NEW: cloudwatch agent install and configuration for Linux instances

2024-09-10 10:11:50 +08:00 · 2024-09-10 10:11:50 +08:00 · 7eec384ad9
commit 7eec384ad9
parent beb218d542
3 changed files with 194 additions and 0 deletions
--- a/modules/ManagementGovernance/CwAgentInstallUsingSsm/README.md
+++ b/modules/ManagementGovernance/CwAgentInstallUsingSsm/README.md
@ -0,0 +1,50 @@
+<!-- This readme file is generated with terraform-docs -->
+This module installs Cloudwatch agent via SSM State Manager.
+It creates an association and install the agent to all instances every 1 day.
+
+Then a default cloudwatch agent config is generated using amazon-cloudwatch-agent-config-wizard,
+saved on /opt/aws/amazon-cloudwatch-agent/bin/config.json, supplemented with additional collections,
+and uploaded on SSM parameter store as ```AmazonCloudWatch-linux```.
+
+Note that for cloudwatch agent to fully function, the instance needs an instance profile with the
+following managed policies attached:
+
+* CloudWatchAgentServerPolicy
+* AmazonSSMManagedInstanceCore
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 1.3.0 |
+| aws | >= 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | >= 5.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_ssm_association.ConfigCwAgent](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_association) | resource |
+| [aws_ssm_association.InstallCwAgent](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_association) | resource |
+| [aws_ssm_parameter.CwAgentConfigLinux](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+ 
+---
+## Authorship
+This module was developed by UPDATE_THIS.
--- a/modules/ManagementGovernance/CwAgentInstallUsingSsm/main.tf
+++ b/modules/ManagementGovernance/CwAgentInstallUsingSsm/main.tf
@ -0,0 +1,135 @@
+resource "aws_ssm_association" "InstallCwAgent" {
+  name                = "AWS-ConfigureAWSPackage"
+  association_name    = "CwAgentInstall"
+  schedule_expression = "cron(0 00 01 ? * * *)"
+  max_concurrency     = 10
+  parameters = {
+    name                = "AmazonCloudWatchAgent"
+    action              = "Install"
+    installationType    = "Uninstall and reinstall"
+    additionalArguments = "{}"
+  }
+  targets {
+    key    = "InstanceIds"
+    values = ["*"]
+  }
+}
+
+resource "aws_ssm_association" "ConfigCwAgent" {
+  name                = "AmazonCloudWatch-ManageAgent"
+  association_name    = "CwAgentConfiguration"
+  schedule_expression = "cron(0 00 02 ? * * *)"
+  max_concurrency     = 10
+  parameters = {
+    action                        = "configure"
+    optionalConfigurationLocation = "AmazonCloudWatch-linux"
+    optionalConfigurationSource   = "ssm"
+    mode                          = "ec2"
+    optionalRestart               = "yes"
+  }
+  targets {
+    key    = "InstanceIds"
+    values = ["*"]
+  }
+}
+
+resource "aws_ssm_parameter" "CwAgentConfigLinux" {
+  name        = "AmazonCloudWatch-linux"
+  description = "Cloudwatch agent Standard config for Linux"
+  type        = "String"
+  value       = local.CwAgentLinuxConfig
+}
+
+locals {
+  CwAgentLinuxConfig = jsonencode(
+    {
+      "agent" : {
+        "metrics_collection_interval" : 60,
+        "run_as_user" : "root"
+      },
+      "metrics" : {
+        "aggregation_dimensions" : [
+          [
+            "InstanceId"
+          ]
+        ],
+        "append_dimensions" : {
+          "AutoScalingGroupName" : "$${aws:AutoScalingGroupName}",
+          "ImageId" : "$${aws:ImageId}",
+          "InstanceId" : "$${aws:InstanceId}",
+          "InstanceType" : "$${aws:InstanceType}"
+        },
+        "metrics_collected" : {
+          "cpu" : {
+            "measurement" : [
+              "cpu_usage_idle",
+              "cpu_usage_iowait",
+              "cpu_usage_user",
+              "cpu_usage_system"
+            ],
+            "metrics_collection_interval" : 60,
+            "resources" : [
+              "*"
+            ],
+            "totalcpu" : false
+          },
+          "disk" : {
+            "measurement" : [
+              "used_percent",
+              "inodes_free"
+            ],
+            "metrics_collection_interval" : 60,
+            "resources" : [
+              "*"
+            ],
+            "ignore_file_system_types" : [
+              "devtmpfs",
+              "overlay",
+              "sysfs",
+              "tmpfs"
+            ]
+          },
+          "diskio" : {
+            "measurement" : [
+              "io_time"
+            ],
+            "metrics_collection_interval" : 60,
+            "resources" : [
+              "*"
+            ]
+          },
+          "mem" : {
+            "measurement" : [
+              "mem_used_percent"
+            ],
+            "metrics_collection_interval" : 60
+          },
+          "statsd" : {
+            "metrics_aggregation_interval" : 60,
+            "metrics_collection_interval" : 10,
+            "service_address" : ":8125"
+          },
+          "swap" : {
+            "measurement" : [
+              "swap_used_percent"
+            ],
+            "metrics_collection_interval" : 60
+          },
+          "net": {
+            "measurement": [
+              "net_err_in",
+              "net_err_out"
+            ],
+            "metrics_collection_interval": 60
+          },
+          "processes": {
+            "measurement": [
+              "processes_total"
+            ],
+            "metrics_collection_interval": 60
+          }
+        }
+      }
+    }
+  )
+}
--- a/modules/ManagementGovernance/CwAgentInstallUsingSsm/versions.tf
+++ b/modules/ManagementGovernance/CwAgentInstallUsingSsm/versions.tf
@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.3.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+  }
+}