Reputation: 3088
Is it possible to enable CloudWatch on a running EC2 instance?
It looks like Amazon has a ready-built IAM role to grant instances CloudWatch write access. ( A more restrictive one could also be created if necessary)
But it appears you cannot attach an IAM role to a running instance.
Am I missing something? Do I really have to re-instantiate my whole fleet to enable CloudWatch? I'm reluctant to save plaintext credentials on each host for security reasons.
Upvotes: 3
Views: 191
Answers (2)
Reputation: 4529
I assume you're talking about custom CloudWatch metrics. You don't have to restart any instances to enable them. You can create a group in IAM with the following policy and add a user to this group:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "****************",
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData"
],
"Resource": [
"*"
]
}
]
}
Then you basically copy this user's credentials to awscred file and add the perl script to cron. Yes, I had to copy credentials to each machine where custom metrics collection is enabled.
Upvotes: 1
Reputation: 78583
Have you considered simply modifying the existing IAM role to enable writes to CloudWatch? That change should take effect immediately and does not require instance reboot or relaunch.
Upvotes: 0
Related Questions
- AWS Cloudwatch Monitoring
- Can we enable alarm for a service inside the EC2 Instance?
- AWS CloudWatch to start/stop EC2 instances
- AWS: Is it possible to monitor an external service?
- AWS CloudWatch and EC2 Role + Policy
- API to monitor EC2 instance
- AWS Cloudwatch monitoring for S3
- Not getting CloudWatch logs option in EC2 Config Settings
- Can we use CloudWatch for monitoring apps outside AWS?
- AWS CloudWatch Alarm On Startup Of New EC2 Instance