DEV Community

drewmullen
drewmullen

Posted on

1

Send Memory Utilization Metrics to CloudWatch

#aws #cloudwatch #metrics

Below reviews 2 ways to collect extra metrics from an ec2 instance and send to cloudwatch. The first is a procedural, quick n dirty way. The second is the aws preferred way using the cloudwatch agent & agent configuration.

This advice is not production ready but just to get your feet wet.

Quick 'n Dirty

This is a setup for Ubuntu but pretty much everything should transfer to RHEL based. The idea is to have a cron job execute a script that checks free memory then use aws-cli to write to cloudwatch. You can extend by generating additional variables and doing more put-metric-data calls.

  1. Setup a role with CloudWatch permissions and attach it to your instance.
  2. Install AWS CLI

  3. Script, i placed this at ~/mem.sh for testing. We retrieve and inject the token because we're using IMDSv2 to protect against SSRF.

    #!/usr/bin/env bash
readonly TOKEN=$(curl -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 30" "http://169.254.169.254/latest/api/token")
USEDMEMORY=$(free -m | awk 'NR==2{printf "%.2f\t", ($3/$2)*100 }')
INSTANCE_ID=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/instance-id)
REGION=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep '\"region\"' | cut -d\" -f4)

aws cloudwatch put-metric-data --metric-name memory-usage --dimensions Instance=$INSTANCE_ID --namespace "Custom" --value $USEDMEMORY --region $REGION

  4. Create Cron job: echo '*/5 * * * * ubuntu /home/ubuntu/mem.sh' | sudo tee /etc/cron.d/cw_mem

AWS Preferred Method

AWS publishes a tool, the CloudWatch Agent, which can run as a daemon and publish metrics for you. This requires a configuration file as well as systemd scaffolding. If you install via SSM the systemd files come free and only require minor tweaking.

  1. IAM Instance Role:
    • Cloudwatch Permissions
    • ec2:DescribeTags
  2. Install Cloudwatch Agent (prefer SSM)
  3. Install collectd sudo apt-get update && sudo apt-get install collectd
  4. Populate a configuration file for cloudwatch agent, example. I located my file to /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
  5. start service:
    • manually: sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -m ec2 -a start -c /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
    • Alternatively you can update the unit file located at /etc/systemd/system/amazon-cloudwatch-agent.service

Thanks to @danquack for helping me adjust my curl calls so I can enforce and comply with IMDSv2

profile
Sentry
 Promoted

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Top comments (0)

profile
Coherence
 Promoted

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Read next

payalgupta4639 profile image

How to use Glue crawler to add tables automatically

Payal Gupta -

wajeeh_ahmad_dbd2364c346d profile image

Topitexam

Wajeeh Ahmad -

madgan95 profile image

Amazon Web Services

Madhav Ganesan -

markymarkus profile image

Building Bedrock Agents for AWS Account Metadata and Cost Analysis

Markus Toivakka -