Skip to content
This repository has been archived by the owner on Jan 4, 2024. It is now read-only.

Commit

Permalink
Unified cloud watch agent (#2)
Browse files Browse the repository at this point in the history 
Added CloudWatch Unified Agent
Removed CloudWatch Logs (only) Agent
Added SSM and CWAgent managed policies to ECS Role
Added ECS CloudWatch Parameter
Default Logs: unchanged from previous CloudWatch Logs Agent implementation
Default Metrics: Root Volume % used, Memory % Used
  • Loading branch information
Steven Askwith authored Nov 21, 2018
1 parent 04bf386 commit 23175fc
Show file tree
Hide file tree
Showing 3 changed files with 105 additions and 102 deletions.
191 changes: 97 additions & 94 deletions infrastructure/ecs-cluster.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,8 @@ Resources:
"Fn::Base64": !Sub |
#!/bin/bash
yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
yum install -y aws-cfn-bootstrap hibagent
yum install -y https://s3.amazonaws.com/amazoncloudwatch-agent/amazon_linux/amd64/latest/amazon-cloudwatch-agent.rpm
yum install -y aws-cfn-bootstrap hibagent
/opt/aws/bin/cfn-init -v --region ${AWS::Region} --stack ${AWS::StackName} --resource ECSLaunchConfiguration
/opt/aws/bin/cfn-signal -e $? --region ${AWS::Region} --stack ${AWS::StackName} --resource ECSAutoScalingGroup
/usr/bin/enable-ec2-spot-hibernation
Expand All @@ -91,13 +92,15 @@ Resources:
config:
packages:
yum:
awslogs: []
collectd: []

commands:
01_add_instance_to_cluster:
command: !Sub echo ECS_CLUSTER=${ECSCluster} >> /etc/ecs/ecs.config
02_enable_cloudwatch_agent:
command: !Sub /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c ssm:${ECSCloudWatchParameter} -s
files:
"/etc/cfn/cfn-hup.conf":
/etc/cfn/cfn-hup.conf:
mode: 000400
owner: root
group: root
Expand All @@ -106,60 +109,13 @@ Resources:
stack=${AWS::StackId}
region=${AWS::Region}
"/etc/cfn/hooks.d/cfn-auto-reloader.conf":
/etc/cfn/hooks.d/cfn-auto-reloader.conf:
content: !Sub |
[cfn-auto-reloader-hook]
triggers=post.update
path=Resources.ECSLaunchConfiguration.Metadata.AWS::CloudFormation::Init
action=/opt/aws/bin/cfn-init -v --region ${AWS::Region} --stack ${AWS::StackName} --resource ECSLaunchConfiguration
"/etc/awslogs/awscli.conf":
content: !Sub |
[plugins]
cwlogs = cwlogs
[default]
region = ${AWS::Region}
"/etc/awslogs/awslogs.conf":
content: !Sub |
[general]
state_file = /var/lib/awslogs/agent-state
[/var/log/dmesg]
file = /var/log/dmesg
log_group_name = ${ECSCluster}-/var/log/dmesg
log_stream_name = ${ECSCluster}
[/var/log/messages]
file = /var/log/messages
log_group_name = ${ECSCluster}-/var/log/messages
log_stream_name = ${ECSCluster}
datetime_format = %b %d %H:%M:%S
[/var/log/docker]
file = /var/log/docker
log_group_name = ${ECSCluster}-/var/log/docker
log_stream_name = ${ECSCluster}
datetime_format = %Y-%m-%dT%H:%M:%S.%f
[/var/log/ecs/ecs-init.log]
file = /var/log/ecs/ecs-init.log.*
log_group_name = ${ECSCluster}-/var/log/ecs/ecs-init.log
log_stream_name = ${ECSCluster}
datetime_format = %Y-%m-%dT%H:%M:%SZ
[/var/log/ecs/ecs-agent.log]
file = /var/log/ecs/ecs-agent.log.*
log_group_name = ${ECSCluster}-/var/log/ecs/ecs-agent.log
log_stream_name = ${ECSCluster}
datetime_format = %Y-%m-%dT%H:%M:%SZ
[/var/log/ecs/audit.log]
file = /var/log/ecs/audit.log.*
log_group_name = ${ECSCluster}-/var/log/ecs/audit.log
log_stream_name = ${ECSCluster}
datetime_format = %Y-%m-%dT%H:%M:%SZ
services:
sysvinit:
cfn-hup:
Expand All @@ -168,12 +124,6 @@ Resources:
files:
- /etc/cfn/cfn-hup.conf
- /etc/cfn/hooks.d/cfn-auto-reloader.conf
awslogs:
enabled: true
ensureRunning: true
files:
- /etc/awslogs/awslogs.conf
- /etc/awslogs/awscli.conf

# This IAM Role is attached to all of the ECS hosts. It is based on the default role
# published here:
Expand All @@ -198,6 +148,9 @@ Resources:
}
}]
}
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM
- arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
Policies:
- PolicyName: ecs-service
PolicyDocument: |
Expand All @@ -212,46 +165,10 @@ Resources:
"ecs:RegisterContainerInstance",
"ecs:StartTelemetrySession",
"ecs:Submit*",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer",
"ecr:GetAuthorizationToken",
"ssm:DescribeAssociation",
"ssm:GetDeployablePatchSnapshotForInstance",
"ssm:GetDocument",
"ssm:GetManifest",
"ssm:GetParameters",
"ssm:ListAssociations",
"ssm:ListInstanceAssociations",
"ssm:PutInventory",
"ssm:PutComplianceItems",
"ssm:PutConfigurePackageResult",
"ssm:UpdateAssociationStatus",
"ssm:UpdateInstanceAssociationStatus",
"ssm:UpdateInstanceInformation",
"ec2messages:AcknowledgeMessage",
"ec2messages:DeleteMessage",
"ec2messages:FailMessage",
"ec2messages:GetEndpoint",
"ec2messages:GetMessages",
"ec2messages:SendReply",
"cloudwatch:PutMetricData",
"ec2:DescribeInstanceStatus",
"ds:CreateComputer",
"ds:DescribeDirectories",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"s3:PutObject",
"s3:GetObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
"ecr:GetAuthorizationToken"
],
"Resource": "*"
}]
Expand Down Expand Up @@ -290,6 +207,92 @@ Resources:
- ecs:UpdateService
Resource: "*"

ECSCloudWatchParameter:
Type: AWS::SSM::Parameter
Properties:
Description: ECS
Name: !Sub "AmazonCloudWatch-${ECSCluster}-ECS"
Type: String
Value: !Sub |
{
"logs": {
"force_flush_interval": 5,
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "/var/log/messages",
"log_group_name": "${ECSCluster}-/var/log/messages",
"log_stream_name": "{instance_id}",
"timestamp_format": "%b %d %H:%M:%S"
},
{
"file_path": "/var/log/dmesg",
"log_group_name": "${ECSCluster}-/var/log/dmesg",
"log_stream_name": "{instance_id}"
},
{
"file_path": "/var/log/docker",
"log_group_name": "${ECSCluster}-/var/log/docker",
"log_stream_name": "{instance_id}",
"timestamp_format": "%Y-%m-%dT%H:%M:%S.%f"
},
{
"file_path": "/var/log/ecs/ecs-init.log",
"log_group_name": "${ECSCluster}-/var/log/ecs/ecs-init.log",
"log_stream_name": "{instance_id}",
"timestamp_format": "%Y-%m-%dT%H:%M:%SZ"
},
{
"file_path": "/var/log/ecs/ecs-agent.log.*",
"log_group_name": "${ECSCluster}-/var/log/ecs/ecs-agent.log",
"log_stream_name": "{instance_id}",
"timestamp_format": "%Y-%m-%dT%H:%M:%SZ"
},
{
"file_path": "/var/log/ecs/audit.log",
"log_group_name": "${ECSCluster}-/var/log/ecs/audit.log",
"log_stream_name": "{instance_id}",
"timestamp_format": "%Y-%m-%dT%H:%M:%SZ"
}
]
}
}
},
"metrics": {
"append_dimensions": {
"AutoScalingGroupName": "${!aws:AutoScalingGroupName}",
"InstanceId": "${!aws:InstanceId}",
"InstanceType": "${!aws:InstanceType}"
},
"metrics_collected": {
"collectd": {
"metrics_aggregation_interval": 60
},
"disk": {
"measurement": [
"used_percent"
],
"metrics_collection_interval": 60,
"resources": [
"/"
]
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 60
},
"statsd": {
"metrics_aggregation_interval": 60,
"metrics_collection_interval": 10,
"service_address": ":8125"
}
}
}
}
Outputs:
Cluster:
Description: A reference to the ECS cluster
Expand Down
8 changes: 4 additions & 4 deletions services/product-service/service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,9 +123,9 @@ Resources:
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:RegisterTargets"
],
"Resource": "*",
},
],
"Resource": "*"
}
]
}
8 changes: 4 additions & 4 deletions services/website-service/service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,11 +140,11 @@ Resources:
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:RegisterTargets"
],
"Resource": "*",
},
],
"Resource": "*"
}
]
}

ServiceScalableTarget:
Expand Down

0 comments on commit 23175fc

Please sign in to comment.