Can CloudWatch be included in an EC2 runtime instance?

Question

Can CloudWatch be included in an EC2 runtime instance?

It looks like Amazon has a ready-made IAM role to provide CloudWatch instances for recording. (More restrictive can be created if needed)

But it seems to you that it cannot bind the IAM role to the running instance.

Am I missing something? Do I need to re-create my entire fleet to enable CloudWatch? I don't want to store plaintext credentials on every host for security reasons.

+3

amazon-web-services amazon-ec2 amazon-iam amazon-cloudwatch

jorfus 06 June 15 at 12:47 am

source to share

2 answers

Have you considered simply changing your existing IAM role to include recording in CloudWatch? This change should take effect immediately and does not require a restart or restart of the instance.

0

jarmod 06 June At 1:01 am

source to share

Sergei Rodionov · Accepted Answer · 2015-06-06T18:51:17+0000

I am assuming you are talking about CloudWatch custom metrics. You don't need to restart any instances to enable them. You can create a group in IAM with the following policy and add a user to this group:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "****************",
        "Effect": "Allow",
        "Action": [
            "cloudwatch:PutMetricData"
        ],
        "Resource": [
            "*"
        ]
    }
]
}

Then you basically copy that user's credentials to an awscred file and add the perl script to cron. Yes, I had to copy credentials to every machine that has custom metrics collection enabled.

Can CloudWatch be included in an EC2 runtime instance?

More articles: