aws-scripts-mon/mon-put-instance-data.pl --mem-util --mem-used --mem-avail
After you run this command one point-in-time metric should show up for the instance under Cloudwatch | Linux System
Create Cron Task (as root)
Now that you’ve tested out the command and figured out what you want to report it’s time to add a Cron task so it runs ever X minutes. Usually 5 minutes is good.
- Edit cron table
-
crontab -e
-
*/5 * * * * /opt/aws-scripts-mon/mon-put-instance-data.pl --mem-util --mem-used --mem-avail --disk-space-util --disk-path=/ --from-cron
-
Create Cron Task (as other user)
You may want to create a user that runs the cron. Here’s an example using a user named cloudwatch
- Create user
-
useradd cloudwatch
-
- Disable user login
-
usermod -s /sbin/nologin cloudwatch
-
- Set ownership
-
chown -R cloudwatch.cloudwatch /opt/aws-scripts-mon
-
- Edit cron table
-
crontab -e -u cloudwatch
-
- Add cron job
-
*/5 * * * * /opt/aws-scripts-mon/mon-put-instance-data.pl --mem-util --mem-used --mem-avail --swap-used --disk-space-util --disk-path=/ --from-cron
-
Verify Cron Job Ran
One way to verify the cron job ran is to look in the cron log.
less /var/log/cron
tail -f /var/log/cron
References
Monitor Script Arguments
Name | Description |
---|---|
–mem-util | Collects and sends the MemoryUtilization metrics in percentages. This option reports only memory allocated by applications and the operating system, and excludes memory in cache and buffers. |
–mem-used | Collects and sends the MemoryUsed metrics, reported in megabytes. This option reports only memory allocated by applications and the operating system, and excludes memory in cache and buffers. |
–mem-avail | Collects and sends the MemoryAvailable metrics, reported in megabytes. This option reports memory available for use by applications and the operating system. |
–swap-util | Collects and sends SwapUtilization metrics, reported in percentages. |
–swap-used | Collects and sends SwapUsed metrics, reported in megabytes. |
–disk-path=PATH | Selects the disk on which to report.PATH can specify a mount point or any file located on a mount point for the filesystem that needs to be reported. For selecting multiple disks, specify a –disk-path=PATH for each one of them. To select a disk for the filesystems mounted on / and /home, use the following parameters: –disk-path=/ –disk-path=/home |
–disk-space-util | Collects and sends the DiskSpaceUtilization metric for the selected disks. The metric is reported in percentages. |
–disk-space-used | Collects and sends the DiskSpaceUsed metric for the selected disks. The metric is reported by default in gigabytes.Due to reserved disk space in Linux operating systems, disk space used and disk space available might not accurately add up to the amount of total disk space. |
–disk-space-avail | Collects and sends the DiskSpaceAvailable metric for the selected disks. The metric is reported in gigabytes.Due to reserved disk space in the Linux operating systems, disk space used and disk space available might not accurately add up to the amount of total disk space. |
–memory-units=UNITS | Specifies units in which to report memory usage. If not specified, memory is reported in megabytes. UNITS may be one of the following: bytes, kilobytes, megabytes, gigabytes. |
–disk-space-units=UNITS | Specifies units in which to report disk space usage. If not specified, disk space is reported in gigabytes. UNITS may be one of the following: bytes, kilobytes, megabytes, gigabytes. |
–aws-credential- file=PATH | Provides the location of the file containing AWS credentials.This parameter cannot be used with the –aws-access-key-id and –aws-secret-keyparameters. |
–aws-access-key-id=VALUE | Specifies the AWS access key ID to use to identify the caller. Must be used together with the –aws-secret-key option. Do not use this option with the –aws-credential-file parameter. |
–aws-secret-key=VALUE | Specifies the AWS secret access key to use to sign the request to CloudWatch. Must be used together with the –aws-access-key-id option. Do not use this option with –aws-credential-file parameter. |
–verify | Performs a test run of the script that collects the metrics, prepares a complete HTTP request, but does not actually call CloudWatch to report the data. This option also checks that credentials are provided. When run in verbose mode, this option outputs the metrics that will be sent to CloudWatch. |
–from-cron | Use this option when calling the script from cron. When this option is used, all diagnostic output is suppressed, but error messages are sent to the local system log of the user account. |
–verbose | Displays detailed information about what the script is doing. |
–help | Displays usage information. |
–version | Displays the version number of the script. |