CloudWatchAgent

class aws_rfdk.CloudWatchAgent(scope, id, *, cloud_watch_config, host, should_install_agent=None)

Bases: Construct

This construct is a thin wrapper that provides the ability to install and configure the CloudWatchAgent ( https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Install-CloudWatch-Agent.html ) on one or more EC2 instances during instance startup.

It accomplishes this by downloading and executing the configuration script on the instance. The script will download the CloudWatch Agent installer, optionally verify the installer, and finally install the CloudWatch Agent. The installer is downloaded via the Amazon S3 API, thus, this construct can be used on instances that have no access to the internet as long as the VPC contains an VPC Gateway Endpoint for S3 ( https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html ).

{@link CloudWatchAgent.SKIP_CWAGENT_VALIDATION_CTX_VAR} - Context variable to skip validation of the downloaded CloudWatch Agent installer if set to ‘TRUE’. WARNING: Only use this if your deployments are failing due to a validation failure, but you have verified that the failure is benign.

Resources Deployed

  • String SSM Parameter in Systems Manager Parameter Store to store the cloudwatch agent configuration;

  • A script Asset which is uploaded to S3 bucket.

Security Considerations

  • Using this construct on an instance will result in that instance dynamically downloading and running scripts from your CDK bootstrap bucket when that instance is launched. You must limit write access to your CDK bootstrap bucket to prevent an attacker from modifying the actions performed by these scripts. We strongly recommend that you either enable Amazon S3 server access logging on your CDK bootstrap bucket, or enable AWS CloudTrail on your account to assist in post-incident analysis of compromised production environments.

Parameters:

  • scope (Construct) –

  • id (str) –

  • cloud_watch_config (str) – CloudWatch agent configuration string in json format.

  • host (IScriptHost) – The host instance/ASG/fleet with a CloudWatch Agent to be configured.

  • should_install_agent (Optional[bool]) – Whether or not we should attempt to install the CloudWatch agent. Default: true

Methods

to_string()

Returns a string representation of this construct.

Return type:

str

Attributes

SKIP_CWAGENT_VALIDATION_CTX_VAR = 'RFDK_SKIP_CWAGENT_VALIDATION'
node

The tree node.

Static Methods

classmethod is_construct(x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

Parameters:

x (Any) – Any object.

Return type:

bool

Returns:

true if x is an object created from a class which extends Construct.