How to Install and Configure the CloudWatch Logs Agent on a Running EC2 Linux Instance & Push the logs to cloudwatch using Agent.

Step 1: Launch a EC2 Linuc instance & Attached IAM Role for CloudWatch Logs.

To configure your IAM role or user for CloudWatch Logs

Open the IAM console at https://console.aws.amazon.com/iam/.

In the navigation pane, choose Roles.

Choose the role by selecting the role name (do not select the check box next to the name).

Choose Attach Policies, Create Policy.

A new browser tab or window opens.

Choose the JSON tab and type the following JSON policy document.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "logs:DescribeLogStreams"
    ],
      "Resource": [
        "*"
    ]
  }
 ]
}

When you are finished, choose Review policy. The Policy Validator reports any syntax errors.

On the Review Policy page, type a Name and a Description (optional) for the policy that you are creating. Review the policy Summary to see the permissions that are granted by your policy. Then choose Create policy to save your work.

Close the browser tab or window, and return to the Add permissions page for your role. Choose Refresh, and then choose the new policy to attach it to your role.

Choose Attach Policy.

Step 2: Install  CloudWatch Logs agent on an Existing Amazon EC2 Instance.

sudo yum update -y

sudo yum install -y awslogs

Step 3: Install nginx web server  on an Existing Amazon EC2 Instance.

sudo amazon-linux-extras install nginx1

Step 4: start & enable nginx web server.

systemctl start nginx

systemctl enable nginx

Step 5: Edit the /etc/awslogs/awslogs.conf file to configure the logs to track.

[/var/log/nginx/access.log]

datetime_format = %b %d %H:%M:%S

file = /var/log/nginx/access.log

buffer_duration = 5000

log_stream_name = amazonlinux-{instance_id}

initial_position = start_of_file

log_group_name = /var/log/nginx/access_log

Step 6: By default, the /etc/awslogs/awscli.conf points to the us-east-1 region. To push your logs to a different region, edit the awscli.conf file and specify that region.

Step 7: Start the awslogs service.

sudo systemctl start awslogsd

Step 8: After this, Go to CloudWatch Service–>check Log groups.

Step 9: Click on /var/log/nginx/access_log log group name –>Click on Log stream-→show nginx logs

Leave a Reply