Can CloudWatch be included in an EC2 runtime instance?
It looks like Amazon has a ready-made IAM role to provide CloudWatch instances for recording. (More restrictive can be created if needed)
But it seems to you that it cannot bind the IAM role to the running instance.
Am I missing something? Do I need to re-create my entire fleet to enable CloudWatch? I don't want to store plaintext credentials on every host for security reasons.
source to share
I am assuming you are talking about CloudWatch custom metrics. You don't need to restart any instances to enable them. You can create a group in IAM with the following policy and add a user to this group:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "****************",
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData"
],
"Resource": [
"*"
]
}
]
}
Then you basically copy that user's credentials to an awscred file and add the perl script to cron. Yes, I had to copy credentials to every machine that has custom metrics collection enabled.
source to share