Quick Start: Install and configure the CloudWatch Logs agent on a running EC2 Linux instance - Amazon CloudWatch Logs

curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O ```javascript > curl https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O > sudo python ./awslogs-agent-setup.py --region us-east-1 > sudo python ./awslogs-agent-setup.py --region us-east-1 --only-generate-config ``` CloudWatch includes a new unified agent that can collect both logs and metrics from EC2 instances and on-premises servers. If you are not already using the older CloudWatch Logs agent, we recommend that you use the newer unified CloudWatch agent. For more information, see Getting started with CloudWatch Logs. The rest of this section explains the use of the older CloudWatch Logs agent. ## Configure the older CloudWatch Logs agent on a running EC2 Linux instance You can use the CloudWatch Logs agent installer on an existing EC2 instance to install and configure the CloudWatch Logs agent. After installation is complete, logs automatically flow from the instance to the log stream you create while installing the agent. The agent confirms that it has started and it stays running until you disable it. In addition to using the agent, you can also publish log data using the AWS CLI, CloudWatch Logs SDK, or the CloudWatch Logs API. The AWS CLI is best suited for publishing data at the command line or through scripts. The CloudWatch Logs SDK is best suited for publishing log data directly from applications or building your own log publishing application. ### Step 1: Configure your IAM role or user for CloudWatch Logs The CloudWatch Logs agent supports IAM roles and users. If your instance already has an IAM role associated with it, make sure that you include the IAM policy below. If you don't already have an IAM role assigned to your instance, you can use your IAM credentials for the next steps or you can assign an IAM role to that instance. For more information, see Attaching an IAM Role to an Instance. To configure your IAM role or user for CloudWatch Logs 1. In the navigation pane, choose Roles. 2. Choose the role by selecting the role name (do not select the check box next to the name). 3. Choose Attach Policies, Create Policy. A new browser tab or window opens. 4. Choose the JSON tab and type the following JSON policy document. ```plain text { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Resource": [ "*" ] } ] } ``` 5. When you are finished, choose Review policy. The Policy Validator reports any syntax errors. 6. On the Review Policy page, type a Name and a Description (optional) for the policy that you are creating. Review the policy Summary to see the permissions that are granted by your policy. Then choose Create policy to save your work. 7. Close the browser tab or window, and return to the Add permissions page for your role. Choose Refresh, and then choose the new policy to attach it to your role. 8. Choose Attach Policy. ### Step 2: Install and configure CloudWatch Logs on an existing Amazon EC2 instance The process for installing the CloudWatch Logs agent differs depending on whether your Amazon EC2 instance is running Amazon Linux, Ubuntu, CentOS, or Red Hat. Use the steps appropriate for the version of Linux on your instance. To install and configure CloudWatch Logs on an existing Amazon Linux instance Starting with Amazon Linux AMI 2014.09, the CloudWatch Logs agent is available as an RPM installation with the awslogs package. Earlier versions of Amazon Linux can access the awslogs package by updating their instance with the sudo yum update -y command. By installing the awslogs package as an RPM instead of the using the CloudWatch Logs installer, your instance receives regular package updates and patches from AWS without having to manually reinstall the CloudWatch Logs agent. 1. Connect to your Amazon Linux instance. For more information, see Connect to Your Instance in the Amazon EC2 User Guide for Linux Instances. For more information about connection issues, see Troubleshooting Connecting to Your Instance in the Amazon EC2 User Guide for Linux Instances. 2. Install the awslogs package. This is the recommended method for installing awslogs on Amazon Linux instances. 3. Edit the /etc/awslogs/awslogs.conf file to configure the logs to track. For more information about editing this file, see CloudWatch Logs agent reference. 4. By default, the /etc/awslogs/awscli.conf points to the us-east-1 Region. To push your logs to a different Region, edit the awscli.conf file and specify that Region. 5. Start the awslogs service. If you are running Amazon Linux 2, start the awslogs service with the following command. 6. (Optional) Check the /var/log/awslogs.log file for errors logged when starting the service. 7. (Optional) Run the following command to start the awslogs service at each system boot. If you are running Amazon Linux 2, use the following command to start the service at each system boot. 8. You should see the newly created log group and log stream in the CloudWatch console after the agent has been running for a few moments. For more information, see View log data sent to CloudWatch Logs.