Task 1: Configuring IAM Role or User for CloudWatch Logs
Step 1: Open IAM console -> Click on “Roles” -> Select the Roles name -> Select “Attach Policies, Create Policies”.
Step 2: Click on JSON tab -> Type the JSON policy document provide in instructions. -> Click “Review Policy”.
Step 3: Type the name and description -> Review the “Summary” -> Click on “Create Policy”.
Step 4: Click on “Add Permissions” for the role -> Refresh the page -> Select the new policy and attach it to the role -> Select “Attach Policy“.
Reflection
For this lab, I was able to create an ECS2 Linux instance and learned how to create and attach policies, how to create logs etc. I was unable to continue to the Task 2, which was about installing and configuring CloudWatch logs on an existing EC2 instance because the instructions got a bit tricky and I was unable to find the things the instruction was pointing out or wants me to do.
CloudWatch is a monitoring service that collects, tracks, and monitors AWS resources such as EC2 instances, RDS DB instances, etc. By using CloudWatch we can get access to information such as health status of the application or resources, their performances and resource utilization.
CloudWatch can monitor the data transfer, CPU utilization, etc, from an EC2 Instance. It can also monitor the EBS volumes, Elastic Load Balancer, etc. We can use CloudWatch Logs to troubleshoot the system while monitoring by using custom log files, or existing application. CloudWatch monitors them in real-time and we can even set alarms on the metrics so that if it reaches the alarm threshold, CloudWatch will immediately notify us so we could investigate it. We can also use CloudWatch for other functions such as stopping an EC2 instance when an event happens.
King's Blog 