vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #987 from andriiandrieiev/master

Browse Source 
AWS: T425: cloudwatch
This commit is contained in:
Daniil Baturin 2023-04-13 15:18:42 +01:00 committed by GitHub
commit 035853c8e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
docs/installation/cloud/aws.rst
View File

@ -49,9 +49,54 @@ Deploy VyOS on Amazon :abbr:`AWS (Amazon Web Services)`
ssh -i ~/.ssh/amazon.pem vyos@203.0.113.3 ssh -i ~/.ssh/amazon.pem vyos@203.0.113.3
vyos@ip-192-0-2-10:~$ vyos@ip-192-0-2-10:~$
Amazon CloudWatch Agent Usage
-----------------------------
To use Amazon CloudWatch Agent, configure it within the Amazon SSM Parameter Store. If you don't have a configuration yet, do :ref:`configuration_creation`.
1. Create an :abbr:`IAM (Identity and Access Management)` role for the :abbr:`EC2 (Elastic Compute Cloud)` instance to access CloudWatch service, and name it CloudWatchAgentServerRole. The role should contain two default policies: CloudWatchAgentServerPolicy and AmazonSSMManagedInstanceCore.
2. Attach the created role to your VyOS :abbr:`EC2 (Elastic Compute Cloud)` instance.
3. Ensure that amazon-cloudwatch-agent package is installed.
.. code-block:: none
$ sudo apt list --installed | grep amazon-cloudwatch-agent
.. note:: The amazon-cloudwatch-agent package is normally included in VyOS 1.3.3+ and 1.4+
3. Retreive an existing CloudWatch Agent configuration from the :abbr:`SSM (Systems Manager)` Parameter Store.
.. code-block:: none
$ sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c ssm:<your-configuration-name>
This step also enables systemd service and runs it.
.. note:: The VyOS platform-specific scripts feature is under development. Thus, this step should be repeated manually after changing system image (:doc:`/installation/update`)
.. _configuration_creation:
CloudWatch SSM Configuration creation
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Creating the Amazon Cloudwatch Agent Configuration in Amazon :abbr:`SSM (Systems Manager)` Parameter Store.
1. Create an :abbr:`IAM (Identity and Access Management)` role for your :abbr:`EC2 (Elastic Compute Cloud)` instance to access the CloudWatch service. Name it CloudWatchAgentAdminRole. The role should contain at two default policies: CloudWatchAgentAdminPolicy and AmazonSSMManagedInstanceCore.
.. note:: CloudWatchAgentServerRole is too permisive and should be used for single configuration creation and deployment. That's why after completion of step #3 higly recommended to replace instance CloudWatchAgentAdminRole role with CloudWatchAgentServerRole.
2. Run Cloudwatch configuration wizard.
.. code-block:: none
$ sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
3. When prompted, answer "yes" to the question "Do you want to store the config in the SSM parameter store?".
References References
---------- ----------
https://console.aws.amazon.com/ - https://console.aws.amazon.com/
- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/create-iam-roles-for-cloudwatch-agent.html
- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-EC2-Instance-fleet.html