Ensure that the EC2 instances launched within your app-tier Auto Scaling Group (ASG) are using CloudWatch log agents to monitor, store and access log files (application or system data logs) from these instances. A CloudWatch Logs agent needs to be installed on the guest Operating System of the app-tier EC2 instance that you want to get logs from. This conformity rule assumes that all AWS resources provisioned for your app tier are tagged with <app_tier_tag>:<app_tier_tag_value>, where <app_tier_tag> is the tag name and <app_tier_tag_value> is the tag value. Prior to running this rule by the Cloud Conformity engine, the app-tier tags must be configured in the rule settings, on your Cloud Conformity account dashboard.
An Amazon CloudWatch Logs agent helps providing centralized logging, monitoring and incident reporting of both system-level and application-level events available on the EC2 instances provisioned within the app-tier Auto Scaling Group. Note: Make sure that you replace all <app_tier_tag>:<app_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the app tier.
To determine if each app-tier ASG instance is being launched with an AWS CloudWatch Logs agent, perform the following:
- To install the Amazon Cloudwatch Logs agent on the EC2 instances within your app-tier ASG, you must re-create the ASG launch configuration and set it up with the necessary user data (i.e. agent installation script). To create a new launch configuration and replace the existing one, perform the following actions:Note: The guest OS used in this remediation/resolution section is Amazon Linux.