Amazon CloudWatch Logs 템플릿 코드 조각
Amazon CloudWatch Logs는 Amazon EC2 인스턴스 또는 기타 소스의 시스템, 애플리케이션 및 사용자 지정 로그 파일을 모니터링할 수 있습니다. AWS CloudFormation을 사용하여 로그 그룹 및 지표 필터를 프로비저닝 및 관리할 수 있습니다. Amazon CloudWatch Logs에 대한 자세한 내용은 Amazon CloudWatch Logs 사용자 설명서를 참조하세요.
Linux 인스턴스에서 CloudWatch Logs로 로그 전송
다음 템플릿에서는 웹 서버 및 사용자 지정 측정치를 설명합니다. 웹 서버 로그의 로그 이벤트는 사용자 지정 측정치의 데이터를 제공합니다. 로그 이벤트를 사용자 지정 측정치로 전송하기 위해 UserData 필드가 Amazon EC2 인스턴스에 CloudWatch Logs 에이전트를 설치합니다. 서버 로그 파일의 위치, 로그 그룹 이름 및 로그 스트림 이름 같은 에이전트 관련 구성 정보는 /tmp/cwlogs/apacheaccess.conf 파일에 정의되어 있습니다. 웹 서버에서 로그 이벤트를 /var/log/httpd/access_log 파일로 전송하기 시작하면 로그 스트림이 생성됩니다.
참고
권한에 대한 중요 정보: WebServerHost 인스턴스는 LogRoleInstanceProfile 인스턴스 프로파일을 참조하며, 이 프로파일은 LogRole 역할을 참조합니다. LogRole은 arn:aws:s3:::*에 대한 s3:GetObject 권한을 지정합니다.
WebServerHost는 Amazon S3의 UserData 섹션에서 CloudWatch Logs 에이전트(awslogs-agent-setup.py)를 다운로드하므로 이 권한이 필요합니다.
두 지표 필터는 로그 정보가 CloudWatch 측정치로 변환되는 방식을 설명합니다. 404 측정치는 404 발생 횟수를 계산합니다. size 측정치는 요청의 크기를 추적합니다. 두 CloudWatch 경보는 2분 안에 404가 세 번 이상 발생했거나 평균 요청 크기가 10분 동안 3500KB 이상인 경우 알림을 전송합니다.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "AWS CloudFormation Sample Template for CloudWatch Logs.", "Parameters": { "KeyName": { "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances", "Type": "AWS::EC2::KeyPair::KeyName", "ConstraintDescription": "must be the name of an existing EC2 KeyPair." }, "SSHLocation": { "Description": "The IP address range that can be used to SSH to the EC2 instances", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "0.0.0.0/0", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, "OperatorEmail": { "Description": "Email address to notify if there are any scaling operations", "Type": "String" } }, "Mappings": { "RegionMap": { "us-east-1": { "AMI": "ami-0ff8a91507f77f867" }, "us-west-1": { "AMI": "ami-0bdb828fd58c52235" }, "us-west-2": { "AMI": "ami-a0cfeed8" }, "eu-west-1": { "AMI": "ami-047bb4163c506cd98" }, "ap-southeast-1": { "AMI": "ami-08569b978cc4dfa10" }, "ap-southeast-2": { "AMI": "ami-09b42976632b27e9b" }, "ap-northeast-1": { "AMI": "ami-06cd52961ce9f0d85" }, "sa-east-1": { "AMI": "ami-07b14488da8ea02a0" }, "eu-central-1": { "AMI": "ami-0233214e13e500f77" } } }, "Resources": { "LogRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/", "Policies": [ { "PolicyName": "LogRolePolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:Create*", "logs:PutLogEvents", "s3:GetObject" ], "Resource": [ "arn:aws:logs:*:*:*", "arn:aws:s3:::*" ] } ] } } ] } }, "LogRoleInstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "LogRole" } ] } }, "WebServerSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Enable HTTP access via port 80 and SSH access via port 22", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "tcp", "FromPort": 22, "ToPort": 22, "CidrIp": { "Ref": "SSHLocation" } } ] } }, "WebServerHost": { "Type": "AWS::EC2::Instance", "Metadata": { "Comment": "Install a simple PHP application", "AWS::CloudFormation::Init": { "config": { "packages": { "yum": { "httpd": [], "php": [] } }, "files": { "/tmp/cwlogs/apacheaccess.conf": { "content": { "Fn::Join": [ "", [ "[general]\n", "state_file= /var/awslogs/agent-state\n", "[/var/log/httpd/access_log]\n", "file = /var/log/httpd/access_log\n", "log_group_name = ", { "Ref": "WebServerLogGroup" }, "\n", "log_stream_name = {instance_id}/apache.log\n", "datetime_format = %d/%b/%Y:%H:%M:%S" ] ] }, "mode": "000400", "owner": "apache", "group": "apache" }, "/var/www/html/index.php": { "content": { "Fn::Join": [ "", [ "<?php\n", "echo '<h1>AWS CloudFormation sample PHP application</h1>';\n", "?>\n" ] ] }, "mode": "000644", "owner": "apache", "group": "apache" }, "/etc/cfn/cfn-hup.conf": { "content": { "Fn::Join": [ "", [ "[main]\n", "stack=", { "Ref": "AWS::StackId" }, "\n", "region=", { "Ref": "AWS::Region" }, "\n" ] ] }, "mode": "000400", "owner": "root", "group": "root" }, "/etc/cfn/hooks.d/cfn-auto-reloader.conf": { "content": { "Fn::Join": [ "", [ "[cfn-auto-reloader-hook]\n", "triggers=post.update\n", "path=Resources.WebServerHost.Metadata.AWS::CloudFormation::Init\n", "action=/opt/aws/bin/cfn-init -s ", { "Ref": "AWS::StackId" }, " -r WebServerHost ", " --region ", { "Ref": "AWS::Region" }, "\n", "runas=root\n" ] ] } } }, "services": { "sysvinit": { "httpd": { "enabled": "true", "ensureRunning": "true" }, "sendmail": { "enabled": "false", "ensureRunning": "false" } } } } } }, "CreationPolicy": { "ResourceSignal": { "Timeout": "PT5M" } }, "Properties": { "ImageId": { "Fn::FindInMap": [ "RegionMap", { "Ref": "AWS::Region" }, "AMI" ] }, "KeyName": { "Ref": "KeyName" }, "InstanceType": "t1.micro", "SecurityGroups": [ { "Ref": "WebServerSecurityGroup" } ], "IamInstanceProfile": { "Ref": "LogRoleInstanceProfile" }, "UserData": { "Fn::Base64": { "Fn::Join": [ "", [ "#!/bin/bash -xe\n", "# Get the latest CloudFormation package\n", "yum install -y aws-cfn-bootstrap\n", "# Start cfn-init\n", "/opt/aws/bin/cfn-init -s ", { "Ref": "AWS::StackId" }, " -r WebServerHost ", " --region ", { "Ref": "AWS::Region" }, " || error_exit 'Failed to run cfn-init'\n", "# Start up the cfn-hup daemon to listen for changes to the EC2 instance metadata\n", "/opt/aws/bin/cfn-hup || error_exit 'Failed to start cfn-hup'\n", "# Get the CloudWatch Logs agent\n", "wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py\n", "# Install the CloudWatch Logs agent\n", "python awslogs-agent-setup.py -n -r ", { "Ref": "AWS::Region" }, " -c /tmp/cwlogs/apacheaccess.conf || error_exit 'Failed to run CloudWatch Logs agent setup'\n", "# All done so signal success\n", "/opt/aws/bin/cfn-signal -e $? ", " --stack ", { "Ref": "AWS::StackName" }, " --resource WebServerHost ", " --region ", { "Ref": "AWS::Region" }, "\n" ] ] } } } }, "WebServerLogGroup": { "Type": "AWS::Logs::LogGroup", "Properties": { "RetentionInDays": 7 } }, "404MetricFilter": { "Type": "AWS::Logs::MetricFilter", "Properties": { "LogGroupName": { "Ref": "WebServerLogGroup" }, "FilterPattern": "[ip, identity, user_id, timestamp, request, status_code = 404, size, ...]", "MetricTransformations": [ { "MetricValue": "1", "MetricNamespace": "test/404s", "MetricName": "test404Count" } ] } }, "BytesTransferredMetricFilter": { "Type": "AWS::Logs::MetricFilter", "Properties": { "LogGroupName": { "Ref": "WebServerLogGroup" }, "FilterPattern": "[ip, identity, user_id, timestamp, request, status_code, size, ...]", "MetricTransformations": [ { "MetricValue": "$size", "MetricNamespace": "test/BytesTransferred", "MetricName": "testBytesTransferred" } ] } }, "404Alarm": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "AlarmDescription": "The number of 404s is greater than 2 over 2 minutes", "MetricName": "test404Count", "Namespace": "test/404s", "Statistic": "Sum", "Period": "60", "EvaluationPeriods": "2", "Threshold": "2", "AlarmActions": [ { "Ref": "AlarmNotificationTopic" } ], "ComparisonOperator": "GreaterThanThreshold" } }, "BandwidthAlarm": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "AlarmDescription": "The average volume of traffic is greater 3500 KB over 10 minutes", "MetricName": "testBytesTransferred", "Namespace": "test/BytesTransferred", "Statistic": "Average", "Period": "300", "EvaluationPeriods": "2", "Threshold": "3500", "AlarmActions": [ { "Ref": "AlarmNotificationTopic" } ], "ComparisonOperator": "GreaterThanThreshold" } }, "AlarmNotificationTopic": { "Type": "AWS::SNS::Topic", "Properties": { "Subscription": [ { "Endpoint": { "Ref": "OperatorEmail" }, "Protocol": "email" } ] } } }, "Outputs": { "InstanceId": { "Description": "The instance ID of the web server", "Value": { "Ref": "WebServerHost" } }, "WebsiteURL": { "Value": { "Fn::Join": [ "", [ "http://", { "Fn::GetAtt": [ "WebServerHost", "PublicDnsName" ] } ] ] }, "Description": "URL for newly created LAMP stack" }, "PublicIP": { "Description": "Public IP address of the web server", "Value": { "Fn::GetAtt": [ "WebServerHost", "PublicIp" ] } }, "CloudWatchLogGroupName": { "Description": "The name of the CloudWatch log group", "Value": { "Ref": "WebServerLogGroup" } } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Description: AWS CloudFormation Sample Template for CloudWatch Logs. Parameters: KeyName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instances Type: 'AWS::EC2::KeyPair::KeyName' ConstraintDescription: must be the name of an existing EC2 KeyPair. SSHLocation: Description: The IP address range that can be used to SSH to the EC2 instances Type: String MinLength: '9' MaxLength: '18' Default: 0.0.0.0/0 AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. OperatorEmail: Description: Email address to notify if there are any scaling operations Type: String Mappings: RegionMap: us-east-1: AMI: ami-0ff8a91507f77f867 us-west-1: AMI: ami-0bdb828fd58c52235 us-west-2: AMI: ami-a0cfeed8 eu-west-1: AMI: ami-047bb4163c506cd98 ap-southeast-1: AMI: ami-08569b978cc4dfa10 ap-southeast-2: AMI: ami-09b42976632b27e9b ap-northeast-1: AMI: ami-06cd52961ce9f0d85 sa-east-1: AMI: ami-07b14488da8ea02a0 eu-central-1: AMI: ami-0233214e13e500f77 Resources: LogRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: LogRolePolicy PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - 'logs:Create*' - 'logs:PutLogEvents' - 's3:GetObject' Resource: - 'arn:aws:logs:*:*:*' - 'arn:aws:s3:::*' LogRoleInstanceProfile: Type: 'AWS::IAM::InstanceProfile' Properties: Path: / Roles: - !Ref LogRole WebServerSecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: !Ref SSHLocation WebServerHost: Type: 'AWS::EC2::Instance' Metadata: Comment: Install a simple PHP application 'AWS::CloudFormation::Init': config: packages: yum: httpd: [] php: [] files: /tmp/cwlogs/apacheaccess.conf: content: !Join - '' - - | [general] - | state_file= /var/awslogs/agent-state - | [/var/log/httpd/access_log] - | file = /var/log/httpd/access_log - 'log_group_name = ' - !Ref WebServerLogGroup - |+ - | log_stream_name = {instance_id}/apache.log - 'datetime_format = %d/%b/%Y:%H:%M:%S' mode: '000400' owner: apache group: apache /var/www/html/index.php: content: !Join - '' - - | <?php - | echo '<h1>AWS CloudFormation sample PHP application</h1>'; - | ?> mode: '000644' owner: apache group: apache /etc/cfn/cfn-hup.conf: content: !Join - '' - - | [main] - stack= - !Ref 'AWS::StackId' - |+ - region= - !Ref 'AWS::Region' - |+ mode: '000400' owner: root group: root /etc/cfn/hooks.d/cfn-auto-reloader.conf: content: !Join - '' - - | [cfn-auto-reloader-hook] - | triggers=post.update - > path=Resources.WebServerHost.Metadata.AWS::CloudFormation::Init - 'action=/opt/aws/bin/cfn-init -s ' - !Ref 'AWS::StackId' - ' -r WebServerHost ' - ' --region ' - !Ref 'AWS::Region' - |+ - | runas=root services: sysvinit: httpd: enabled: 'true' ensureRunning: 'true' sendmail: enabled: 'false' ensureRunning: 'false' CreationPolicy: ResourceSignal: Timeout: PT5M Properties: ImageId: !FindInMap - RegionMap - !Ref 'AWS::Region' - AMI KeyName: !Ref KeyName InstanceType: t1.micro SecurityGroups: - !Ref WebServerSecurityGroup IamInstanceProfile: !Ref LogRoleInstanceProfile UserData: !Base64 'Fn::Join': - '' - - | #!/bin/bash -xe - | # Get the latest CloudFormation package - | yum install -y aws-cfn-bootstrap - | # Start cfn-init - '/opt/aws/bin/cfn-init -s ' - !Ref 'AWS::StackId' - ' -r WebServerHost ' - ' --region ' - !Ref 'AWS::Region' - |2 || error_exit 'Failed to run cfn-init' - > # Start up the cfn-hup daemon to listen for changes to the EC2 instance metadata - | /opt/aws/bin/cfn-hup || error_exit 'Failed to start cfn-hup' - | # Get the CloudWatch Logs agent - > wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py - | # Install the CloudWatch Logs agent - 'python awslogs-agent-setup.py -n -r ' - !Ref 'AWS::Region' - |2 -c /tmp/cwlogs/apacheaccess.conf || error_exit 'Failed to run CloudWatch Logs agent setup' - | # All done so signal success - '/opt/aws/bin/cfn-signal -e $? ' - ' --stack ' - !Ref 'AWS::StackName' - ' --resource WebServerHost ' - ' --region ' - !Ref 'AWS::Region' - |+ WebServerLogGroup: Type: 'AWS::Logs::LogGroup' Properties: RetentionInDays: 7 404MetricFilter: Type: 'AWS::Logs::MetricFilter' Properties: LogGroupName: !Ref WebServerLogGroup FilterPattern: >- [ip, identity, user_id, timestamp, request, status_code = 404, size, ...] MetricTransformations: - MetricValue: '1' MetricNamespace: test/404s MetricName: test404Count BytesTransferredMetricFilter: Type: 'AWS::Logs::MetricFilter' Properties: LogGroupName: !Ref WebServerLogGroup FilterPattern: '[ip, identity, user_id, timestamp, request, status_code, size, ...]' MetricTransformations: - MetricValue: $size MetricNamespace: test/BytesTransferred MetricName: testBytesTransferred 404Alarm: Type: 'AWS::CloudWatch::Alarm' Properties: AlarmDescription: The number of 404s is greater than 2 over 2 minutes MetricName: test404Count Namespace: test/404s Statistic: Sum Period: '60' EvaluationPeriods: '2' Threshold: '2' AlarmActions: - !Ref AlarmNotificationTopic ComparisonOperator: GreaterThanThreshold BandwidthAlarm: Type: 'AWS::CloudWatch::Alarm' Properties: AlarmDescription: The average volume of traffic is greater 3500 KB over 10 minutes MetricName: testBytesTransferred Namespace: test/BytesTransferred Statistic: Average Period: '300' EvaluationPeriods: '2' Threshold: '3500' AlarmActions: - !Ref AlarmNotificationTopic ComparisonOperator: GreaterThanThreshold AlarmNotificationTopic: Type: 'AWS::SNS::Topic' Properties: Subscription: - Endpoint: !Ref OperatorEmail Protocol: email Outputs: InstanceId: Description: The instance ID of the web server Value: !Ref WebServerHost WebsiteURL: Value: !Join - '' - - 'http://' - !GetAtt - WebServerHost - PublicDnsName Description: URL for newly created LAMP stack PublicIP: Description: Public IP address of the web server Value: !GetAtt - WebServerHost - PublicIp CloudWatchLogGroupName: Description: The name of the CloudWatch log group Value: !Ref WebServerLogGroup
Windows 인스턴스에서 CloudWatch Logs로 로그 전송
다음 템플릿은 Windows 2012R2 인스턴스에 대한 CloudWatch Logs를 구성합니다.
Windows의 CloudWatch Logs 에이전트(Windows 2012R2 및 Windows 2016 AMI의 SSM 에이전트)는 시작된 후에만 로그를 전송하므로 스타트업 전에 생성된 모든 로그는 전송되지 않습니다. 이를 해결하기 위해 템플릿은 로그를 작성하기 전에 에이전트가 시작되도록 합니다.
-
cfn-init
config의 첫 번째configSets항목으로 에이전트 설정을 구성합니다. -
waitAfterCompletion을 사용하여 에이전트를 시작하는 명령 뒤에 일시 중지를 삽입합니다.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Sample template that sets up and configures CloudWatch logs on Windows 2012R2 instance instance.", "Parameters": { "KeyPair": { "Description": "Name of an existing EC2 KeyPair to enable RDP access to the instances", "Type": "AWS::EC2::KeyPair::KeyName", "ConstraintDescription": "must be the name of an existing EC2 KeyPair." }, "RDPLocation": { "Description": "The IP address range that can be used to RDP to the EC2 instances", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "0.0.0.0/0", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, "OperatorEmail": { "Description": "Email address to notify if there are any scaling operations", "Type": "String" } }, "Mappings": { "AWSAMIRegionMap": { "ap-northeast-1": { "WS2012R2": "ami-09e7006451ad8bf4d" }, "ap-northeast-2": { "WS2012R2": "ami-0754980e4d02153f9" }, "ap-south-1": { "WS2012R2": "ami-00ad91b37d56c1d08" }, "ap-southeast-1": { "WS2012R2": "ami-09e7006451ad8bf4d" }, "ap-southeast-2": { "WS2012R2": "ami-000d23d3067008aea" }, "ca-central-1": { "WS2012R2": "ami-0d8e70862465b9da0" }, "eu-central-1": { "WS2012R2": "ami-0c0f322f5676ba254" }, "eu-west-1": { "WS2012R2": "ami-0a46adf18f8875ad6" }, "eu-west-2": { "WS2012R2": "ami-0651428174d9438e9" }, "sa-east-1": { "WS2012R2": "ami-08ebd138109a6c223" }, "us-east-1": { "WS2012R2": "ami-0ef6fb504535468b2" }, "us-east-2": { "WS2012R2": "ami-0f466c6044f510bd3" }, "us-west-1": { "WS2012R2": "ami-026f68ef6465e6c09" }, "us-west-2": { "WS2012R2": "ami-0274ca53943a86543" } } }, "Resources": { "WebServerSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Enable HTTP access via port 80 and RDP access via port 3389", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "tcp", "FromPort": "3389", "ToPort": "3389", "CidrIp": { "Ref": "RDPLocation" } } ] } }, "LogRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" ], "Path": "/", "Policies": [ { "PolicyName": "LogRolePolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:Create*", "logs:PutLogEvents", "s3:GetObject" ], "Resource": [ "arn:aws:logs:*:*:*", "arn:aws:s3:::*" ] } ] } } ] } }, "LogRoleInstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "LogRole" } ] } }, "WebServerHost": { "Type": "AWS::EC2::Instance", "CreationPolicy": { "ResourceSignal": { "Timeout": "PT15M" } }, "Metadata": { "AWS::CloudFormation::Init": { "configSets": { "config": [ "00-ConfigureCWLogs", "01-InstallWebServer", "02-ConfigureApplication", "03-Finalize" ] }, "00-ConfigureCWLogs": { "files": { "C:\\Program Files\\Amazon\\SSM\\Plugins\\awsCloudWatch\\AWS.EC2.Windows.CloudWatch.json": { "content": { "Fn::Sub": "{\n \"EngineConfiguration\": {\n \"Components\": [\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"ApplicationEventLog\",\n \"Parameters\": {\n \"Levels\": \"7\",\n \"LogName\": \"Application\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"SystemEventLog\",\n \"Parameters\": {\n \"Levels\": \"7\",\n \"LogName\": \"System\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"SecurityEventLog\",\n \"Parameters\": {\n \"Levels\": \"7\",\n \"LogName\": \"Security\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"EC2ConfigLog\",\n \"Parameters\": {\n \"CultureName\": \"en-US\",\n \"Encoding\": \"ASCII\",\n \"Filter\": \"EC2ConfigLog.txt\",\n \"LogDirectoryPath\": \"C:\\\\Program Files\\\\Amazon\\\\Ec2ConfigService\\\\Logs\",\n \"TimeZoneKind\": \"UTC\",\n \"TimestampFormat\": \"yyyy-MM-ddTHH:mm:ss.fffZ:\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CfnInitLog\",\n \"Parameters\": {\n \"CultureName\": \"en-US\",\n \"Encoding\": \"ASCII\",\n \"Filter\": \"cfn-init.log\",\n \"LogDirectoryPath\": \"C:\\\\cfn\\\\log\",\n \"TimeZoneKind\": \"Local\",\n \"TimestampFormat\": \"yyyy-MM-dd HH:mm:ss,fff\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"IISLogs\",\n \"Parameters\": {\n \"CultureName\": \"en-US\",\n \"Encoding\": \"UTF-8\",\n \"Filter\": \"\",\n \"LineCount\": \"3\",\n \"LogDirectoryPath\": \"C:\\\\inetpub\\\\logs\\\\LogFiles\\\\W3SVC1\",\n \"TimeZoneKind\": \"UTC\",\n \"TimestampFormat\": \"yyyy-MM-dd HH:mm:ss\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"MemoryPerformanceCounter\",\n \"Parameters\": {\n \"CategoryName\": \"Memory\",\n \"CounterName\": \"Available MBytes\",\n \"DimensionName\": \"\",\n \"DimensionValue\": \"\",\n \"InstanceName\": \"\",\n \"MetricName\": \"Memory\",\n \"Unit\": \"Megabytes\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchApplicationEventLog\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/ApplicationEventLog\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchSystemEventLog\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/SystemEventLog\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchSecurityEventLog\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/SecurityEventLog\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchEC2ConfigLog\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/EC2ConfigLog\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchCfnInitLog\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/CfnInitLog\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchIISLogs\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/IISLogs\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatch.CloudWatchOutputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatch\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"NameSpace\": \"Windows/Default\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n }\n ],\n \"Flows\": {\n \"Flows\": [\n \"ApplicationEventLog,CloudWatchApplicationEventLog\",\n \"SystemEventLog,CloudWatchSystemEventLog\",\n \"SecurityEventLog,CloudWatchSecurityEventLog\",\n \"EC2ConfigLog,CloudWatchEC2ConfigLog\",\n \"CfnInitLog,CloudWatchCfnInitLog\",\n \"IISLogs,CloudWatchIISLogs\",\n \"MemoryPerformanceCounter,CloudWatch\"\n ]\n },\n \"PollInterval\": \"00:00:05\"\n },\n \"IsEnabled\": true\n}\n" } } }, "commands": { "0-enableSSM": { "command": "powershell.exe -Command \"Set-Service -Name AmazonSSMAgent -StartupType Automatic\" ", "waitAfterCompletion": "0" }, "1-restartSSM": { "command": "powershell.exe -Command \"Restart-Service AmazonSSMAgent \"", "waitAfterCompletion": "30" } } }, "01-InstallWebServer": { "commands": { "01_install_webserver": { "command": "powershell.exe -Command \"Install-WindowsFeature Web-Server -IncludeAllSubFeature\"", "waitAfterCompletion": "0" } } }, "02-ConfigureApplication": { "files": { "c:\\Inetpub\\wwwroot\\index.htm": { "content": "<html> <head> <title>Test Application Page</title> </head> <body> <h1>Congratulations !! Your IIS server is configured.</h1> </body> </html>" } } }, "03-Finalize": { "commands": { "00_signal_success": { "command": { "Fn::Sub": "cfn-signal.exe -e 0 --resource WebServerHost --stack ${AWS::StackName} --region ${AWS::Region}" }, "waitAfterCompletion": "0" } } } } }, "Properties": { "KeyName": { "Ref": "KeyPair" }, "ImageId": { "Fn::FindInMap": [ "AWSAMIRegionMap", { "Ref": "AWS::Region" }, "WS2012R2" ] }, "InstanceType": "t2.xlarge", "SecurityGroupIds": [ { "Ref": "WebServerSecurityGroup" } ], "IamInstanceProfile": { "Ref": "LogRoleInstanceProfile" }, "UserData": { "Fn::Base64": { "Fn::Sub": "<script>\nwmic product where \"description='Amazon SSM Agent' \" uninstall\nwmic product where \"description='aws-cfn-bootstrap' \" uninstall \nstart /wait c:\\\\Windows\\\\system32\\\\msiexec /passive /qn /i https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-win64-latest.msi\npowershell.exe -Command \"iwr https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe -UseBasicParsing -OutFile C:\\\\AmazonSSMAgentSetup.exe\"\nstart /wait C:\\\\AmazonSSMAgentSetup.exe /install /quiet\ncfn-init.exe -v -c config -s ${AWS::StackName} --resource WebServerHost --region ${AWS::Region} \n</script>\n" } } } }, "LogGroup": { "Type": "AWS::Logs::LogGroup", "Properties": { "RetentionInDays": 7 } }, "404MetricFilter": { "Type": "AWS::Logs::MetricFilter", "Properties": { "LogGroupName": { "Ref": "LogGroup" }, "FilterPattern": "[timestamps, serverip, method, uri, query, port, dash, clientip, useragent, status_code = 404, ...]", "MetricTransformations": [ { "MetricValue": "1", "MetricNamespace": "test/404s", "MetricName": "test404Count" } ] } }, "404Alarm": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "AlarmDescription": "The number of 404s is greater than 2 over 2 minutes", "MetricName": "test404Count", "Namespace": "test/404s", "Statistic": "Sum", "Period": "60", "EvaluationPeriods": "2", "Threshold": "2", "AlarmActions": [ { "Ref": "AlarmNotificationTopic" } ], "ComparisonOperator": "GreaterThanThreshold" } }, "AlarmNotificationTopic": { "Type": "AWS::SNS::Topic", "Properties": { "Subscription": [ { "Endpoint": { "Ref": "OperatorEmail" }, "Protocol": "email" } ] } } }, "Outputs": { "InstanceId": { "Description": "The instance ID of the web server", "Value": { "Ref": "WebServerHost" } }, "WebsiteURL": { "Value": { "Fn::Sub": "http://${WebServerHost.PublicDnsName}" }, "Description": "URL for newly created IIS web server" }, "PublicIP": { "Description": "Public IP address of the web server", "Value": { "Fn::GetAtt": [ "WebServerHost", "PublicIp" ] } }, "CloudWatchLogGroupName": { "Description": "The name of the CloudWatch log group", "Value": { "Ref": "LogGroup" } } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Description: >- Sample template that sets up and configures CloudWatch logs on Windows 2012R2 instance instance. Parameters: KeyPair: Description: Name of an existing EC2 KeyPair to enable RDP access to the instances Type: 'AWS::EC2::KeyPair::KeyName' ConstraintDescription: must be the name of an existing EC2 KeyPair. RDPLocation: Description: The IP address range that can be used to RDP to the EC2 instances Type: String MinLength: '9' MaxLength: '18' Default: 0.0.0.0/0 AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. OperatorEmail: Description: Email address to notify if there are any scaling operations Type: String Mappings: AWSAMIRegionMap: ap-northeast-1: WS2012R2: ami-09e7006451ad8bf4d ap-northeast-2: WS2012R2: ami-0754980e4d02153f9 ap-south-1: WS2012R2: ami-00ad91b37d56c1d08 ap-southeast-1: WS2012R2: ami-09e7006451ad8bf4d ap-southeast-2: WS2012R2: ami-000d23d3067008aea ca-central-1: WS2012R2: ami-0d8e70862465b9da0 eu-central-1: WS2012R2: ami-0c0f322f5676ba254 eu-west-1: WS2012R2: ami-0a46adf18f8875ad6 eu-west-2: WS2012R2: ami-0651428174d9438e9 sa-east-1: WS2012R2: ami-08ebd138109a6c223 us-east-1: WS2012R2: ami-0ef6fb504535468b2 us-east-2: WS2012R2: ami-0f466c6044f510bd3 us-west-1: WS2012R2: ami-026f68ef6465e6c09 us-west-2: WS2012R2: ami-0274ca53943a86543 Resources: WebServerSecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: Enable HTTP access via port 80 and RDP access via port 3389 SecurityGroupIngress: - IpProtocol: tcp FromPort: '80' ToPort: '80' CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: '3389' ToPort: '3389' CidrIp: !Ref RDPLocation LogRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - 'sts:AssumeRole' ManagedPolicyArns: - 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore' Path: / Policies: - PolicyName: LogRolePolicy PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - 'logs:Create*' - 'logs:PutLogEvents' - 's3:GetObject' Resource: - 'arn:aws:logs:*:*:*' - 'arn:aws:s3:::*' LogRoleInstanceProfile: Type: 'AWS::IAM::InstanceProfile' Properties: Path: / Roles: - !Ref LogRole WebServerHost: Type: 'AWS::EC2::Instance' CreationPolicy: ResourceSignal: Timeout: PT15M Metadata: 'AWS::CloudFormation::Init': configSets: config: - 00-ConfigureCWLogs - 01-InstallWebServer - 02-ConfigureApplication - 03-Finalize 00-ConfigureCWLogs: files: 'C:\Program Files\Amazon\SSM\Plugins\awsCloudWatch\AWS.EC2.Windows.CloudWatch.json': content: !Sub | { "EngineConfiguration": { "Components": [ { "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "ApplicationEventLog", "Parameters": { "Levels": "7", "LogName": "Application" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "SystemEventLog", "Parameters": { "Levels": "7", "LogName": "System" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "SecurityEventLog", "Parameters": { "Levels": "7", "LogName": "Security" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "EC2ConfigLog", "Parameters": { "CultureName": "en-US", "Encoding": "ASCII", "Filter": "EC2ConfigLog.txt", "LogDirectoryPath": "C:\\Program Files\\Amazon\\Ec2ConfigService\\Logs", "TimeZoneKind": "UTC", "TimestampFormat": "yyyy-MM-ddTHH:mm:ss.fffZ:" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "CfnInitLog", "Parameters": { "CultureName": "en-US", "Encoding": "ASCII", "Filter": "cfn-init.log", "LogDirectoryPath": "C:\\cfn\\log", "TimeZoneKind": "Local", "TimestampFormat": "yyyy-MM-dd HH:mm:ss,fff" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "IISLogs", "Parameters": { "CultureName": "en-US", "Encoding": "UTF-8", "Filter": "", "LineCount": "3", "LogDirectoryPath": "C:\\inetpub\\logs\\LogFiles\\W3SVC1", "TimeZoneKind": "UTC", "TimestampFormat": "yyyy-MM-dd HH:mm:ss" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "MemoryPerformanceCounter", "Parameters": { "CategoryName": "Memory", "CounterName": "Available MBytes", "DimensionName": "", "DimensionValue": "", "InstanceName": "", "MetricName": "Memory", "Unit": "Megabytes" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchApplicationEventLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/ApplicationEventLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchSystemEventLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/SystemEventLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchSecurityEventLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/SecurityEventLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchEC2ConfigLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/EC2ConfigLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchCfnInitLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/CfnInitLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchIISLogs", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/IISLogs", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatch.CloudWatchOutputComponent,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatch", "Parameters": { "AccessKey": "", "NameSpace": "Windows/Default", "Region": "${AWS::Region}", "SecretKey": "" } } ], "Flows": { "Flows": [ "ApplicationEventLog,CloudWatchApplicationEventLog", "SystemEventLog,CloudWatchSystemEventLog", "SecurityEventLog,CloudWatchSecurityEventLog", "EC2ConfigLog,CloudWatchEC2ConfigLog", "CfnInitLog,CloudWatchCfnInitLog", "IISLogs,CloudWatchIISLogs", "MemoryPerformanceCounter,CloudWatch" ] }, "PollInterval": "00:00:05" }, "IsEnabled": true } commands: 0-enableSSM: command: >- powershell.exe -Command "Set-Service -Name AmazonSSMAgent -StartupType Automatic" waitAfterCompletion: '0' 1-restartSSM: command: powershell.exe -Command "Restart-Service AmazonSSMAgent " waitAfterCompletion: '30' 01-InstallWebServer: commands: 01_install_webserver: command: >- powershell.exe -Command "Install-WindowsFeature Web-Server -IncludeAllSubFeature" waitAfterCompletion: '0' 02-ConfigureApplication: files: 'c:\Inetpub\wwwroot\index.htm': content: >- <html> <head> <title>Test Application Page</title> </head> <body> <h1>Congratulations !! Your IIS server is configured.</h1> </body> </html> 03-Finalize: commands: 00_signal_success: command: !Sub >- cfn-signal.exe -e 0 --resource WebServerHost --stack ${AWS::StackName} --region ${AWS::Region} waitAfterCompletion: '0' Properties: KeyName: !Ref KeyPair ImageId: !FindInMap - AWSAMIRegionMap - !Ref 'AWS::Region' - WS2012R2 InstanceType: t2.xlarge SecurityGroupIds: - !Ref WebServerSecurityGroup IamInstanceProfile: !Ref LogRoleInstanceProfile UserData: !Base64 'Fn::Sub': > <script> wmic product where "description='Amazon SSM Agent' " uninstall wmic product where "description='aws-cfn-bootstrap' " uninstall start /wait c:\\Windows\\system32\\msiexec /passive /qn /i https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-win64-latest.msi powershell.exe -Command "iwr https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe -UseBasicParsing -OutFile C:\\AmazonSSMAgentSetup.exe" start /wait C:\\AmazonSSMAgentSetup.exe /install /quiet cfn-init.exe -v -c config -s ${AWS::StackName} --resource WebServerHost --region ${AWS::Region} </script> LogGroup: Type: 'AWS::Logs::LogGroup' Properties: RetentionInDays: 7 404MetricFilter: Type: 'AWS::Logs::MetricFilter' Properties: LogGroupName: !Ref LogGroup FilterPattern: >- [timestamps, serverip, method, uri, query, port, dash, clientip, useragent, status_code = 404, ...] MetricTransformations: - MetricValue: '1' MetricNamespace: test/404s MetricName: test404Count 404Alarm: Type: 'AWS::CloudWatch::Alarm' Properties: AlarmDescription: The number of 404s is greater than 2 over 2 minutes MetricName: test404Count Namespace: test/404s Statistic: Sum Period: '60' EvaluationPeriods: '2' Threshold: '2' AlarmActions: - !Ref AlarmNotificationTopic ComparisonOperator: GreaterThanThreshold AlarmNotificationTopic: Type: 'AWS::SNS::Topic' Properties: Subscription: - Endpoint: !Ref OperatorEmail Protocol: email Outputs: InstanceId: Description: The instance ID of the web server Value: !Ref WebServerHost WebsiteURL: Value: !Sub 'http://${WebServerHost.PublicDnsName}' Description: URL for newly created IIS web server PublicIP: Description: Public IP address of the web server Value: !GetAtt - WebServerHost - PublicIp CloudWatchLogGroupName: Description: The name of the CloudWatch log group Value: !Ref LogGroup
다음 사항도 참조하세요.
CloudWatch Logs 리소스에 대한 자세한 내용을 알아보려면 AWS::Logs::LogGroup 또는 AWS::Logs::MetricFilter를 참조하세요.
