Amazon CloudWatch provides real-time monitoring of the AWS resources. It tracks various metrics and allows you to create alarms or send notifications when a metric reaches the threshold value. You can configure CloudWatch with CloudWatch Agent to collect system-level metrics and logs from the Access Manager instances and AWS resources. It includes AWS servers as well as on-premises servers.
For example, you can use CloudWatch to monitor the CPU usage and then determine whether you should create or delete instances to meet the dynamic load.
For more information about CloudWatch, see What Is Amazon CloudWatch?
For more information about CloudWatch Agent, see Collecting Metrics and Logs from Amazon EC2 Instances and On-Premises Servers with the CloudWatch Agent.
Perform the following tasks to configure CloudWatch with on-premises servers.
Install AWS Command Line Interface (CLI) on the on-premises servers. Access Manager uses AWS CLI to access CloudWatch. The primary distribution method for AWS CLI is Python pip. Open a terminal window on the on-premises server run the following commands:
Run the curl -O https://bootstrap.pypa.io/get-pip.py command to download the get-pip.py installer package.
Run the pip install --upgrade awscli command to install AWS CLI.
For more information about installing AWS CLI, see Installing the AWS CLI.
Create IAM Users for CloudWatch Agent. IAM Users are required to access the AWS resources. For more information about creating IAM Users, see Create IAM Roles and Users for Use with the CloudWatch Agent.
Install the CloudWatch Agent package on the Access Manager servers. For more information about installing the CloudWatch Agent package on servers see, Installing and Running the CloudWatch Agent on Your Servers.
Specify the AWS IAM credentials and AWS Region using the aws configure command. When you run this command, AWS CLI prompts you to specify access key, secret access key, AWS Region, and output format.
For more information about using the aws configure command, see Quickly Configuring the AWS CLI.
Create the CloudWatch Agent configuration file with configuration file wizard. The wizard prompts you to specify various details, for example monitoring metrics and log files location. Specify these details based on your requirements.
For example, to monitor the Identity Server node logs, you must specify the following log file location in the configuration file.
/opt/novell/nam/idp/logs/catalina.out
For more information about creating the configuration file using wizard, see Create the CloudWatch Agent Configuration File with the Wizard.
Start CloudWatch Agent using the CloudWatch Agent configuration file that you created in the previous step. For example, if the configuration file is saved in the Systems Manager Parameter Store, run the following command:
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m onPremise -c ssm:configuration-parameter-store-name –s
In the above example command, -a fetch-config loads the latest version of the CloudWatch Agent configuration file and -s starts the CloudWatch Agent.
For information about installing the CloudWatch Agent on servers and creating the configuration file, see Installing the CloudWatch Agent on On-Premises Servers.
Log in to AWS Console.
Click Services and search for the CloudWatch service.
In the CloudWatch dashboard, you can find log files under Logs and monitoring parameters like CPU and RAM under Metrics.
You can install CloudWatch Agent for EC2 instances. For more information, see Installing the CloudWatch Agent on EC2 Instances Using Your Agent Configuration.