Menu
Amazon Elastic Compute Cloud
User Guide for Windows Instances

Sending Logs, Events, and Performance Counters to Amazon CloudWatch

You can configure your Amazon EC2 instances to send Windows Server logs, events, and performance counters to Amazon CloudWatch Logs and Amazon CloudWatch Events. Amazon EC2 offers several methods for configuring your instances to export this data. The method you choose will depend, in part, on the version of Windows Server you are running and the version of the configuration agent running on your instance. It will also depend on whether you want to manually configure your instances to use a local configuration file or remotely configure them using Systems Manager Run Command or Systems Manager State Manager. For more information about CloudWatch Logs, see the Amazon CloudWatch Logs User Guide. For more information about Systems Manager, see the Amazon EC2 Systems Manager User Guide.

Note

In this section, CloudWatch Logs, CloudWatch Events, and CloudWatch metrics will be collectively referred to as CloudWatch, unless otherwise noted.

Methods to Send Instance Metrics to CloudWatch

The following table describes the different options for configuring integration with CloudWatch.

Method How It Works Pros Cons

Local configuration file

  1. Create a JSON file from a template that specifies credentials and the data you want to send to CloudWatch.

  2. Login to the instance

  3. Copy and paste the configuration file into a specific directory. The agent on the instance begins sending data to CloudWatch within a few minutes.

Method does not require an IAM role attached to the instance for CloudWatch integration. This is a legacy process for sending metrics to CloudWatch.

You must manually add the configuration file to each instance. If you update the agent running on the instance, you might need to manually update the configuration file to address changes in the new version of the agent.

Important

If you specify credentials in a configuration file, there is a chance those credentials could be exposed in log files, including debug log files.

Systems Manager Run Command

  1. Configure IAM permissions on the instance, and verify that your instance meets Systems Manager prerequisites.

  2. Create a JSON file from a template that specifies the data you want to send to CloudWatch.

  3. Remotely send commands to configure one or more instances for logging. The agent on the instance begins sending data to CloudWatch within a few minutes.

You can quickly configure multiple instances to send log data without having to login to each instance.

Setting up prerequisites and configuring permissions takes longer than the local configuration file option.

Systems Manager State Manager

  1. Configure IAM permissions on the instance, and verify that your instance meets Systems Manager prerequisites.

  2. Create a JSON file from a template that specifies the data you want to send to CloudWatch.

  3. Remotely send commands to associate the JSON document with one or more instances. The agent on the instance begins sending data to CloudWatch according to the schedule defined in the association.

State Manager continually enforces the policy of the JSON document according to a schedule that you define. Run Command does not enforce the contents of the JSON document as a policy, and configuration changes to the instance could potentially impact the server's ability to send log data.

You can quickly configure multiple instances to send log data without having to login to each instance.

Setting up prerequisites and configuring permissions takes longer than the local configuration file option.

Amazon EC2 instances use an agent to send log data to CloudWatch. The agent is either the EC2Config service or the Systems Manager (SSM) Agent. The following table shows which agent is responsible for sending log data based on agent version and Windows Server operating system (OS).

Operating System Agent Notes

Windows Server 2016

SSM Agent

The EC2Config service is not supported on Windows Server 2016.

Windows Server 2008-2012 R2

EC2Config or SSM Agent

If your instance is running EC2Config version 3.x or earlier, then the EC2Config service sends log data to CloudWatch. If your instance is running EC2Config version 4.x or later, then SSM Agent sends log data to CloudWatch.