DEV Community

drewmullen
drewmullen

Posted on

Send Memory Utilization Metrics to CloudWatch

#aws #cloudwatch #metrics

Below reviews 2 ways to collect extra metrics from an ec2 instance and send to cloudwatch. The first is a procedural, quick n dirty way. The second is the aws preferred way using the cloudwatch agent & agent configuration.

This advice is not production ready but just to get your feet wet.

Quick 'n Dirty

This is a setup for Ubuntu but pretty much everything should transfer to RHEL based. The idea is to have a cron job execute a script that checks free memory then use aws-cli to write to cloudwatch. You can extend by generating additional variables and doing more put-metric-data calls.

  1. Setup a role with CloudWatch permissions and attach it to your instance.
  2. Install AWS CLI

  3. Script, i placed this at ~/mem.sh for testing. We retrieve and inject the token because we're using IMDSv2 to protect against SSRF.

    #!/usr/bin/env bash
readonly TOKEN=$(curl -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 30" "http://169.254.169.254/latest/api/token")
USEDMEMORY=$(free -m | awk 'NR==2{printf "%.2f\t", ($3/$2)*100 }')
INSTANCE_ID=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/instance-id)
REGION=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep '\"region\"' | cut -d\" -f4)

aws cloudwatch put-metric-data --metric-name memory-usage --dimensions Instance=$INSTANCE_ID --namespace "Custom" --value $USEDMEMORY --region $REGION

  4. Create Cron job: echo '*/5 * * * * ubuntu /home/ubuntu/mem.sh' | sudo tee /etc/cron.d/cw_mem

AWS Preferred Method

AWS publishes a tool, the CloudWatch Agent, which can run as a daemon and publish metrics for you. This requires a configuration file as well as systemd scaffolding. If you install via SSM the systemd files come free and only require minor tweaking.

  1. IAM Instance Role:
    • Cloudwatch Permissions
    • ec2:DescribeTags
  2. Install Cloudwatch Agent (prefer SSM)
  3. Install collectd sudo apt-get update && sudo apt-get install collectd
  4. Populate a configuration file for cloudwatch agent, example. I located my file to /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
  5. start service:
    • manually: sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -m ec2 -a start -c /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
    • Alternatively you can update the unit file located at /etc/systemd/system/amazon-cloudwatch-agent.service

Thanks to @danquack for helping me adjust my curl calls so I can enforce and comply with IMDSv2

Top comments (0)

Read next

ravindras profile image

Deploying a Bulletproof Photo Sharing App with DevSecOps Terraform, AWS, EKS and Chaos Engineering

Ravindra Singh -

psantus profile image

Your S3 objects could be public (even though the AWS Console doesn't say so)

Paul SANTUS -

stevewoodard profile image

Unlocking New Possibilities: Transitioning from VMware Pivotal Cloud Foundry (PCF) to Amazon EKS

Stephen Woodard -

mtmorozov profile image

Measurements with MetricKit

Dmitrii Morozov -