Posted on

Assuming we are using Ubuntu, install the Cloudwatch agent which is not installed by default:

# 1. Download the latest CloudWatch Agent .deb from AWS
cd /tmp
curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb

# 2. Install it
sudo dpkg -i ./amazon-cloudwatch-agent.deb

You can confirm it is working by running:

/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a status

Create a configuration file on what to send to cloudwatch:

sudo nano /opt/aws/amazon-cloudwatch-agent/bin/config.json

Add the following content to it:

{
  "metrics": {
    "aggregation_dimensions": [
      [
        "InstanceId"
      ]
    ],
    "append_dimensions": {
      "AutoScalingGroupName": "${aws:AutoScalingGroupName}",
      "InstanceId": "${aws:InstanceId}"
    },
    "metrics_collected": {
      "mem": {
        "measurement": [
          {
            "name": "mem_used_percent",
            "rename": "MemoryUsedPercent",
            "unit": "Percent"
          }
        ],
        "metrics_collection_interval": 60
      }
    }
  }
}

This is adding 4 metrics:

  • MemoryUsedPercent

Make sure that the role that the EC2 Instance has, has permissions to publish to Cloudwatch. If it doesn’t have a role create one:

  1. Create the role
    1. Go to the IAM Console → https://console.aws.amazon.com/iam
    2. In the sidebar, click Roles
    3. Click Create role
    4. For Trusted entity type, select AWS service
    5. Under Use case, choose EC2
    6. Click Next
  2. Attach the correct permissions
    1. In the permissions list, search for and check:
      1. CloudWatchAgentServerPolicy
      2. AmazonSSMManagedInstanceCore
  3. Name and create, name it something like “EC2-CloudWatchAgentRole”
  4. Attach the role to your instance
    1. Go back to the EC2 Console → Instances
    2. Select your instance
    3. Click Actions → Security → Modify IAM role
    4. In the dropdown, pick the role you just created (EC2-CloudWatchAgentRole)
    5. Click Update IAM role

Now that you have the role attached, restart the Cloudwatch agent:

sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl \
  -a fetch-config \
  -m ec2 \
  -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json \
  -s

Then verify

sudo systemctl status amazon-cloudwatch-agent

Now you need to wait 5 – 10 mins. Then check in Cloudwatch:

In the AWS console:

  1. Go to CloudWatch → Metrics.
  2. In the left sidebar, choose All metrics.
  3. Look for a namespace like CWAgent.
    • Click CWAgent.
  4. You should see a dimension like InstanceId.
  5. Click that, then select your instance ID.
  6. You should see MemoryUsedPercent.

When you graph it, you should see a number like 62.3, 75.1, etc.
That number is “% RAM in use,” which is exactly what you asked for (100% = fully used).

At this point, RAM % is officially being tracked every minute.

NOTE: This is a Metric not a Log, and Cloudwatch metrics are automatically purged by the following schedule:

Data resolutionPeriod between data pointsRetention duration
1 second (high-resolution custom metrics)1 s–59 s3 hours
1 minute (standard resolution)60 s15 days
5 minutes5 m63 days
1 hour1 h455 days (≈15 months)
By: DaxTags:

Leave a Reply

Your email address will not be published. Required fields are marked *