diff options
| author | Daniil Baturin <daniil@vyos.io> | 2023-04-13 15:18:42 +0100 | 
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-13 15:18:42 +0100 | 
| commit | 035853c8e7d7e4d99bca0afe839348e06f66e24a (patch) | |
| tree | aa67dc00c4f32485c5dd4d171ccbdb53cd4afbbe | |
| parent | 88816d4ab387067c25d41b075cce9c90eb20cb90 (diff) | |
| parent | aea11c595aaea36458e5139e906555628fa6d7f7 (diff) | |
| download | vyos-documentation-035853c8e7d7e4d99bca0afe839348e06f66e24a.tar.gz vyos-documentation-035853c8e7d7e4d99bca0afe839348e06f66e24a.zip | |
Merge pull request #987 from andriiandrieiev/master
AWS: T425: cloudwatch
| -rw-r--r-- | docs/installation/cloud/aws.rst | 47 | 
1 files changed, 46 insertions, 1 deletions
| diff --git a/docs/installation/cloud/aws.rst b/docs/installation/cloud/aws.rst index d64aca82..da0c46d3 100644 --- a/docs/installation/cloud/aws.rst +++ b/docs/installation/cloud/aws.rst @@ -49,9 +49,54 @@ Deploy VyOS on Amazon :abbr:`AWS (Amazon Web Services)`      ssh -i ~/.ssh/amazon.pem vyos@203.0.113.3      vyos@ip-192-0-2-10:~$ +Amazon CloudWatch Agent Usage +----------------------------- +To use Amazon CloudWatch Agent, configure it within the Amazon SSM Parameter Store. If you don't have a configuration yet, do :ref:`configuration_creation`. +1. Create an :abbr:`IAM (Identity and Access Management)` role for the :abbr:`EC2 (Elastic Compute Cloud)` instance to access CloudWatch service, and name it CloudWatchAgentServerRole. The role should contain two default policies: CloudWatchAgentServerPolicy and AmazonSSMManagedInstanceCore.   + +2. Attach the created role to your VyOS :abbr:`EC2 (Elastic Compute Cloud)` instance. + +3. Ensure that amazon-cloudwatch-agent package is installed.  + +  .. code-block:: none + +    $ sudo apt list --installed | grep amazon-cloudwatch-agent + +  .. note:: The amazon-cloudwatch-agent package is normally included in VyOS 1.3.3+ and 1.4+ + +3. Retreive an existing CloudWatch Agent configuration from the :abbr:`SSM (Systems Manager)` Parameter Store. + +  .. code-block:: none + +    $ sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c ssm:<your-configuration-name> + +  This step also enables systemd service and runs it. + +  .. note:: The VyOS platform-specific scripts feature is under development. Thus, this step should be repeated manually after changing system image (:doc:`/installation/update`) + +.. _configuration_creation: + +CloudWatch SSM Configuration creation +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Creating the Amazon Cloudwatch Agent Configuration in Amazon :abbr:`SSM (Systems Manager)` Parameter Store. + +1. Create an :abbr:`IAM (Identity and Access Management)` role for your :abbr:`EC2 (Elastic Compute Cloud)` instance to access the CloudWatch service. Name it CloudWatchAgentAdminRole. The role should contain at two default policies: CloudWatchAgentAdminPolicy and AmazonSSMManagedInstanceCore.   + +  .. note:: CloudWatchAgentServerRole is too permisive and should be used for single configuration creation and deployment. That's why after completion of step #3 higly recommended to replace instance CloudWatchAgentAdminRole role with CloudWatchAgentServerRole. + +2. Run Cloudwatch configuration wizard. + +  .. code-block:: none + +    $ sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard + +3. When prompted, answer "yes" to the question "Do you want to store the config in the SSM parameter store?".  References  ---------- -https://console.aws.amazon.com/
\ No newline at end of file +- https://console.aws.amazon.com/ +- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/create-iam-roles-for-cloudwatch-agent.html +- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-EC2-Instance-fleet.html
\ No newline at end of file | 
