メニュー
AWS CloudFormation
ユーザーガイド (API Version 2010-05-15)

Amazon CloudWatch Logs テンプレートスニペット

Amazon CloudWatch Logs は、Amazon EC2 インスタンスまたはそのほかのリソースから、システム、アプリケーション、およびカスタムログファイルを監視できます。AWS CloudFormation を使用してロググループおよびメトリクスフィルタをプロビジョニングし、管理できます。Amazon CloudWatch Logs を使い始める場合の詳細については、Amazon CloudWatch ユーザーガイドの「システム、アプリケーション、およびカスタムログファイルのモニタリング」を参照してください。

Linux インスタンスから CloudWatch Logs へのログの送信

以下のテンプレートは、ウェブサーバーおよびそのカスタムメトリクスを記述します。ウェブサーバーのログからのログイベントは、カスタムメトリクスのデータを提供します。ログイベントをカスタムメトリクスに送信するために、UserData フィールドは Amazon EC2 インスタンスに CloudWatch Logs エージェントをインストールします。サーバーログファイルの場所、ロググループ名、ログストリーム名などのエージェントの設定情報は、/tmp/cwlogs/apacheaccess.conf ファイルで定義されます。ウェブサーバーが /var/log/httpd/access_log ファイルにログイベントを送信し始めると、ログストリームが作成されます。

注記

アクセス権限についての注意: WebServerHostインスタンスは LogRoleInstanceProfile インスタンスプロファイルを参照し、インスタンスプロファイルはさらに LogRole ロールを参照します。LogRolearn:aws:s3:::* への s3:GetObject アクセス権限を指定します。

このアクセス権限が必要なのは、WebServerHostUserData セクションの Amazon S3 から CloudWatch Logs エージェント (awslogs-agent-setup.py) をダウンロードするためです。

2 つのメトリクスフィルタで、ログ情報を CloudWatch メトリクスに変換する方法を記述します。404 メトリクスは 404 の発生数をカウントします。サイズメトリクスはリクエストのサイズを追跡します。2 分間で 3 つ以上の 404 が発生した場合、または平均リクエストサイズが 3500 KB を超える状態が 10 分を超える場合は、2 つの CloudWatch アラームが通知を送信します。

JSON

Copy
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "AWS CloudFormation Sample Template for CloudWatch Logs.", "Parameters": { "KeyName": { "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances", "Type": "AWS::EC2::KeyPair::KeyName", "ConstraintDescription" : "must be the name of an existing EC2 KeyPair." }, "SSHLocation" : { "Description" : "The IP address range that can be used to SSH to the EC2 instances", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "0.0.0.0/0", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, "OperatorEmail": { "Description": "Email address to notify if there are any scaling operations", "Type": "String" } }, "Mappings": { "RegionMap": { "us-east-1": { "AMI": "ami-fb8e9292" }, "us-west-1": { "AMI": "ami-7aba833f" }, "us-west-2": { "AMI": "ami-043a5034" }, "eu-west-1": { "AMI": "ami-2918e35e" }, "ap-southeast-1": { "AMI": "ami-b40d5ee6" }, "ap-southeast-2": { "AMI": "ami-3b4bd301" }, "ap-northeast-1": { "AMI": "ami-c9562fc8" }, "sa-east-1": { "AMI": "ami-215dff3c" }, "eu-central-1": { "AMI" : "ami-a03503bd" } } }, "Resources": { "LogRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/", "Policies": [ { "PolicyName": "LogRolePolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:Create*", "logs:PutLogEvents", "s3:GetObject" ], "Resource": [ "arn:aws:logs:*:*:*", "arn:aws:s3:::*" ] } ] } } ] } }, "LogRoleInstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "LogRole" } ] } }, "WebServerSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Enable HTTP access via port 80 and SSH access via port 22", "SecurityGroupIngress" : [ {"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"}, {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "SSHLocation"}} ] } }, "WebServerHost": { "Type": "AWS::EC2::Instance", "Metadata": { "Comment": "Install a simple PHP application", "AWS::CloudFormation::Init": { "config": { "packages": { "yum": { "httpd": [], "php": [] } }, "files": { "/tmp/cwlogs/apacheaccess.conf": { "content": { "Fn::Join": [ "", [ "[general]\n", "state_file= /var/awslogs/agent-state\n", "[/var/log/httpd/access_log]\n", "file = /var/log/httpd/access_log\n", "log_group_name = ", {"Ref": "WebServerLogGroup"}, "\n", "log_stream_name = {instance_id}/apache.log\n", "datetime_format = %d/%b/%Y:%H:%M:%S" ] ] }, "mode": "000400", "owner": "apache", "group": "apache" }, "/var/www/html/index.php": { "content": { "Fn::Join": [ "", [ "<?php\n", "echo '<h1>AWS CloudFormation sample PHP application</h1>';\n", "?>\n" ] ] }, "mode": "000644", "owner": "apache", "group": "apache" }, "/etc/cfn/cfn-hup.conf": { "content": { "Fn::Join": [ "", [ "[main]\n", "stack=", { "Ref": "AWS::StackId" }, "\n", "region=", { "Ref": "AWS::Region" }, "\n" ] ] }, "mode": "000400", "owner": "root", "group": "root" }, "/etc/cfn/hooks.d/cfn-auto-reloader.conf": { "content": { "Fn::Join": [ "", [ "[cfn-auto-reloader-hook]\n", "triggers=post.update\n", "path=Resources.WebServerHost.Metadata.AWS::CloudFormation::Init\n", "action=/opt/aws/bin/cfn-init -s ", { "Ref": "AWS::StackId" }, " -r WebServerHost ", " --region ", { "Ref": "AWS::Region" }, "\n", "runas=root\n" ] ] } } }, "services": { "sysvinit": { "httpd": { "enabled": "true", "ensureRunning": "true" }, "sendmail": { "enabled": "false", "ensureRunning": "false" } } } } } }, "CreationPolicy" : { "ResourceSignal" : { "Timeout" : "PT5M" } }, "Properties": { "ImageId": { "Fn::FindInMap": [ "RegionMap", { "Ref": "AWS::Region" }, "AMI" ] }, "KeyName": { "Ref": "KeyName" }, "InstanceType": "t1.micro", "SecurityGroups": [ { "Ref": "WebServerSecurityGroup" } ], "IamInstanceProfile": { "Ref": "LogRoleInstanceProfile" }, "UserData": { "Fn::Base64": { "Fn::Join": [ "", [ "#!/bin/bash -xe\n", "# Get the latest CloudFormation package\n", "yum install -y aws-cfn-bootstrap\n", "# Start cfn-init\n", "/opt/aws/bin/cfn-init -s ", { "Ref": "AWS::StackId" }, " -r WebServerHost ", " --region ", { "Ref": "AWS::Region" }, " || error_exit 'Failed to run cfn-init'\n", "# Start up the cfn-hup daemon to listen for changes to the EC2 instance metadata\n", "/opt/aws/bin/cfn-hup || error_exit 'Failed to start cfn-hup'\n", "# Get the CloudWatch Logs agent\n", "wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py\n", "# Install the CloudWatch Logs agent\n", "python awslogs-agent-setup.py -n -r ", { "Ref" : "AWS::Region" }, " -c /tmp/cwlogs/apacheaccess.conf || error_exit 'Failed to run CloudWatch Logs agent setup'\n", "# All done so signal success\n", "/opt/aws/bin/cfn-signal -e $? ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource WebServerHost ", " --region ", { "Ref" : "AWS::Region" }, "\n" ] ] } } } }, "WebServerLogGroup": { "Type": "AWS::Logs::LogGroup", "Properties": { "RetentionInDays": 7 } }, "404MetricFilter": { "Type": "AWS::Logs::MetricFilter", "Properties": { "LogGroupName": { "Ref": "WebServerLogGroup" }, "FilterPattern": "[ip, identity, user_id, timestamp, request, status_code = 404, size, ...]", "MetricTransformations": [ { "MetricValue": "1", "MetricNamespace": "test/404s", "MetricName": "test404Count" } ] } }, "BytesTransferredMetricFilter": { "Type": "AWS::Logs::MetricFilter", "Properties": { "LogGroupName": { "Ref": "WebServerLogGroup" }, "FilterPattern": "[ip, identity, user_id, timestamp, request, status_code, size, ...]", "MetricTransformations": [ { "MetricValue": "$size", "MetricNamespace": "test/BytesTransferred", "MetricName": "testBytesTransferred" } ] } }, "404Alarm": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "AlarmDescription": "The number of 404s is greater than 2 over 2 minutes", "MetricName": "test404Count", "Namespace": "test/404s", "Statistic": "Sum", "Period": "60", "EvaluationPeriods": "2", "Threshold": "2", "AlarmActions": [ { "Ref": "AlarmNotificationTopic" } ], "ComparisonOperator": "GreaterThanThreshold" } }, "BandwidthAlarm": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "AlarmDescription": "The average volume of traffic is greater 3500 KB over 10 minutes", "MetricName": "testBytesTransferred", "Namespace": "test/BytesTransferred", "Statistic": "Average", "Period": "300", "EvaluationPeriods": "2", "Threshold": "3500", "AlarmActions": [ { "Ref": "AlarmNotificationTopic" } ], "ComparisonOperator": "GreaterThanThreshold" } }, "AlarmNotificationTopic": { "Type": "AWS::SNS::Topic", "Properties": { "Subscription": [ { "Endpoint": { "Ref": "OperatorEmail" }, "Protocol": "email" } ] } } }, "Outputs": { "InstanceId": { "Description": "The instance ID of the web server", "Value": { "Ref": "WebServerHost" } }, "WebsiteURL" : { "Value" : { "Fn::Join" : ["", ["http://", { "Fn::GetAtt" : [ "WebServerHost", "PublicDnsName" ]}]] }, "Description" : "URL for newly created LAMP stack" }, "PublicIP": { "Description": "Public IP address of the web server", "Value": { "Fn::GetAtt": [ "WebServerHost", "PublicIp" ] } }, "CloudWatchLogGroupName": { "Description": "The name of the CloudWatch log group", "Value": { "Ref": "WebServerLogGroup" } } } }

YAML

Copy
AWSTemplateFormatVersion: '2010-09-09' Description: AWS CloudFormation Sample Template for CloudWatch Logs. Parameters: KeyName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instances Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: must be the name of an existing EC2 KeyPair. SSHLocation: Description: The IP address range that can be used to SSH to the EC2 instances Type: String MinLength: '9' MaxLength: '18' Default: 0.0.0.0/0 AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. OperatorEmail: Description: Email address to notify if there are any scaling operations Type: String Mappings: RegionMap: us-east-1: AMI: ami-fb8e9292 us-west-1: AMI: ami-7aba833f us-west-2: AMI: ami-043a5034 eu-west-1: AMI: ami-2918e35e ap-southeast-1: AMI: ami-b40d5ee6 ap-southeast-2: AMI: ami-3b4bd301 ap-northeast-1: AMI: ami-c9562fc8 sa-east-1: AMI: ami-215dff3c eu-central-1: AMI: ami-a03503bd Resources: LogRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole Path: "/" Policies: - PolicyName: LogRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - logs:Create* - logs:PutLogEvents - s3:GetObject Resource: - arn:aws:logs:*:*:* - arn:aws:s3:::* LogRoleInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: "/" Roles: - Ref: LogRole WebServerSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 SecurityGroupIngress: - IpProtocol: tcp FromPort: '80' ToPort: '80' CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: '22' ToPort: '22' CidrIp: Ref: SSHLocation WebServerHost: Type: AWS::EC2::Instance Metadata: Comment: Install a simple PHP application AWS::CloudFormation::Init: config: packages: yum: httpd: [] php: [] files: "/tmp/cwlogs/apacheaccess.conf": content: !Sub | [general] state_file= /var/awslogs/agent-state [/var/log/httpd/access_log] file = /var/log/httpd/access_log log_group_name = ${WebServerLogGroup} log_stream_name = {instance_id}/apache.log datetime_format = %d/%b/%Y:%H:%M:%S mode: '000400' owner: apache group: apache "/var/www/html/index.php": content: !Sub | "<?php" "echo '<h1>AWS CloudFormation sample PHP application</h1>';" "?>" mode: '000644' owner: apache group: apache "/etc/cfn/cfn-hup.conf": content: !Sub | [main] stack= ${AWS::StackId} region=${AWS::Region} mode: "000400" owner: "root" group: "root" "/etc/cfn/hooks.d/cfn-auto-reloader.conf": content: !Sub | [cfn-auto-reloader-hook] triggers=post.update path=Resources.WebServerHost.Metadata.AWS::CloudFormation::Init action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource WebServerHost --region ${AWS::Region} mode: "000400" owner: "root" group: "root" services: sysvinit: httpd: enabled: 'true' ensureRunning: 'true' sendmail: enabled: 'false' ensureRunning: 'false' CreationPolicy: ResourceSignal: Timeout: PT5M Properties: ImageId: Fn::FindInMap: - RegionMap - Ref: AWS::Region - AMI KeyName: Ref: KeyName InstanceType: t1.micro SecurityGroups: - Ref: WebServerSecurityGroup IamInstanceProfile: Ref: LogRoleInstanceProfile UserData: "Fn::Base64": !Sub | #!/bin/bash -xe # Get the latest CloudFormation package yum update -y aws-cfn-bootstrap # Start cfn-init /opt/aws/bin/cfn-init -s ${AWS::StackId} -r WebServerHost --region ${AWS::Region} || error_exit 'Failed to run cfn-init' # Start up the cfn-hup daemon to listen for changes to the EC2 instance metadata /opt/aws/bin/cfn-hup || error_exit 'Failed to start cfn-hup' # Get the CloudWatch Logs agent wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py # Install the CloudWatch Logs agent python awslogs-agent-setup.py -n -r ${AWS::Region} -c /tmp/cwlogs/apacheaccess.conf || error_exit 'Failed to run CloudWatch Logs agent setup' # All done so signal success /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackId} --resource WebServerHost --region ${AWS::Region} WebServerLogGroup: Type: AWS::Logs::LogGroup Properties: RetentionInDays: 7 404MetricFilter: Type: AWS::Logs::MetricFilter Properties: LogGroupName: Ref: WebServerLogGroup FilterPattern: "[ip, identity, user_id, timestamp, request, status_code = 404, size, ...]" MetricTransformations: - MetricValue: '1' MetricNamespace: test/404s MetricName: test404Count BytesTransferredMetricFilter: Type: AWS::Logs::MetricFilter Properties: LogGroupName: Ref: WebServerLogGroup FilterPattern: "[ip, identity, user_id, timestamp, request, status_code, size, ...]" MetricTransformations: - MetricValue: "$size" MetricNamespace: test/BytesTransferred MetricName: testBytesTransferred 404Alarm: Type: AWS::CloudWatch::Alarm Properties: AlarmDescription: The number of 404s is greater than 2 over 2 minutes MetricName: test404Count Namespace: test/404s Statistic: Sum Period: '60' EvaluationPeriods: '2' Threshold: '2' AlarmActions: - Ref: AlarmNotificationTopic ComparisonOperator: GreaterThanThreshold BandwidthAlarm: Type: AWS::CloudWatch::Alarm Properties: AlarmDescription: The average volume of traffic is greater 3500 KB over 10 minutes MetricName: testBytesTransferred Namespace: test/BytesTransferred Statistic: Average Period: '300' EvaluationPeriods: '2' Threshold: '3500' AlarmActions: - Ref: AlarmNotificationTopic ComparisonOperator: GreaterThanThreshold AlarmNotificationTopic: Type: AWS::SNS::Topic Properties: Subscription: - Endpoint: Ref: OperatorEmail Protocol: email Outputs: InstanceId: Description: The instance ID of the web server Value: Ref: WebServerHost WebsiteURL: Value: !Sub 'http://${WebServerHost.PublicDnsName}' Description: URL for newly created LAMP stack PublicIP: Description: Public IP address of the web server Value: !GetAtt WebServerHost.PublicIp CloudWatchLogGroupName: Description: The name of the CloudWatch log group Value: !Ref WebServerLogGroup

Windows インスタンスから CloudWatch Logs へのログの送信

次のテンプレートは、Windows 2012 R2 インスタンス用に CloudWatch Logs を設定します。

Windows の CloudWatch Logs エージェント (Windows 2012 R2 および Windows 2016 AMI の SSM エージェント) は、起動後にのみログを送信するため、起動前に生成されたログは送信されません。この問題を対処するため、テンプレートは次のようにして、ログが書き込まれる前にエージェントを確実に起動します。

  • cfn-init configSets の最初の config 項目としてエージェントのセットアップを行います。

  • waitAfterCompletion を使用して、コマンドがエージェントを起動した後で一時停止を挿入します。

JSON

Copy
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Sample template that sets up and configures CloudWatch logs on Windows 2012R2 instance.", "Parameters": { "KeyPair" : { "Description": "Name of an existing EC2 KeyPair to enable RDP access to the instances", "Type": "AWS::EC2::KeyPair::KeyName", "ConstraintDescription" : "must be the name of an existing EC2 KeyPair." }, "RDPLocation" : { "Description" : "The IP address range that can be used to RDP to the EC2 instances", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "0.0.0.0/0", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, "OperatorEmail": { "Description": "Email address to notify if there are any scaling operations", "Type": "String" } }, "Mappings": { "AWSAMIRegionMap": { "ap-northeast-1": { "WS2012R2": "ami-cb7429ac" }, "ap-northeast-2": { "WS2012R2": "ami-34d4075a" }, "ap-south-1": { "WS2012R2": "ami-dd8cfcb2" }, "ap-southeast-1": { "WS2012R2": "ami-e5a51786" }, "ap-southeast-2": { "WS2012R2": "ami-a63934c5" }, "ca-central-1": { "WS2012R2": "ami-d242ffb6" }, "eu-central-1": { "WS2012R2": "ami-d029febf" }, "eu-west-1": { "WS2012R2": "ami-d3dee9b5" }, "eu-west-2": { "WS2012R2": "ami-e5b3a681" }, "sa-east-1": { "WS2012R2": "ami-83f594ef" }, "us-east-1": { "WS2012R2": "ami-11e84107" }, "us-east-2": { "WS2012R2": "ami-d85773bd" }, "us-west-1": { "WS2012R2": "ami-052d7565" }, "us-west-2": { "WS2012R2": "ami-09f47d69" } } }, "Resources": { "WebServerSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Enable HTTP access via port 80 and RDP access via port 3389", "SecurityGroupIngress" : [ {"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"}, {"IpProtocol" : "tcp", "FromPort" : "3389", "ToPort" : "3389", "CidrIp" : { "Ref" : "RDPLocation"}} ] } }, "LogRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "ManagedPolicyArns" : [ "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"], "Path": "/", "Policies": [ { "PolicyName": "LogRolePolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:Create*", "logs:PutLogEvents", "s3:GetObject" ], "Resource": [ "arn:aws:logs:*:*:*", "arn:aws:s3:::*" ] } ] } } ] } }, "LogRoleInstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "LogRole" } ] } }, "WebServerHost": { "Type": "AWS::EC2::Instance", "CreationPolicy" : { "ResourceSignal" : { "Timeout" : "PT15M" } }, "Metadata": { "AWS::CloudFormation::Init" : { "configSets" : { "config": [ "00-ConfigureCWLogs", "01-InstallWebServer", "02-ConfigureApplication", "03-Finalize" ] }, "00-ConfigureCWLogs" : { "files": { "C:\\Program Files\\Amazon\\SSM\\Plugins\\awsCloudWatch\\AWS.EC2.Windows.CloudWatch.json": { "content": { "Fn::Join": [ "", [ "{", " \"IsEnabled\" : true,", " \"EngineConfiguration\" : {", " \"PollInterval\" : \"00:00:05\",", " \"Components\" : [{", " \"Id\" : \"ApplicationEventLog\",", " \"FullName\" : \"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\" : {", " \"LogName\" : \"Application\",", " \"Levels\" : \"7\"", " }", " },", " {", " \"Id\" : \"SystemEventLog\",", " \"FullName\" : \"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\" : {", " \"LogName\" : \"System\",", " \"Levels\" : \"7\"", " }", " },", " {", " \"Id\" : \"SecurityEventLog\",", " \"FullName\" : \"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\" : {", " \"LogName\" : \"Security\",", " \"Levels\" : \"7\"", " }", " },", " {", " \"Id\" : \"EC2ConfigLog\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"LogDirectoryPath\": \"C:\\\\Program Files\\\\Amazon\\\\Ec2ConfigService\\\\Logs\",", " \"TimestampFormat\": \"yyyy-MM-ddTHH:mm:ss.fffZ:\",", " \"Encoding\": \"ASCII\",", " \"Filter\": \"EC2ConfigLog.txt\",", " \"CultureName\": \"en-US\",", " \"TimeZoneKind\": \"UTC\"", " }", " },", " {", " \"Id\": \"CfnInitLog\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"LogDirectoryPath\": \"C:\\\\cfn\\\\log\",", " \"TimestampFormat\": \"yyyy-MM-dd HH:mm:ss,fff\",", " \"Encoding\": \"ASCII\",", " \"Filter\": \"cfn-init.log\",", " \"CultureName\": \"en-US\",", " \"TimeZoneKind\": \"Local\"", " }", " },", " {", " \"Id\" : \"IISLogs\",", " \"FullName\" : \"AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\" : {", " \"LogDirectoryPath\" : \"C:\\\\inetpub\\\\logs\\\\LogFiles\\\\W3SVC1\",", " \"TimestampFormat\" : \"yyyy-MM-dd HH:mm:ss\",", " \"Encoding\" : \"UTF-8\",", " \"Filter\" : \"\",", " \"CultureName\" : \"en-US\",", " \"TimeZoneKind\" : \"UTC\",", " \"LineCount\" : \"3\"", " }", " },", " {", " \"Id\" : \"MemoryPerformanceCounter\",", " \"FullName\" : \"AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\" : {", " \"CategoryName\" : \"Memory\",", " \"CounterName\" : \"Available MBytes\",", " \"InstanceName\" : \"\",", " \"MetricName\" : \"Memory\",", " \"Unit\" : \"Megabytes\",", " \"DimensionName\" : \"\",", " \"DimensionValue\" : \"\"", " }", " },", " {", " \"Id\": \"CloudWatchApplicationEventLog\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"AccessKey\": \"\",", " \"SecretKey\": \"\",", { "Fn::Sub": " \"Region\": \"${AWS::Region}\"," }, { "Fn::Sub": " \"LogGroup\": \"${LogGroup}\"," }, " \"LogStream\": \"{instance_id}/ApplicationEventLog\"", " }", " },", " {", " \"Id\": \"CloudWatchSystemEventLog\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"AccessKey\": \"\",", " \"SecretKey\": \"\",", { "Fn::Sub": " \"Region\": \"${AWS::Region}\"," }, { "Fn::Sub": " \"LogGroup\": \"${LogGroup}\"," }, " \"LogStream\": \"{instance_id}/SystemEventLog\"", " }", " },", " {", " \"Id\": \"CloudWatchSecurityEventLog\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"AccessKey\": \"\",", " \"SecretKey\": \"\",", { "Fn::Sub": " \"Region\": \"${AWS::Region}\"," }, { "Fn::Sub": " \"LogGroup\": \"${LogGroup}\"," }, " \"LogStream\": \"{instance_id}/SecurityEventLog\"", " }", " },", " {", " \"Id\": \"CloudWatchEC2ConfigLog\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"AccessKey\": \"\",", " \"SecretKey\": \"\",", { "Fn::Sub": " \"Region\": \"${AWS::Region}\"," }, { "Fn::Sub": " \"LogGroup\": \"${LogGroup}\"," }, " \"LogStream\": \"{instance_id}/EC2ConfigLog\"", " }", " },", " {", " \"Id\": \"CloudWatchCfnInitLog\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"AccessKey\": \"\",", " \"SecretKey\": \"\",", { "Fn::Sub": " \"Region\": \"${AWS::Region}\"," }, { "Fn::Sub": " \"LogGroup\": \"${LogGroup}\"," }, " \"LogStream\": \"{instance_id}/CfnInitLog\"", " }", " },", " {", " \"Id\": \"CloudWatchIISLogs\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"AccessKey\": \"\",", " \"SecretKey\": \"\",", { "Fn::Sub": " \"Region\": \"${AWS::Region}\"," }, { "Fn::Sub": " \"LogGroup\": \"${LogGroup}\"," }, " \"LogStream\": \"{instance_id}/IISLogs\"", " }", " },", " {", " \"Id\" : \"CloudWatch\",", " \"FullName\" : \"AWS.EC2.Windows.CloudWatch.CloudWatch.CloudWatchOutputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\" : {", " \"AccessKey\" : \"\",", " \"SecretKey\" : \"\",", { "Fn::Sub": " \"Region\": \"${AWS::Region}\"," }, " \"NameSpace\" : \"Windows/Default\"", " }", " }],", " \"Flows\": {", " \"Flows\": [", " \"ApplicationEventLog,CloudWatchApplicationEventLog\",", " \"SystemEventLog,CloudWatchSystemEventLog\",", " \"SecurityEventLog,CloudWatchSecurityEventLog\",", " \"EC2ConfigLog,CloudWatchEC2ConfigLog\",", " \"CfnInitLog,CloudWatchCfnInitLog\",", " \"IISLogs,CloudWatchIISLogs\",", " \"MemoryPerformanceCounter,CloudWatch\"", " ]", " }", " }", "}" ] ] } } }, "commands": { "0-enableSSM" : { "command" : "powershell.exe -Command \"Set-Service -Name AmazonSSMAgent -StartupType Automatic\" ", "waitAfterCompletion" : "0" }, "1-restartSSM": { "command" : "powershell.exe -Command \"Restart-Service AmazonSSMAgent \"", "waitAfterCompletion" : "30" } } }, "01-InstallWebServer": { "commands": { "01_install_webserver": { "command": "powershell.exe -Command \"Install-WindowsFeature Web-Server -IncludeAllSubFeature\"", "waitAfterCompletion": "0" } } }, "02-ConfigureApplication": { "files": { "c:\\Inetpub\\wwwroot\\index.htm": { "content": { "Fn::Join": [ "\n", [ "<html>", "<head>", "<title>Test Application</title>", "</head>", "<body>", "<h1>Congratulations!! Your IIS Web Server is configured.</h1>", "</body>", "</html>" ] ] } } } }, "03-Finalize": { "commands": { "00_signal_success": { "command": { "Fn::Sub" : "cfn-signal.exe -e 0 --resource WebServerHost --stack ${AWS::StackName} --region ${AWS::Region} " }, "waitAfterCompletion": "0" } } } } }, "Properties": { "KeyName": { "Ref" : "KeyPair"}, "ImageId": { "Fn::FindInMap": [ "AWSAMIRegionMap", { "Ref": "AWS::Region" }, "WS2012R2" ] }, "InstanceType": "t2.xlarge", "SecurityGroupIds" : [{ "Ref" : "WebServerSecurityGroup"}], "IamInstanceProfile" : { "Ref" : "LogRoleInstanceProfile"}, "UserData": { "Fn::Base64": { "Fn::Join": [ "\n", [ "<script>", "wmic product where \"description='Amazon SSM Agent' \" uninstall", "wmic product where \"description='aws-cfn-bootstrap' \" uninstall ", "start /wait c:\\Windows\\system32\\msiexec /passive /qn /i https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-win64-latest.msi", "powershell.exe -Command \"iwr https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe -UseBasicParsing -OutFile C:\\AmazonSSMAgentSetup.exe\"", "start /wait C:\\AmazonSSMAgentSetup.exe /install /quiet", { "Fn::Sub" : "cfn-init.exe -v -c config -s ${AWS::StackName} --resource WebServerHost --region ${AWS::Region} " }, "</script>" ] ] } } } }, "LogGroup": { "Type": "AWS::Logs::LogGroup", "Properties": { "RetentionInDays": 7 } }, "404MetricFilter": { "Type": "AWS::Logs::MetricFilter", "Properties": { "LogGroupName": { "Ref": "LogGroup" }, "FilterPattern": "[timestamps,serverip, method, uri, query, port, dash, clientip, useragent, status_code = 404, ...]", "MetricTransformations": [ { "MetricValue": "1", "MetricNamespace": "test/404s", "MetricName": "test404Count" } ] } }, "404Alarm": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "AlarmDescription": "The number of 404s is greater than 2 over 2 minutes", "MetricName": "test404Count", "Namespace": "test/404s", "Statistic": "Sum", "Period": "60", "EvaluationPeriods": "2", "Threshold": "2", "AlarmActions": [ { "Ref": "AlarmNotificationTopic" } ], "ComparisonOperator": "GreaterThanThreshold" } }, "AlarmNotificationTopic": { "Type": "AWS::SNS::Topic", "Properties": { "Subscription": [ { "Endpoint": { "Ref": "OperatorEmail" }, "Protocol": "email" } ] } } }, "Outputs": { "InstanceId": { "Description": "The instance ID of the web server", "Value": { "Ref": "WebServerHost" } }, "WebsiteURL" : { "Value" : { "Fn::Join" : ["", ["http://", { "Fn::GetAtt" : [ "WebServerHost", "PublicDnsName" ]}]] }, "Description" : "URL for newly created IIS web server" }, "PublicIP": { "Description": "Public IP address of the web server", "Value": { "Fn::GetAtt": [ "WebServerHost", "PublicIp" ] } }, "CloudWatchLogGroupName": { "Description": "The name of the CloudWatch log group", "Value": { "Ref": "LogGroup" } } } }

YAML

Copy
AWSTemplateFormatVersion: '2010-09-09' Description: Sample template that sets up and configures CloudWatch logs on Windows 2012R2 instance instance. Parameters: KeyPair: Description: Name of an existing EC2 KeyPair to enable RDP access to the instances Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: must be the name of an existing EC2 KeyPair. RDPLocation: Description: The IP address range that can be used to RDP to the EC2 instances Type: String MinLength: '9' MaxLength: '18' Default: 0.0.0.0/0 AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. OperatorEmail: Description: Email address to notify if there are any scaling operations Type: String Mappings: AWSAMIRegionMap: ap-northeast-1: WS2012R2: ami-cb7429ac ap-northeast-2: WS2012R2: ami-34d4075a ap-south-1: WS2012R2: ami-dd8cfcb2 ap-southeast-1: WS2012R2: ami-e5a51786 ap-southeast-2: WS2012R2: ami-a63934c5 ca-central-1: WS2012R2: ami-d242ffb6 eu-central-1: WS2012R2: ami-d029febf eu-west-1: WS2012R2: ami-d3dee9b5 eu-west-2: WS2012R2: ami-e5b3a681 sa-east-1: WS2012R2: ami-83f594ef us-east-1: WS2012R2: ami-11e84107 us-east-2: WS2012R2: ami-d85773bd us-west-1: WS2012R2: ami-052d7565 us-west-2: WS2012R2: ami-09f47d69 Resources: WebServerSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable HTTP access via port 80 and RDP access via port 3389 SecurityGroupIngress: - IpProtocol: tcp FromPort: '80' ToPort: '80' CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: '3389' ToPort: '3389' CidrIp: !Ref 'RDPLocation' LogRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM Path: / Policies: - PolicyName: LogRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - logs:Create* - logs:PutLogEvents - s3:GetObject Resource: - arn:aws:logs:*:*:* - arn:aws:s3:::* LogRoleInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref 'LogRole' WebServerHost: Type: AWS::EC2::Instance CreationPolicy: ResourceSignal: Timeout: PT15M Metadata: AWS::CloudFormation::Init: configSets: config: - 00-ConfigureCWLogs - 01-InstallWebServer - 02-ConfigureApplication - 03-Finalize 00-ConfigureCWLogs: files: C:\Program Files\Amazon\SSM\Plugins\awsCloudWatch\AWS.EC2.Windows.CloudWatch.json: content: !Sub | { "EngineConfiguration": { "Components": [ { "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "ApplicationEventLog", "Parameters": { "Levels": "7", "LogName": "Application" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "SystemEventLog", "Parameters": { "Levels": "7", "LogName": "System" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "SecurityEventLog", "Parameters": { "Levels": "7", "LogName": "Security" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "EC2ConfigLog", "Parameters": { "CultureName": "en-US", "Encoding": "ASCII", "Filter": "EC2ConfigLog.txt", "LogDirectoryPath": "C:\\Program Files\\Amazon\\Ec2ConfigService\\Logs", "TimeZoneKind": "UTC", "TimestampFormat": "yyyy-MM-ddTHH:mm:ss.fffZ:" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "CfnInitLog", "Parameters": { "CultureName": "en-US", "Encoding": "ASCII", "Filter": "cfn-init.log", "LogDirectoryPath": "C:\\cfn\\log", "TimeZoneKind": "Local", "TimestampFormat": "yyyy-MM-dd HH:mm:ss,fff" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "IISLogs", "Parameters": { "CultureName": "en-US", "Encoding": "UTF-8", "Filter": "", "LineCount": "3", "LogDirectoryPath": "C:\\inetpub\\logs\\LogFiles\\W3SVC1", "TimeZoneKind": "UTC", "TimestampFormat": "yyyy-MM-dd HH:mm:ss" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "MemoryPerformanceCounter", "Parameters": { "CategoryName": "Memory", "CounterName": "Available MBytes", "DimensionName": "", "DimensionValue": "", "InstanceName": "", "MetricName": "Memory", "Unit": "Megabytes" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchApplicationEventLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/ApplicationEventLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchSystemEventLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/SystemEventLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchSecurityEventLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/SecurityEventLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchEC2ConfigLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/EC2ConfigLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchCfnInitLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/CfnInitLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchIISLogs", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/IISLogs", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatch.CloudWatchOutputComponent,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatch", "Parameters": { "AccessKey": "", "NameSpace": "Windows/Default", "Region": "${AWS::Region}", "SecretKey": "" } } ], "Flows": { "Flows": [ "ApplicationEventLog,CloudWatchApplicationEventLog", "SystemEventLog,CloudWatchSystemEventLog", "SecurityEventLog,CloudWatchSecurityEventLog", "EC2ConfigLog,CloudWatchEC2ConfigLog", "CfnInitLog,CloudWatchCfnInitLog", "IISLogs,CloudWatchIISLogs", "MemoryPerformanceCounter,CloudWatch" ] }, "PollInterval": "00:00:05" }, "IsEnabled": true } commands: 0-enableSSM: command: 'powershell.exe -Command "Set-Service -Name AmazonSSMAgent -StartupType Automatic" ' waitAfterCompletion: '0' 1-restartSSM: command: 'powershell.exe -Command "Restart-Service AmazonSSMAgent "' waitAfterCompletion: '30' 01-InstallWebServer: commands: 01_install_webserver: command: powershell.exe -Command "Install-WindowsFeature Web-Server -IncludeAllSubFeature" waitAfterCompletion: '0' 02-ConfigureApplication: files: c:\Inetpub\wwwroot\index.htm: content: '<html> <head> <title>Test Application Page</title> </head> <body> <h1>Congratulations !! Your IIS server is configured.</h1> </body> </html>' 03-Finalize: commands: 00_signal_success: command: !Sub 'cfn-signal.exe -e 0 --resource WebServerHost --stack ${AWS::StackName} --region ${AWS::Region}' waitAfterCompletion: '0' Properties: KeyName: !Ref 'KeyPair' ImageId: !FindInMap [AWSAMIRegionMap, !Ref 'AWS::Region', WS2012R2] InstanceType: t2.xlarge SecurityGroupIds: - !Ref 'WebServerSecurityGroup' IamInstanceProfile: !Ref 'LogRoleInstanceProfile' UserData: Fn::Base64: !Sub | <script> wmic product where "description='Amazon SSM Agent' " uninstall wmic product where "description='aws-cfn-bootstrap' " uninstall start /wait c:\\Windows\\system32\\msiexec /passive /qn /i https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-win64-latest.msi powershell.exe -Command "iwr https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe -UseBasicParsing -OutFile C:\\AmazonSSMAgentSetup.exe" start /wait C:\\AmazonSSMAgentSetup.exe /install /quiet cfn-init.exe -v -c config -s ${AWS::StackName} --resource WebServerHost --region ${AWS::Region} </script> LogGroup: Type: AWS::Logs::LogGroup Properties: RetentionInDays: 7 404MetricFilter: Type: AWS::Logs::MetricFilter Properties: LogGroupName: !Ref 'LogGroup' FilterPattern: '[timestamps, serverip, method, uri, query, port, dash, clientip, useragent, status_code = 404, ...]' MetricTransformations: - MetricValue: '1' MetricNamespace: test/404s MetricName: test404Count 404Alarm: Type: AWS::CloudWatch::Alarm Properties: AlarmDescription: The number of 404s is greater than 2 over 2 minutes MetricName: test404Count Namespace: test/404s Statistic: Sum Period: '60' EvaluationPeriods: '2' Threshold: '2' AlarmActions: - !Ref 'AlarmNotificationTopic' ComparisonOperator: GreaterThanThreshold AlarmNotificationTopic: Type: AWS::SNS::Topic Properties: Subscription: - Endpoint: !Ref 'OperatorEmail' Protocol: email Outputs: InstanceId: Description: The instance ID of the web server Value: !Ref 'WebServerHost' WebsiteURL: Value: !Sub 'http://${WebServerHost.PublicDnsName}' Description: URL for newly created IIS web server PublicIP: Description: Public IP address of the web server Value: !GetAtt 'WebServerHost.PublicIp' CloudWatchLogGroupName: Description: The name of the CloudWatch log group Value: !Ref 'LogGroup'

以下の資料も参照してください。

CloudWatch Logs リソースの詳細については、「AWS::Logs::LogGroup」または「AWS::Logs::MetricFilter」を参照してください。