Menu
Amazon Elastic Compute Cloud
User Guide for Windows Instances

Configure Instances for CloudWatch

Choose from the following methods for configuring integration with CloudWatch.

Use Systems Manager Run Command to Integrate an Instance with CloudWatch

Run Command enables you to manage the configuration of your instances on demand. You specify a Systems Manager document, specify parameters, and execute the command on one or more instance. The SSM agent on the instance processes the command and configures the instance as specified.

You can use Run Command to configure integration with CloudWatch. After you configure integration, the SSM Agent sends all the logs you configured in your JSON file to CloudWatch. The time frame varies for when the information is sent. For the application, system, security, and event tracing (Windows) logs, the system sends all information generated within the first minute of integration being enabled. Logs that occurred before this time are not included. For any custom log files and Internet Information Services (IIS) logs, State Manager reads the log files from the beginning.

If you previously enabled CloudWatch integration by using the EC2Config service, Run Command settings override the EC2Config settings stored on the instance. By default, these settings are stored in the following file on the instance:

C:\Program Files\Amazon\Ec2ConfigService\Settings\AWS.EC2.Windows.CloudWatch.json

To configure integration with CloudWatch using Run Command

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, expand Systems Manager Services, and then choose Run Command.

  3. Choose Run a command.

  4. In the Command document section, choose AWS-ConfigureCloudWatch.

  5. In the Document Version list, choose Default version at runtime.

  6. In the Target instances section, choose the instances that you want to configure integration with CloudWatch. If you do not see an instance in this list, it might not be configured properly for Run Command. For more information, see Systems Manager Prerequisites.

  7. Choose Enabled, and then copy and paste your JSON content into the Properties field.

  8. If you want, complete the remaining optional fields

  9. Choose Run.

  10. The system returns you to the Run Command page.

View Command Output

Use the following procedure to view the results of command execution in the Amazon EC2 console.

To view command output

  1. In the Amazon EC2 console, select a command in the list.

  2. Choose the Output tab.

  3. Choose View Output. The command output page shows the results of your command execution.

Use Systems Manager State Manager to Integrate an Instance and CloudWatch

State Manager enables you to manage the configuration of your Windows instances while they are running. You create a configuration document, which describes configuration tasks (for example, sending performance counters to CloudWatch and logs to CloudWatch Logs), and then associate the configuration document with one or more running Windows instances. The SSM agent on the instance processes the configuration document and configures the instance as specified.

You can use Systems Manager State Manager (formerly called SSM Config) to configure integration with CloudWatch. After you configure integration, the SSM Agent sends all the logs you configured in your JSON file to CloudWatch. The time frame varies for when the information is sent. For the application, system, security, and event tracing (Windows) logs, the system sends all information generated within the first minute of integration being enabled. Logs that occurred before this time are not included. If you disable logging and then later re-enable logging, State Manager sends logs from where it left off. For any custom log files and Internet Information Services (IIS) logs, State Manager reads the log files from the beginning.

If you previously enabled CloudWatch integration by using the EC2Config service, State Manager settings override the EC2Config settings stored on the instance. By default, these settings are stored in the following file on the instance:

C:\Program Files\Amazon\Ec2ConfigService\Settings\AWS.EC2.Windows.CloudWatch.json

To configure integration with CloudWatch using State Manager

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, expand Systems Manager Services, and then choose State Manager.

  3. Choose Create Association.

  4. In the Select Document section, choose AWS-ConfigureCloudWatch.

  5. In the Document Version list, choose Default version at runtime.

  6. In the Targets section, choose the instances that you want to configure integration with CloudWatch. If you do not see an instance in this list, it might not be configured properly for Run Command. For more information, see Systems Manager Prerequisites.

  7. In the Schedule section, choose how often you want Systems Manager to apply this policy; meaning, how often you want Systems Manager to ensure the integration with CloudWatch is still valid. The Schedule option does not affect the frequency when the SSM Agent sends data to CloudWatch.

  8. In the Parameters section, choose Enabled, and then copy and paste your JSON content into the Properties field.

  9. (Optional) In the Advanced section, choose Write to S3 to send command output to an Amazon S3 bucket.

    Important

    The Output page in the Amazon EC2 console truncates output after 2500 characters. Configure an Amazon S3 bucket before executing commands using Systems Manager. If your command output was longer than 2500 characters, you can view the full output in your Amazon S3 bucket. For more information, see Create a Bucket.

  10. Choose Create Association.

  11. The system returns you to the State Manager page. In the associations list, choose the association you just created, and then choose Apply Association Now.

Send Instance Metrics to CloudWatch Using the Local Configuration File Method

This section includes information about how to integrate an Amazon EC2 Windows Server managed instance with CloudWatch using a configuration file. Choose your operating system.

Windows Server 2016

The following procedure describes how to configure CloudWatch using the SSM Agent on Amazon EC2 Windows Server 2016 instances. The SSM Agent is the only agent compatible with this operating system.

Important

If you specify credentials in a configuration file, those credentials could potentially be exposed in debug logs. To avoid exposing credentials, use one of the other methods for configuring CloudWatch integration. For more information, see Configure Instances for CloudWatch.

To configure CloudWatch using SSM Agent

  1. Verify that you completed the preliminary tasks. For more information, see Preliminary Tasks for Configuring Integration with CloudWatch.

  2. Download the latest version of the SSM Agent to your instance. For more information, see Installing SSM Agent on Windows.

  3. Open the AWS.EC2.Windows.CloudWatch.json file, and change IsEnabled to true.

    Note

    With IsEnabled set to true, the agent will start sending data to CloudWatch immediately after the agent is started or restarted. By default, the IsEnabled value is set to false.

  4. Save the file with the same name in the following folder on your Windows Server 2016 instance: C:\Program Files\Amazon\SSM\Plugins\awsCloudWatch/

  5. Start or restart the SSM agent (AmazonSSMAgent.exe) using the Windows Services control panel or by sending the following command in PowerShell:

    Copy
    Restart-Service AmazonSSMAgent

After the SSM agent restarts, it detects the local configuration file and configures the instance for CloudWatch integration. If you change parameters and settings in the local configuration file, you need to restart the SSM agent to pick up the changes. If you want to disable CloudWatch integration on the instance, change IsEnabled to false and save your changes in the configuration file.

Windows Server 2008-2012 R2

Use the procedures in this section to configure Windows Server 2008-2012 R2 for CloudWatch. The procedure you choose depends on the version of EC2Config running on your instance. For information about how to determine which version of EC2Config is running on your instance, see Installing the Latest Version of EC2Config.

Use EC2Config 4.x to Configure CloudWatch

Use this procedure to configure Amazon EC2 Windows Server 2008-2012 R2 instances for CloudWatch. This procedure instructs you to download and install the latest version of the EC2Config service, which also install the latest version of SSM Agent. The latest version of EC2Config processes start-up and initialization tasks. SSM Agent sends data to CloudWatch.

Important

If you specify credentials in a configuration file, those credentials could potentially be exposed in debug logs. To avoid exposing credentials, use one of the other methods for configuring CloudWatch integration. For more information, see Configure Instances for CloudWatch.

To configure CloudWatch on Windows Server 2008-2012 R2

  1. Verify that you completed the preliminary tasks. For more information, see Preliminary Tasks for Configuring Integration with CloudWatch.

  2. Verify the version of EC2Config running on your instance, and download the latest version. For more information, see Installing the Latest Version of EC2Config.

  3. (Optional) If you have an existing JSON file from an EC2Config 3.x integration with CloudWatch, open the file, and add the IsEnabled section. The IsEnabled section must be located on the same level as the EngineConfiguration section. The following example illustrates this:

    Copy
    { "IsEnabled":true, "EngineConfiguration":{ "PollInterval":"00:00:15", "Components":[ { "Id":"OsCpuUtilization", "FullName":"AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch", "Parameters":{ "CategoryName":"Process", [Sample JSON truncated]

    Note

    With IsEnabled set to true, the agent will start sending data to CloudWatch immediately after the agent is started or restarted. By default, the IsEnabled value is set to false.

  4. Save the file with the same name in the following folder on your Windows Server 2008 - 2012 R2 instance: C:\Program Files\Amazon\SSM\Plugins\awsCloudWatch/

  5. Start or restart the SSM agent (AmazonSSMAgent.exe) using the Windows Services control panel or by sending the following command in PowerShell:

    Copy
    Restart-Service AmazonSSMAgent

After the SSM agent restarts, it detects the local configuration file and configures the instance for CloudWatch integration. If you change parameters and settings in the local configuration file, you need to restart the SSM agent to pick up the changes. If you want to disable CloudWatch integration on the instance, change IsEnabled to false and save your changes in the configuration file.

Use EC2Config 3.x or Earlier to Configure CloudWatch

Use the following procedure if you need to run an older version of EC2Config on your instances and continue to integrate with CloudWatch.

Important

If you specify credentials in a configuration file, those credentials could potentially be exposed in debug logs. To avoid exposing credentials, use one of the other methods for configuring CloudWatch integration. For more information, see Configure Instances for CloudWatch.

  1. Verify that you completed the preliminary tasks. For more information, see Preliminary Tasks for Configuring Integration with CloudWatch.

  2. Connect to your Windows instance.

  3. From the Start menu, choose All Programs, and then choose EC2ConfigService Settings.

  4. On the General tab of the Ec2 Service Properties dialog box, under CloudWatch Logs, choose Enable CloudWatch Logs integration, and then choose OK.

  5. If you made changes to the AWS.EC2.Windows.CloudWatch.json file, then you must restart the EC2Config service. For more information, see Stopping, Restarting, Deleting, or Uninstalling EC2Config.

Note

You can also enable CloudWatch Logs by adding the following script to the user data field when you launch an instance. EC2Config will run this script every time your instance is restarted to make sure that CloudWatch Logs integration is enabled. To run this script only when an instance is first launched, remove <persist>true</persist> from the script.

Copy
<powershell> $EC2SettingsFile="C:\Program Files\Amazon\Ec2ConfigService\Settings\Config.xml" $xml = [xml](get-content $EC2SettingsFile) $xmlElement = $xml.get_DocumentElement() $xmlElementToModify = $xmlElement.Plugins foreach ($element in $xmlElementToModify.Plugin) { if ($element.name -eq "AWS.EC2.Windows.CloudWatch.PlugIn") { $element.State="Enabled" } } $xml.Save($EC2SettingsFile) </powershell> <persist>true</persist>