如何手动配置安装在 Ubuntu 服务器上而不是在 AWS 中运行的 CloudWatch 代理的凭证?
我下载了这个ubuntu的dep包并安装在服务器上
wget https://amazoncloudwatch-agent.s3.amazonaws.com/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
与
dpkg -i -E ./amazon-cloudwatch-agent.deb
我也开始了
amazon-cloudwatch-agent-config-wizard
生成一个简单的配置。
./amazon-cloudwatch-agent-config-wizard
================================================================
= Welcome to the Amazon CloudWatch Agent Configuration Manager =
= =
= CloudWatch Agent allows you to collect metrics and logs from =
= your host and send them to CloudWatch. Additional CloudWatch =
= charges may apply. =
================================================================
On which OS are you planning to use the agent?
1. linux
2. windows
3. darwin
default choice: [1]:
1
Trying to fetch the default region based on ec2 metadata...
I! imds retry client will retry 1 timesD! should retry true for imds error : EC2MetadataError: failed to make EC2Metadata request
Not Found
status code: 404, request id: D! should retry true for imds error : EC2MetadataError: failed to make EC2Metadata request
Not Found
status code: 404, request id: 2023/11/03 10:03:42 D! could not get region from imds v2 thus enable fallback
2023/11/03 10:03:42 I! WARN: failed to get session token, falling back to IMDSv1: 404 Not Found: Not Found
status code: 404, request id:
caused by: EC2MetadataError: failed to make EC2Metadata request
Not Found
status code: 404, request id:
W! could not get region from ec2 metadata... EC2MetadataRequestError: failed to get EC2 instance identity document
caused by: EC2MetadataError: failed to make EC2Metadata request
Not Found
status code: 404, request id: Are you using EC2 or On-Premises hosts?
1. EC2
2. On-Premises
default choice: [2]:
2
Please make sure the credentials and region set correctly on your hosts.
Refer to http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
Which user are you planning to run the agent?
1. root
2. cwagent
3. others
default choice: [1]:
1
Do you want to turn on StatsD daemon?
1. yes
2. no
default choice: [1]:
2
Do you want to monitor metrics from CollectD? WARNING: CollectD must be installed or the Agent will fail to start
1. yes
2. no
default choice: [1]:
2
Do you want to monitor any host metrics? e.g. CPU, memory, etc.
1. yes
2. no
default choice: [1]:
1
Do you want to monitor cpu metrics per core?
1. yes
2. no
default choice: [1]:
1
Would you like to collect your metrics at high resolution (sub-minute resolution)? This enables sub-minute resolution for all metrics, but you can customize for specific metrics in the output json file.
1. 1s
2. 10s
3. 30s
4. 60s
default choice: [4]:
2
Which default metrics config do you want?
1. Basic
2. Standard
3. Advanced
4. None
default choice: [1]:
2
Current config as follows:
{
"agent": {
"metrics_collection_interval": 10,
"run_as_user": "root"
},
"metrics": {
"metrics_collected": {
"cpu": {
"measurement": [
"cpu_usage_idle",
"cpu_usage_iowait"
],
"metrics_collection_interval": 10,
"resources": [
"*"
],
"totalcpu": true
},
"disk": {
"measurement": [
"used_percent"
],
"metrics_collection_interval": 10,
"resources": [
"*"
]
},
"diskio": {
"measurement": [
"io_time",
"write_bytes",
"read_bytes",
"writes",
"reads"
],
"metrics_collection_interval": 10,
"resources": [
"*"
]
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 10
},
"net": {
"measurement": [
"bytes_sent",
"bytes_recv",
"packets_sent",
"packets_recv"
],
"metrics_collection_interval": 10,
"resources": [
"*"
]
},
"swap": {
"measurement": [
"swap_used_percent"
],
"metrics_collection_interval": 10
}
}
}
}
Are you satisfied with the above config? Note: it can be manually customized after the wizard completes to add additional items.
1. yes
2. no
default choice: [1]:
1
Do you have any existing CloudWatch Log Agent (http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html) configuration file to import for migration?
1. yes
2. no
default choice: [2]:
2
Do you want to monitor any log files?
1. yes
2. no
default choice: [1]:
2
Do you want the CloudWatch agent to also retrieve X-ray traces?
1. yes
2. no
default choice: [1]:
2
Existing config JSON identified and copied to: /opt/aws/amazon-cloudwatch-agent/etc/backup-configs
Saved config file to /opt/aws/amazon-cloudwatch-agent/bin/config.json successfully.
Current config as follows:
{
"agent": {
"metrics_collection_interval": 10,
"run_as_user": "root"
},
"metrics": {
"metrics_collected": {
"cpu": {
"measurement": [
"cpu_usage_idle",
"cpu_usage_iowait"
],
"metrics_collection_interval": 10,
"resources": [
"*"
],
"totalcpu": true
},
"disk": {
"measurement": [
"used_percent"
],
"metrics_collection_interval": 10,
"resources": [
"*"
]
},
"diskio": {
"measurement": [
"io_time",
"write_bytes",
"read_bytes",
"writes",
"reads"
],
"metrics_collection_interval": 10,
"resources": [
"*"
]
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 10
},
"net": {
"measurement": [
"bytes_sent",
"bytes_recv",
"packets_sent",
"packets_recv"
],
"metrics_collection_interval": 10,
"resources": [
"*"
]
},
"swap": {
"measurement": [
"swap_used_percent"
],
"metrics_collection_interval": 10
}
}
}
}
Please check the above content of the config.
The config file is also located at /opt/aws/amazon-cloudwatch-agent/bin/config.json.
Edit it manually if needed.
Do you want to store the config in the SSM parameter store?
1. yes
2. no
default choice: [1]:
2
Program exits now.
如何在不安装 AWS CLI 的情况下配置身份验证,或者确实需要它吗?
不,运行 CloudWatch Agent 不需要 AWS CLI。
它单独且独立地工作,但它是理想的选择,因为您可以使用
aws configure
来设置代理的配置和凭据。
如果您不想使用 AWS CLI,请按照以下步骤操作:
.aws
的文件夹 (~/.aws
)mkdir ~./aws
config
) 中创建一个名为
~/.aws/config
的文件,并将 region
的值替换为日志的目标位置。cd ~./aws
touch config
region="eu-west-1"
echo "[AmazonCloudWatchAgent]
region = $region" > config
➜ ~ cat config
[AmazonCloudWatchAgent]
region = eu-west-1
credentials
) 中创建一个名为
~/.aws/credentials
的文件,并将 aws_access_key_id
和 aws_secret_access_key
替换为您各自的凭据。touch credentials
access_key="xxx"
secret_key="yyy"
echo "[AmazonCloudWatchAgent]
aws_access_key_id = $access_key
aws_secret_access_key = $secret_key" > credentials
➜ ~ cat credentials
[AmazonCloudWatchAgent]
aws_access_key_id = xxx
aws_secret_access_key = yyy
请注意,您在此处以
root
用户身份运行代理,因为您指定 1
作为此问题的答案:
Which user are you planning to run the agent?
1. root
2. cwagent
3. others
然后设置配置 JSON 中的
run_as_user
字段 (/opt/aws/amazon-cloudwatch-agent/bin/config.json
)。
要以
root
或 cwagent
之外的任何其他用户身份运行它,请选择 3
,它会提示您输入用户名,或者您自己手动更改 JSON 中的 run_as_user
字段。
确保
config
和 credentials
文件存在于正确的主目录中,即 /home/{username}/.aws/credentials
。