01
Create the required agent configuration file for Amazon Linux and save it as a text file named "app-instance-logs.cfg" then upload the file to AWS S3. This is a text file that defines the log file(s) to monitor and the log groups and log streams to upload them to. The AWS Cloudwatch Logs agent utilize this configuration file and starts monitoring and uploading the log files defined in it. The following is an agent configuration file for the general system activity log on Amazon Linux:
[general]
state_file = /var/awslogs/state/agent-state
[/var/log/messages]
file = /var/log/messages
log_group_name = /var/log/messages
log_stream_name = {instance_id}
datetime_format = %b %d %H:%M:%S
02
Sign in to the AWS Management Console.
03
Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.
04
In the navigation panel, under AUTO SCALING, click Launch Configurations.
05
Select the app-tier ASG launch configuration that you want to re-create (see Audit section part I to identify the right ASG resource).
06
Click the Actions dropdown button from the dashboard top menu and select Copy launch configuration option.
07
On Copy Launch Configuration from <LAUNCH_CONFIGURATION_NAME> page, in the Launch configuration details section, click Edit details to edit the template.
08
Click Advanced Details to display the panel with the advanced settings and paste the following script inside the User data box (make sure that you replace the <AWS_REGION> with the appropriate AWS region and the <S3_BUCKET_NAME> with the name of the S3 bucket that store the agent configuration file defined at step no. 1). Once the script is added, click Skip to review to finish the configuration process:
#!/bin/bash
curl https://s3.amazonaws.com//aws-cloudwatch/downloads/latest/awslogs-agent-setup.py -O
chmod +x ./awslogs-agent-setup.py
./awslogs-agent-setup.py -n -r <AWS_REGION> -c s3://<S3_BUCKET_NAME>/instance-logs.cfg
09
Click Create launch configuration. In the Select an existing key pair or create a new key pair dialog box, select Choose an existing key pair and use the same key pair as the source launch configuration. Click Create launch configuration to make a copy of the specified web-tier ASG launch configuration. Click Close to return to the EC2 dashboard.
10
In the navigation panel, under AUTO SCALING, click Auto Scaling Groups.
11
Select the app-tier Auto Scaling Group that you want to reconfigure (see Audit section part I to identify the right ASG).
12
Select the Details tab from the dashboard bottom panel and click Edit to change the group configuration.
13
Select the name of the launch configuration created at steps no. 6 – 9 from the Launch configuration dropdown list, then click Save to apply the changes. Once a new EC2 instance is launched within the selected app-tier ASG, you should be able to see and access the newly created AWS CloudWatch log stream and log group, supplied with the instance logging data.
14
Repeat steps no. 5 – 13 to reconfigure other app-tier ASGs, available in the selected region, to install the AWS Cloudwatch Logs agent on the app-tier ASG instances.
15
Change the AWS region from the navigation bar and repeat steps no. 5 – 14 for other regions.