You’ve got a server. You’ve got AWS. You want to see what’s going on inside your box before it explodes in costs or error logs. Enter CloudWatch Agent—your snoopy little helper that never sleeps.

This guide is short, clear, and just a tad silly. Because monitoring servers shouldn’t feel like filing taxes.

Update the apt-get Package Manager

First things first: refresh your Pi’s brain.

sudo apt-get update

Step 1 – Install CloudWatch

Navigate to /usr/local/bin. This is the VIP lounge for executables.

cd /usr/local/bin

Grab the CloudWatch tool from the mothership:

wget https://s3.amazonaws.com/amazoncloudwatch-agent/linux/amd64/latest/AmazonCloudWatchAgent.zip

Unzip like it’s the 90s and WinZip just sent you a reminder.

unzip AmazonCloudWatchAgent.zip

Run the installer:

sudo ./install.sh

Kick off the Setup Wizard (choose your own adventure time):

sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard

AWS Cloudwatch Setup Wizard Prompts

Step 2 – Manage a User for CloudWatch

We don’t give root access to randos. Create a dedicated IAM user just for CloudWatch.

  1. Visit IAM and create a new user.
  2. Attach these policies:

cloudwatch-agent-01-apply-policy

  1. Create a Secret Access Key. Guard it like your Netflix password.

cloudwatch-agent-01-create-access-key

Step 3 – Create an AWS Profile

Install the AWS CLI. It’s the Swiss Army knife for AWS.

sudo apt-get install awscli

Configure your new profile:

sudo aws configure --profile AmazonCloudWatchAgent

Now your box can talk to AWS like they’re old friends.

Step 4 – Manage the CloudWatch Agent

The agent lives in your box. You command it. Don’t let it command you.

Start CloudWatch Agent

AWS recommends /opt/aws/. Think of it as the agent’s comfy couch.

sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m onPremise -s -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json

Stop CloudWatch Agent

If your AWS bill starts yelling louder than your mom, shut it down:

sudo amazon-cloudwatch-agent-ctl -a stop

Check Agent Status

Following the Bitnami playbook? Run this:

sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json -s

Saving Money (Because AWS Ain’t Cheap)

CloudWatch is powerful. It’s also a sneaky wallet vampire.

The four main culprets of high cost:

  1. Unmanaged Logs – More logs = more 💸

    • Change log retention.
    • Filter what you actually need.

  2. Unmanaged Collection Intervals – Poll less, save more.

  3. Unmanaged Alarms – Too many alarms = too much caffeine + too much billing.

  4. General Lazyness – Yes, spelled wrong for fun. Don’t ignore your configs.

Edit your config to tighten things up:

sudo nano /opt/aws/amazon-cloudwatch-agent/bin/config.json

Troubleshooting

  • Agent won’t start? Check logs in /opt/aws/amazon-cloudwatch-agent/logs.
  • Permissions drama? Make sure IAM user policies are correct.
  • AWS bill insane? You probably left a log firehose wide open.

Resources

Done

You’ve installed, configured, and tamed CloudWatch Agent. Your box is now chatty, AWS is watching, and you still have a few bucks left in your pocket. Maybe. 😉