DEV Community

Cover image for Install Cloud Watch Agent in Amazon Lightsail instance for Monitoring, Logging & Debugging
Harun R Rayhan for AWS Community Builders

Posted on • Originally published at

Install Cloud Watch Agent in Amazon Lightsail instance for Monitoring, Logging & Debugging

Use the Cloud Watch agent to send logging and debugging to Cloud Watch. You can check logs without logging into instances. It's accessible even after the instance is terminated.

Life is far from perfect, and so does Amazon Lightsail instances. It can be frustrating if there is an error and you don't know how to debug it. The server itself and applications installed in it produces log files. And server stats can be helpful in monitoring, logging, and debugging.


It would help if you had an existing Amazon Lightsail instance. You can create a new instance by following "Deploy WordPress App to Amazon Lightsail" or "Deploy Laravel Application to Amazon Lightsail".

Let's go πŸƒβ€β™‚οΈ

Create an IAM User

  1. Go to IAM Console.
  2. Click on the Users menu from the navigation panel and then click on the Add Users button. CleanShot 2022-06-03 at 18.45.52@2x.png
  3. You will be in the Add user screen: CleanShot 2022-06-03 at 18.49.18@2x.png
    • A. Give it a name. For me, it's LightsailCloudWatchAgent.
    • B. Check the Access key - Programmatic access option
    • C. Click on the Next: Permissions button.
  4. You will be in the Set permissions page: CleanShot 2022-06-03 at 18.53.25@2x.png
    • A. Select the Attach existing policies directly option.
    • B. Search for CloudWatchAgentServerPolicy.
    • C. Select CloudWatchAgentServerPolicy, and
    • D. Click the Next: Tags button.
  5. Tags are optional. You can choose your tags. Click on the Next: Review after you are done.
  6. From review page you can check if everything alright and then click the Create user button.
  7. Your account is created and you will be in this screen: CleanShot 2022-06-03 at 19.15.00@2x.png
    • A. & B. Copy Access Key ID and Secret access key in somewhere safe, or,
    • C. Download the csv file. We will need this access later.

Configure AWS Access

  1. Check if AWS CLI is installed by running aws --version. You should see the current version. If you get an error, CLI probably is not installed.

  2. Ignore this if AWS CLI is already installed. Run this on ubuntu:

curl "" -o ""
sudo ./aws/install
sudo ./aws/install --bin-dir /usr/bin --install-dir /usr/local/aws-cli --update
Enter fullscreen mode Exit fullscreen mode

Follow this instruction to install on other servers.

  1. Now, we are going to configure the AWS access generated in the last step. Run this
sudo aws configure --profile AmazonCloudWatchAgent
Enter fullscreen mode Exit fullscreen mode

Enter Access Key and Secret Like this:
CleanShot 2022-06-03 at 19.59.18@2x.png

Install the Cloudwatch Agent

  1. You need to SSH into your instance. Here is how you can SSH into your Amazon Lightsail Instance.

  2. Now, let's install the agent. I'm using ubuntu, you can just run this command

# Download the agent
# Install the agent
sudo dpkg -i -E ./amazon-cloudwatch-agent.deb
Enter fullscreen mode Exit fullscreen mode
  1. Now run this command configure the agent.
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
Enter fullscreen mode Exit fullscreen mode

Input your choices as I did. Check the arrow mark. You can choose your own or follow mine.
CleanShot 2022-06-04 at 10.03.13@2x.png

  1. Give AWS Access to the Agent. Run this:
sudo vim /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml
Enter fullscreen mode Exit fullscreen mode

Paste this in the bottom of the file:

shared_credential_profile = "AmazonCloudWatchAgent"
Enter fullscreen mode Exit fullscreen mode

Now hit ESC and then :wq!.

  1. Start the agent:
sudo amazon-cloudwatch-agent-ctl -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json -a fetch-config -s
Enter fullscreen mode Exit fullscreen mode
  1. Check the status of the agent by using:
sudo amazon-cloudwatch-agent-ctl -a status
Enter fullscreen mode Exit fullscreen mode

You should see something like this:
CleanShot 2022-06-03 at 20.21.53@2x.png

Verify metrics on CloudWatch

  1. Go to the Cloudwatch Console
  2. On the left navigation panel, choose Metrics.
  3. Under β€œCustom Namespaces”, You should see a link for β€œCWAgent”.
  4. Choose CWAgent.
  5. Choose any ImageId, InstanceId, InstanceType.
  6. Select the checkbox to display metrics on the graph. Here is mine: CleanShot 2022-06-04 at 10.08.02@2x.png


Hope you enjoyed this article. This is the last article of the Amazon Lightsail series. You can ask me any Lightsail-related question in the comments or on social media.

You can subscribe to my newsletter to get blog updates every week. Follow me on Twitter,, and Hashnode.

Top comments (0)