本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
篩選條件查看
篩選條件查看
Amazon CloudWatch Logs 可監控您的系統、應用程式,以及來自 Amazon EC2 執行個體或其他來源的自訂日誌檔案。您可以使用 AWS CloudFormation 來佈建和管理日誌群組和指標篩選條件。如需 Amazon CloudWatch Logs 的詳細資訊,請參閱 Amazon CloudWatch Logs 使用者指南。
從 Linux 執行個體傳送日誌到 CloudWatch Logs
以下範本描述 Web 伺服器及其自訂指標。來自 Web 伺服器日誌的日誌事件提供自訂指標的資料。若要將日誌事件傳送到自訂指標,UserData 欄位會在 Amazon EC2 執行個體上安裝 CloudWatch Logs 代理程式。代理程式的組態資訊,例如伺服器日誌檔的位置、日誌群組名稱和日誌串流名稱,皆定義於 /tmp/cwlogs/apacheaccess.conf 檔案。日誌串流是在 Web 伺服器開始將日誌事件傳送至 /var/log/httpd/access_log 檔案之後建立的。
注意
有關許可的說明:WebServerHost 執行個體會參考 LogRoleInstanceProfile 執行個體設定檔,而後者又參考 LogRole 角色。LogRole 指定 arn:aws:s3:::* 的 s3:GetObject 許可。
需要此許可是因為 WebServerHost 會在 UserData 區段中從 Amazon S3 下載 CloudWatch Logs 代理程式 (awslogs-agent-setup.py)。
這兩個指標篩選條件描述日誌資訊如何轉換成 CloudWatch 指標。404 指標會計算 404 事件的數量。大小指標會追蹤請求的大小。如果在 2 分鐘內發生兩次以上的 404,或 10 分鐘內的平均請求大小超過 3500 KB,這兩個 CloudWatch 警示會傳送通知。
JSON
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "AWS CloudFormation Sample Template for CloudWatch Logs.",
"Parameters": {
"KeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription": "must be the name of an existing EC2 KeyPair."
},
"SSHLocation": {
"Description": "The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
},
"OperatorEmail": {
"Description": "Email address to notify if there are any scaling operations",
"Type": "String"
}
},
"Mappings": {
"RegionMap": {
"us-east-1": {
"AMI": "ami-0ff8a91507f77f867"
},
"us-west-1": {
"AMI": "ami-0bdb828fd58c52235"
},
"us-west-2": {
"AMI": "ami-a0cfeed8"
},
"eu-west-1": {
"AMI": "ami-047bb4163c506cd98"
},
"ap-southeast-1": {
"AMI": "ami-08569b978cc4dfa10"
},
"ap-southeast-2": {
"AMI": "ami-09b42976632b27e9b"
},
"ap-northeast-1": {
"AMI": "ami-06cd52961ce9f0d85"
},
"sa-east-1": {
"AMI": "ami-07b14488da8ea02a0"
},
"eu-central-1": {
"AMI": "ami-0233214e13e500f77"
}
}
},
"Resources": {
"LogRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/",
"Policies": [
{
"PolicyName": "LogRolePolicy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:Create*",
"logs:PutLogEvents",
"s3:GetObject"
],
"Resource": [
"arn:aws:logs:*:*:*",
"arn:aws:s3:::*"
]
}
]
}
}
]
}
},
"LogRoleInstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [
{
"Ref": "LogRole"
}
]
}
},
"WebServerSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable HTTP access via port 80 and SSH access via port 22",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": 80,
"ToPort": 80,
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": 22,
"ToPort": 22,
"CidrIp": {
"Ref": "SSHLocation"
}
}
]
}
},
"WebServerHost": {
"Type": "AWS::EC2::Instance",
"Metadata": {
"Comment": "Install a simple PHP application",
"AWS::CloudFormation::Init": {
"config": {
"packages": {
"yum": {
"httpd": [],
"php": []
}
},
"files": {
"/tmp/cwlogs/apacheaccess.conf": {
"content": {
"Fn::Join": [
"",
[
"[general]\n",
"state_file= /var/awslogs/agent-state\n",
"[/var/log/httpd/access_log]\n",
"file = /var/log/httpd/access_log\n",
"log_group_name = ",
{
"Ref": "WebServerLogGroup"
},
"\n",
"log_stream_name = {instance_id}/apache.log\n",
"datetime_format = %d/%b/%Y:%H:%M:%S"
]
]
},
"mode": "000400",
"owner": "apache",
"group": "apache"
},
"/var/www/html/index.php": {
"content": {
"Fn::Join": [
"",
[
"<?php\n",
"echo '<h1>AWS CloudFormation sample PHP application</h1>';\n",
"?>\n"
]
]
},
"mode": "000644",
"owner": "apache",
"group": "apache"
},
"/etc/cfn/cfn-hup.conf": {
"content": {
"Fn::Join": [
"",
[
"[main]\n",
"stack=",
{
"Ref": "AWS::StackId"
},
"\n",
"region=",
{
"Ref": "AWS::Region"
},
"\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
},
"/etc/cfn/hooks.d/cfn-auto-reloader.conf": {
"content": {
"Fn::Join": [
"",
[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.WebServerHost.Metadata.AWS::CloudFormation::Init\n",
"action=/opt/aws/bin/cfn-init -s ",
{
"Ref": "AWS::StackId"
},
" -r WebServerHost ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n",
"runas=root\n"
]
]
}
}
},
"services": {
"sysvinit": {
"httpd": {
"enabled": "true",
"ensureRunning": "true"
},
"sendmail": {
"enabled": "false",
"ensureRunning": "false"
}
}
}
}
}
},
"CreationPolicy": {
"ResourceSignal": {
"Timeout": "PT5M"
}
},
"Properties": {
"ImageId": {
"Fn::FindInMap": [
"RegionMap",
{
"Ref": "AWS::Region"
},
"AMI"
]
},
"KeyName": {
"Ref": "KeyName"
},
"InstanceType": "t1.micro",
"SecurityGroups": [
{
"Ref": "WebServerSecurityGroup"
}
],
"IamInstanceProfile": {
"Ref": "LogRoleInstanceProfile"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash -xe\n",
"# Get the latest CloudFormation package\n",
"yum install -y aws-cfn-bootstrap\n",
"# Start cfn-init\n",
"/opt/aws/bin/cfn-init -s ",
{
"Ref": "AWS::StackId"
},
" -r WebServerHost ",
" --region ",
{
"Ref": "AWS::Region"
},
" || error_exit 'Failed to run cfn-init'\n",
"# Start up the cfn-hup daemon to listen for changes to the EC2 instance metadata\n",
"/opt/aws/bin/cfn-hup || error_exit 'Failed to start cfn-hup'\n",
"# Get the CloudWatch Logs agent\n",
"wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py\n",
"# Install the CloudWatch Logs agent\n",
"python awslogs-agent-setup.py -n -r ",
{
"Ref": "AWS::Region"
},
" -c /tmp/cwlogs/apacheaccess.conf || error_exit 'Failed to run CloudWatch Logs agent setup'\n",
"# All done so signal success\n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource WebServerHost ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
}
}
},
"WebServerLogGroup": {
"Type": "AWS::Logs::LogGroup",
"Properties": {
"RetentionInDays": 7
}
},
"404MetricFilter": {
"Type": "AWS::Logs::MetricFilter",
"Properties": {
"LogGroupName": {
"Ref": "WebServerLogGroup"
},
"FilterPattern": "[ip, identity, user_id, timestamp, request, status_code = 404, size, ...]",
"MetricTransformations": [
{
"MetricValue": "1",
"MetricNamespace": "test/404s",
"MetricName": "test404Count"
}
]
}
},
"BytesTransferredMetricFilter": {
"Type": "AWS::Logs::MetricFilter",
"Properties": {
"LogGroupName": {
"Ref": "WebServerLogGroup"
},
"FilterPattern": "[ip, identity, user_id, timestamp, request, status_code, size, ...]",
"MetricTransformations": [
{
"MetricValue": "$size",
"MetricNamespace": "test/BytesTransferred",
"MetricName": "testBytesTransferred"
}
]
}
},
"404Alarm": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"AlarmDescription": "The number of 404s is greater than 2 over 2 minutes",
"MetricName": "test404Count",
"Namespace": "test/404s",
"Statistic": "Sum",
"Period": "60",
"EvaluationPeriods": "2",
"Threshold": "2",
"AlarmActions": [
{
"Ref": "AlarmNotificationTopic"
}
],
"ComparisonOperator": "GreaterThanThreshold"
}
},
"BandwidthAlarm": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"AlarmDescription": "The average volume of traffic is greater 3500 KB over 10 minutes",
"MetricName": "testBytesTransferred",
"Namespace": "test/BytesTransferred",
"Statistic": "Average",
"Period": "300",
"EvaluationPeriods": "2",
"Threshold": "3500",
"AlarmActions": [
{
"Ref": "AlarmNotificationTopic"
}
],
"ComparisonOperator": "GreaterThanThreshold"
}
},
"AlarmNotificationTopic": {
"Type": "AWS::SNS::Topic",
"Properties": {
"Subscription": [
{
"Endpoint": {
"Ref": "OperatorEmail"
},
"Protocol": "email"
}
]
}
}
},
"Outputs": {
"InstanceId": {
"Description": "The instance ID of the web server",
"Value": {
"Ref": "WebServerHost"
}
},
"WebsiteURL": {
"Value": {
"Fn::Join": [
"",
[
"http://",
{
"Fn::GetAtt": [
"WebServerHost",
"PublicDnsName"
]
}
]
]
},
"Description": "URL for newly created LAMP stack"
},
"PublicIP": {
"Description": "Public IP address of the web server",
"Value": {
"Fn::GetAtt": [
"WebServerHost",
"PublicIp"
]
}
},
"CloudWatchLogGroupName": {
"Description": "The name of the CloudWatch log group",
"Value": {
"Ref": "WebServerLogGroup"
}
}
}
}YAML
AWSTemplateFormatVersion: 2010-09-09
Description: AWS CloudFormation Sample Template for CloudWatch Logs.
Parameters:
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
Type: 'AWS::EC2::KeyPair::KeyName'
ConstraintDescription: must be the name of an existing EC2 KeyPair.
SSHLocation:
Description: The IP address range that can be used to SSH to the EC2 instances
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
OperatorEmail:
Description: Email address to notify if there are any scaling operations
Type: String
Mappings:
RegionMap:
us-east-1:
AMI: ami-0ff8a91507f77f867
us-west-1:
AMI: ami-0bdb828fd58c52235
us-west-2:
AMI: ami-a0cfeed8
eu-west-1:
AMI: ami-047bb4163c506cd98
ap-southeast-1:
AMI: ami-08569b978cc4dfa10
ap-southeast-2:
AMI: ami-09b42976632b27e9b
ap-northeast-1:
AMI: ami-06cd52961ce9f0d85
sa-east-1:
AMI: ami-07b14488da8ea02a0
eu-central-1:
AMI: ami-0233214e13e500f77
Resources:
LogRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName: LogRolePolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'logs:Create*'
- 'logs:PutLogEvents'
- 's3:GetObject'
Resource:
- 'arn:aws:logs:*:*:*'
- 'arn:aws:s3:::*'
LogRoleInstanceProfile:
Type: 'AWS::IAM::InstanceProfile'
Properties:
Path: /
Roles:
- !Ref LogRole
WebServerSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enable HTTP access via port 80 and SSH access via port 22
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref SSHLocation
WebServerHost:
Type: 'AWS::EC2::Instance'
Metadata:
Comment: Install a simple PHP application
'AWS::CloudFormation::Init':
config:
packages:
yum:
httpd: []
php: []
files:
/tmp/cwlogs/apacheaccess.conf:
content: !Join
- ''
- - |
[general]
- |
state_file= /var/awslogs/agent-state
- |
[/var/log/httpd/access_log]
- |
file = /var/log/httpd/access_log
- 'log_group_name = '
- !Ref WebServerLogGroup
- |+
- |
log_stream_name = {instance_id}/apache.log
- 'datetime_format = %d/%b/%Y:%H:%M:%S'
mode: '000400'
owner: apache
group: apache
/var/www/html/index.php:
content: !Join
- ''
- - |
<?php
- |
echo '<h1>AWS CloudFormation sample PHP application</h1>';
- |
?>
mode: '000644'
owner: apache
group: apache
/etc/cfn/cfn-hup.conf:
content: !Join
- ''
- - |
[main]
- stack=
- !Ref 'AWS::StackId'
- |+
- region=
- !Ref 'AWS::Region'
- |+
mode: '000400'
owner: root
group: root
/etc/cfn/hooks.d/cfn-auto-reloader.conf:
content: !Join
- ''
- - |
[cfn-auto-reloader-hook]
- |
triggers=post.update
- >
path=Resources.WebServerHost.Metadata.AWS::CloudFormation::Init
- 'action=/opt/aws/bin/cfn-init -s '
- !Ref 'AWS::StackId'
- ' -r WebServerHost '
- ' --region '
- !Ref 'AWS::Region'
- |+
- |
runas=root
services:
sysvinit:
httpd:
enabled: 'true'
ensureRunning: 'true'
sendmail:
enabled: 'false'
ensureRunning: 'false'
CreationPolicy:
ResourceSignal:
Timeout: PT5M
Properties:
ImageId: !FindInMap
- RegionMap
- !Ref 'AWS::Region'
- AMI
KeyName: !Ref KeyName
InstanceType: t1.micro
SecurityGroups:
- !Ref WebServerSecurityGroup
IamInstanceProfile: !Ref LogRoleInstanceProfile
UserData: !Base64
'Fn::Join':
- ''
- - |
#!/bin/bash -xe
- |
# Get the latest CloudFormation package
- |
yum install -y aws-cfn-bootstrap
- |
# Start cfn-init
- '/opt/aws/bin/cfn-init -s '
- !Ref 'AWS::StackId'
- ' -r WebServerHost '
- ' --region '
- !Ref 'AWS::Region'
- |2
|| error_exit 'Failed to run cfn-init'
- >
# Start up the cfn-hup daemon to listen for changes to the EC2
instance metadata
- |
/opt/aws/bin/cfn-hup || error_exit 'Failed to start cfn-hup'
- |
# Get the CloudWatch Logs agent
- >
wget
https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py
- |
# Install the CloudWatch Logs agent
- 'python awslogs-agent-setup.py -n -r '
- !Ref 'AWS::Region'
- |2
-c /tmp/cwlogs/apacheaccess.conf || error_exit 'Failed to run CloudWatch Logs agent setup'
- |
# All done so signal success
- '/opt/aws/bin/cfn-signal -e $? '
- ' --stack '
- !Ref 'AWS::StackName'
- ' --resource WebServerHost '
- ' --region '
- !Ref 'AWS::Region'
- |+
WebServerLogGroup:
Type: 'AWS::Logs::LogGroup'
Properties:
RetentionInDays: 7
404MetricFilter:
Type: 'AWS::Logs::MetricFilter'
Properties:
LogGroupName: !Ref WebServerLogGroup
FilterPattern: >-
[ip, identity, user_id, timestamp, request, status_code = 404, size,
...]
MetricTransformations:
- MetricValue: '1'
MetricNamespace: test/404s
MetricName: test404Count
BytesTransferredMetricFilter:
Type: 'AWS::Logs::MetricFilter'
Properties:
LogGroupName: !Ref WebServerLogGroup
FilterPattern: '[ip, identity, user_id, timestamp, request, status_code, size, ...]'
MetricTransformations:
- MetricValue: $size
MetricNamespace: test/BytesTransferred
MetricName: testBytesTransferred
404Alarm:
Type: 'AWS::CloudWatch::Alarm'
Properties:
AlarmDescription: The number of 404s is greater than 2 over 2 minutes
MetricName: test404Count
Namespace: test/404s
Statistic: Sum
Period: '60'
EvaluationPeriods: '2'
Threshold: '2'
AlarmActions:
- !Ref AlarmNotificationTopic
ComparisonOperator: GreaterThanThreshold
BandwidthAlarm:
Type: 'AWS::CloudWatch::Alarm'
Properties:
AlarmDescription: The average volume of traffic is greater 3500 KB over 10 minutes
MetricName: testBytesTransferred
Namespace: test/BytesTransferred
Statistic: Average
Period: '300'
EvaluationPeriods: '2'
Threshold: '3500'
AlarmActions:
- !Ref AlarmNotificationTopic
ComparisonOperator: GreaterThanThreshold
AlarmNotificationTopic:
Type: 'AWS::SNS::Topic'
Properties:
Subscription:
- Endpoint: !Ref OperatorEmail
Protocol: email
Outputs:
InstanceId:
Description: The instance ID of the web server
Value: !Ref WebServerHost
WebsiteURL:
Value: !Join
- ''
- - 'http://'
- !GetAtt
- WebServerHost
- PublicDnsName
Description: URL for newly created LAMP stack
PublicIP:
Description: Public IP address of the web server
Value: !GetAtt
- WebServerHost
- PublicIp
CloudWatchLogGroupName:
Description: The name of the CloudWatch log group
Value: !Ref WebServerLogGroup
從 Windows 執行個體傳送日誌到 CloudWatch Logs
以下範本會設定 CloudWatch Logs 以適用於 Windows 2012R2 執行個體。
Windows 上的 CloudWatch Logs 代理程式 (Windows 2012R2 和 Windows 2016 AMI 上的 SSM 代理程式) 只會傳送啟動之後的日誌,因此啟動之前產生的任何日誌都不會傳送。若要解決此問題,此範本可協助確保在代理程式啟動之後,才會寫入任何日誌:
-
將代理程式的設定,設定為 cfn-init
config中的第一個configSets項目。 -
使用
waitAfterCompletion在啟動代理程式的命令之後插入一個暫停。
JSON
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Sample template that sets up and configures CloudWatch logs on Windows 2012R2 instance instance.",
"Parameters": {
"KeyPair": {
"Description": "Name of an existing EC2 KeyPair to enable RDP access to the instances",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription": "must be the name of an existing EC2 KeyPair."
},
"RDPLocation": {
"Description": "The IP address range that can be used to RDP to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
},
"OperatorEmail": {
"Description": "Email address to notify if there are any scaling operations",
"Type": "String"
}
},
"Mappings": {
"AWSAMIRegionMap": {
"ap-northeast-1": {
"WS2012R2": "ami-09e7006451ad8bf4d"
},
"ap-northeast-2": {
"WS2012R2": "ami-0754980e4d02153f9"
},
"ap-south-1": {
"WS2012R2": "ami-00ad91b37d56c1d08"
},
"ap-southeast-1": {
"WS2012R2": "ami-09e7006451ad8bf4d"
},
"ap-southeast-2": {
"WS2012R2": "ami-000d23d3067008aea"
},
"ca-central-1": {
"WS2012R2": "ami-0d8e70862465b9da0"
},
"eu-central-1": {
"WS2012R2": "ami-0c0f322f5676ba254"
},
"eu-west-1": {
"WS2012R2": "ami-0a46adf18f8875ad6"
},
"eu-west-2": {
"WS2012R2": "ami-0651428174d9438e9"
},
"sa-east-1": {
"WS2012R2": "ami-08ebd138109a6c223"
},
"us-east-1": {
"WS2012R2": "ami-0ef6fb504535468b2"
},
"us-east-2": {
"WS2012R2": "ami-0f466c6044f510bd3"
},
"us-west-1": {
"WS2012R2": "ami-026f68ef6465e6c09"
},
"us-west-2": {
"WS2012R2": "ami-0274ca53943a86543"
}
}
},
"Resources": {
"WebServerSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable HTTP access via port 80 and RDP access via port 3389",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "3389",
"ToPort": "3389",
"CidrIp": {
"Ref": "RDPLocation"
}
}
]
}
},
"LogRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
],
"Path": "/",
"Policies": [
{
"PolicyName": "LogRolePolicy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:Create*",
"logs:PutLogEvents",
"s3:GetObject"
],
"Resource": [
"arn:aws:logs:*:*:*",
"arn:aws:s3:::*"
]
}
]
}
}
]
}
},
"LogRoleInstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [
{
"Ref": "LogRole"
}
]
}
},
"WebServerHost": {
"Type": "AWS::EC2::Instance",
"CreationPolicy": {
"ResourceSignal": {
"Timeout": "PT15M"
}
},
"Metadata": {
"AWS::CloudFormation::Init": {
"configSets": {
"config": [
"00-ConfigureCWLogs",
"01-InstallWebServer",
"02-ConfigureApplication",
"03-Finalize"
]
},
"00-ConfigureCWLogs": {
"files": {
"C:\\Program Files\\Amazon\\SSM\\Plugins\\awsCloudWatch\\AWS.EC2.Windows.CloudWatch.json": {
"content": {
"Fn::Sub": "{\n \"EngineConfiguration\": {\n \"Components\": [\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"ApplicationEventLog\",\n \"Parameters\": {\n \"Levels\": \"7\",\n \"LogName\": \"Application\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"SystemEventLog\",\n \"Parameters\": {\n \"Levels\": \"7\",\n \"LogName\": \"System\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"SecurityEventLog\",\n \"Parameters\": {\n \"Levels\": \"7\",\n \"LogName\": \"Security\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"EC2ConfigLog\",\n \"Parameters\": {\n \"CultureName\": \"en-US\",\n \"Encoding\": \"ASCII\",\n \"Filter\": \"EC2ConfigLog.txt\",\n \"LogDirectoryPath\": \"C:\\\\Program Files\\\\Amazon\\\\Ec2ConfigService\\\\Logs\",\n \"TimeZoneKind\": \"UTC\",\n \"TimestampFormat\": \"yyyy-MM-ddTHH:mm:ss.fffZ:\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CfnInitLog\",\n \"Parameters\": {\n \"CultureName\": \"en-US\",\n \"Encoding\": \"ASCII\",\n \"Filter\": \"cfn-init.log\",\n \"LogDirectoryPath\": \"C:\\\\cfn\\\\log\",\n \"TimeZoneKind\": \"Local\",\n \"TimestampFormat\": \"yyyy-MM-dd HH:mm:ss,fff\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"IISLogs\",\n \"Parameters\": {\n \"CultureName\": \"en-US\",\n \"Encoding\": \"UTF-8\",\n \"Filter\": \"\",\n \"LineCount\": \"3\",\n \"LogDirectoryPath\": \"C:\\\\inetpub\\\\logs\\\\LogFiles\\\\W3SVC1\",\n \"TimeZoneKind\": \"UTC\",\n \"TimestampFormat\": \"yyyy-MM-dd HH:mm:ss\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"MemoryPerformanceCounter\",\n \"Parameters\": {\n \"CategoryName\": \"Memory\",\n \"CounterName\": \"Available MBytes\",\n \"DimensionName\": \"\",\n \"DimensionValue\": \"\",\n \"InstanceName\": \"\",\n \"MetricName\": \"Memory\",\n \"Unit\": \"Megabytes\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchApplicationEventLog\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/ApplicationEventLog\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchSystemEventLog\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/SystemEventLog\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchSecurityEventLog\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/SecurityEventLog\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchEC2ConfigLog\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/EC2ConfigLog\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchCfnInitLog\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/CfnInitLog\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchIISLogs\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/IISLogs\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatch.CloudWatchOutputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatch\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"NameSpace\": \"Windows/Default\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n }\n ],\n \"Flows\": {\n \"Flows\": [\n \"ApplicationEventLog,CloudWatchApplicationEventLog\",\n \"SystemEventLog,CloudWatchSystemEventLog\",\n \"SecurityEventLog,CloudWatchSecurityEventLog\",\n \"EC2ConfigLog,CloudWatchEC2ConfigLog\",\n \"CfnInitLog,CloudWatchCfnInitLog\",\n \"IISLogs,CloudWatchIISLogs\",\n \"MemoryPerformanceCounter,CloudWatch\"\n ]\n },\n \"PollInterval\": \"00:00:05\"\n },\n \"IsEnabled\": true\n}\n"
}
}
},
"commands": {
"0-enableSSM": {
"command": "powershell.exe -Command \"Set-Service -Name AmazonSSMAgent -StartupType Automatic\" ",
"waitAfterCompletion": "0"
},
"1-restartSSM": {
"command": "powershell.exe -Command \"Restart-Service AmazonSSMAgent \"",
"waitAfterCompletion": "30"
}
}
},
"01-InstallWebServer": {
"commands": {
"01_install_webserver": {
"command": "powershell.exe -Command \"Install-WindowsFeature Web-Server -IncludeAllSubFeature\"",
"waitAfterCompletion": "0"
}
}
},
"02-ConfigureApplication": {
"files": {
"c:\\Inetpub\\wwwroot\\index.htm": {
"content": "<html> <head> <title>Test Application Page</title> </head> <body> <h1>Congratulations !! Your IIS server is configured.</h1> </body> </html>"
}
}
},
"03-Finalize": {
"commands": {
"00_signal_success": {
"command": {
"Fn::Sub": "cfn-signal.exe -e 0 --resource WebServerHost --stack ${AWS::StackName} --region ${AWS::Region}"
},
"waitAfterCompletion": "0"
}
}
}
}
},
"Properties": {
"KeyName": {
"Ref": "KeyPair"
},
"ImageId": {
"Fn::FindInMap": [
"AWSAMIRegionMap",
{
"Ref": "AWS::Region"
},
"WS2012R2"
]
},
"InstanceType": "t2.xlarge",
"SecurityGroupIds": [
{
"Ref": "WebServerSecurityGroup"
}
],
"IamInstanceProfile": {
"Ref": "LogRoleInstanceProfile"
},
"UserData": {
"Fn::Base64": {
"Fn::Sub": "<script>\nwmic product where \"description='Amazon SSM Agent' \" uninstall\nwmic product where \"description='aws-cfn-bootstrap' \" uninstall \nstart /wait c:\\\\Windows\\\\system32\\\\msiexec /passive /qn /i https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-win64-latest.msi\npowershell.exe -Command \"iwr https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe -UseBasicParsing -OutFile C:\\\\AmazonSSMAgentSetup.exe\"\nstart /wait C:\\\\AmazonSSMAgentSetup.exe /install /quiet\ncfn-init.exe -v -c config -s ${AWS::StackName} --resource WebServerHost --region ${AWS::Region} \n</script>\n"
}
}
}
},
"LogGroup": {
"Type": "AWS::Logs::LogGroup",
"Properties": {
"RetentionInDays": 7
}
},
"404MetricFilter": {
"Type": "AWS::Logs::MetricFilter",
"Properties": {
"LogGroupName": {
"Ref": "LogGroup"
},
"FilterPattern": "[timestamps, serverip, method, uri, query, port, dash, clientip, useragent, status_code = 404, ...]",
"MetricTransformations": [
{
"MetricValue": "1",
"MetricNamespace": "test/404s",
"MetricName": "test404Count"
}
]
}
},
"404Alarm": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"AlarmDescription": "The number of 404s is greater than 2 over 2 minutes",
"MetricName": "test404Count",
"Namespace": "test/404s",
"Statistic": "Sum",
"Period": "60",
"EvaluationPeriods": "2",
"Threshold": "2",
"AlarmActions": [
{
"Ref": "AlarmNotificationTopic"
}
],
"ComparisonOperator": "GreaterThanThreshold"
}
},
"AlarmNotificationTopic": {
"Type": "AWS::SNS::Topic",
"Properties": {
"Subscription": [
{
"Endpoint": {
"Ref": "OperatorEmail"
},
"Protocol": "email"
}
]
}
}
},
"Outputs": {
"InstanceId": {
"Description": "The instance ID of the web server",
"Value": {
"Ref": "WebServerHost"
}
},
"WebsiteURL": {
"Value": {
"Fn::Sub": "http://${WebServerHost.PublicDnsName}"
},
"Description": "URL for newly created IIS web server"
},
"PublicIP": {
"Description": "Public IP address of the web server",
"Value": {
"Fn::GetAtt": [
"WebServerHost",
"PublicIp"
]
}
},
"CloudWatchLogGroupName": {
"Description": "The name of the CloudWatch log group",
"Value": {
"Ref": "LogGroup"
}
}
}
}YAML
AWSTemplateFormatVersion: 2010-09-09
Description: >-
Sample template that sets up and configures CloudWatch logs on Windows 2012R2
instance instance.
Parameters:
KeyPair:
Description: Name of an existing EC2 KeyPair to enable RDP access to the instances
Type: 'AWS::EC2::KeyPair::KeyName'
ConstraintDescription: must be the name of an existing EC2 KeyPair.
RDPLocation:
Description: The IP address range that can be used to RDP to the EC2 instances
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
OperatorEmail:
Description: Email address to notify if there are any scaling operations
Type: String
Mappings:
AWSAMIRegionMap:
ap-northeast-1:
WS2012R2: ami-09e7006451ad8bf4d
ap-northeast-2:
WS2012R2: ami-0754980e4d02153f9
ap-south-1:
WS2012R2: ami-00ad91b37d56c1d08
ap-southeast-1:
WS2012R2: ami-09e7006451ad8bf4d
ap-southeast-2:
WS2012R2: ami-000d23d3067008aea
ca-central-1:
WS2012R2: ami-0d8e70862465b9da0
eu-central-1:
WS2012R2: ami-0c0f322f5676ba254
eu-west-1:
WS2012R2: ami-0a46adf18f8875ad6
eu-west-2:
WS2012R2: ami-0651428174d9438e9
sa-east-1:
WS2012R2: ami-08ebd138109a6c223
us-east-1:
WS2012R2: ami-0ef6fb504535468b2
us-east-2:
WS2012R2: ami-0f466c6044f510bd3
us-west-1:
WS2012R2: ami-026f68ef6465e6c09
us-west-2:
WS2012R2: ami-0274ca53943a86543
Resources:
WebServerSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enable HTTP access via port 80 and RDP access via port 3389
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '3389'
ToPort: '3389'
CidrIp: !Ref RDPLocation
LogRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore'
Path: /
Policies:
- PolicyName: LogRolePolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'logs:Create*'
- 'logs:PutLogEvents'
- 's3:GetObject'
Resource:
- 'arn:aws:logs:*:*:*'
- 'arn:aws:s3:::*'
LogRoleInstanceProfile:
Type: 'AWS::IAM::InstanceProfile'
Properties:
Path: /
Roles:
- !Ref LogRole
WebServerHost:
Type: 'AWS::EC2::Instance'
CreationPolicy:
ResourceSignal:
Timeout: PT15M
Metadata:
'AWS::CloudFormation::Init':
configSets:
config:
- 00-ConfigureCWLogs
- 01-InstallWebServer
- 02-ConfigureApplication
- 03-Finalize
00-ConfigureCWLogs:
files:
'C:\Program Files\Amazon\SSM\Plugins\awsCloudWatch\AWS.EC2.Windows.CloudWatch.json':
content: !Sub |
{
"EngineConfiguration": {
"Components": [
{
"FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "ApplicationEventLog",
"Parameters": {
"Levels": "7",
"LogName": "Application"
}
},
{
"FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "SystemEventLog",
"Parameters": {
"Levels": "7",
"LogName": "System"
}
},
{
"FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "SecurityEventLog",
"Parameters": {
"Levels": "7",
"LogName": "Security"
}
},
{
"FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "EC2ConfigLog",
"Parameters": {
"CultureName": "en-US",
"Encoding": "ASCII",
"Filter": "EC2ConfigLog.txt",
"LogDirectoryPath": "C:\\Program Files\\Amazon\\Ec2ConfigService\\Logs",
"TimeZoneKind": "UTC",
"TimestampFormat": "yyyy-MM-ddTHH:mm:ss.fffZ:"
}
},
{
"FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "CfnInitLog",
"Parameters": {
"CultureName": "en-US",
"Encoding": "ASCII",
"Filter": "cfn-init.log",
"LogDirectoryPath": "C:\\cfn\\log",
"TimeZoneKind": "Local",
"TimestampFormat": "yyyy-MM-dd HH:mm:ss,fff"
}
},
{
"FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "IISLogs",
"Parameters": {
"CultureName": "en-US",
"Encoding": "UTF-8",
"Filter": "",
"LineCount": "3",
"LogDirectoryPath": "C:\\inetpub\\logs\\LogFiles\\W3SVC1",
"TimeZoneKind": "UTC",
"TimestampFormat": "yyyy-MM-dd HH:mm:ss"
}
},
{
"FullName": "AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "MemoryPerformanceCounter",
"Parameters": {
"CategoryName": "Memory",
"CounterName": "Available MBytes",
"DimensionName": "",
"DimensionValue": "",
"InstanceName": "",
"MetricName": "Memory",
"Unit": "Megabytes"
}
},
{
"FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch",
"Id": "CloudWatchApplicationEventLog",
"Parameters": {
"AccessKey": "",
"LogGroup": "${LogGroup}",
"LogStream": "{instance_id}/ApplicationEventLog",
"Region": "${AWS::Region}",
"SecretKey": ""
}
},
{
"FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch",
"Id": "CloudWatchSystemEventLog",
"Parameters": {
"AccessKey": "",
"LogGroup": "${LogGroup}",
"LogStream": "{instance_id}/SystemEventLog",
"Region": "${AWS::Region}",
"SecretKey": ""
}
},
{
"FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch",
"Id": "CloudWatchSecurityEventLog",
"Parameters": {
"AccessKey": "",
"LogGroup": "${LogGroup}",
"LogStream": "{instance_id}/SecurityEventLog",
"Region": "${AWS::Region}",
"SecretKey": ""
}
},
{
"FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch",
"Id": "CloudWatchEC2ConfigLog",
"Parameters": {
"AccessKey": "",
"LogGroup": "${LogGroup}",
"LogStream": "{instance_id}/EC2ConfigLog",
"Region": "${AWS::Region}",
"SecretKey": ""
}
},
{
"FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch",
"Id": "CloudWatchCfnInitLog",
"Parameters": {
"AccessKey": "",
"LogGroup": "${LogGroup}",
"LogStream": "{instance_id}/CfnInitLog",
"Region": "${AWS::Region}",
"SecretKey": ""
}
},
{
"FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch",
"Id": "CloudWatchIISLogs",
"Parameters": {
"AccessKey": "",
"LogGroup": "${LogGroup}",
"LogStream": "{instance_id}/IISLogs",
"Region": "${AWS::Region}",
"SecretKey": ""
}
},
{
"FullName": "AWS.EC2.Windows.CloudWatch.CloudWatch.CloudWatchOutputComponent,AWS.EC2.Windows.CloudWatch",
"Id": "CloudWatch",
"Parameters": {
"AccessKey": "",
"NameSpace": "Windows/Default",
"Region": "${AWS::Region}",
"SecretKey": ""
}
}
],
"Flows": {
"Flows": [
"ApplicationEventLog,CloudWatchApplicationEventLog",
"SystemEventLog,CloudWatchSystemEventLog",
"SecurityEventLog,CloudWatchSecurityEventLog",
"EC2ConfigLog,CloudWatchEC2ConfigLog",
"CfnInitLog,CloudWatchCfnInitLog",
"IISLogs,CloudWatchIISLogs",
"MemoryPerformanceCounter,CloudWatch"
]
},
"PollInterval": "00:00:05"
},
"IsEnabled": true
}
commands:
0-enableSSM:
command: >-
powershell.exe -Command "Set-Service -Name AmazonSSMAgent
-StartupType Automatic"
waitAfterCompletion: '0'
1-restartSSM:
command: powershell.exe -Command "Restart-Service AmazonSSMAgent "
waitAfterCompletion: '30'
01-InstallWebServer:
commands:
01_install_webserver:
command: >-
powershell.exe -Command "Install-WindowsFeature Web-Server
-IncludeAllSubFeature"
waitAfterCompletion: '0'
02-ConfigureApplication:
files:
'c:\Inetpub\wwwroot\index.htm':
content: >-
<html> <head> <title>Test Application Page</title> </head>
<body> <h1>Congratulations !! Your IIS server is
configured.</h1> </body> </html>
03-Finalize:
commands:
00_signal_success:
command: !Sub >-
cfn-signal.exe -e 0 --resource WebServerHost --stack
${AWS::StackName} --region ${AWS::Region}
waitAfterCompletion: '0'
Properties:
KeyName: !Ref KeyPair
ImageId: !FindInMap
- AWSAMIRegionMap
- !Ref 'AWS::Region'
- WS2012R2
InstanceType: t2.xlarge
SecurityGroupIds:
- !Ref WebServerSecurityGroup
IamInstanceProfile: !Ref LogRoleInstanceProfile
UserData: !Base64
'Fn::Sub': >
<script>
wmic product where "description='Amazon SSM Agent' " uninstall
wmic product where "description='aws-cfn-bootstrap' " uninstall
start /wait c:\\Windows\\system32\\msiexec /passive /qn /i
https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-win64-latest.msi
powershell.exe -Command "iwr
https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe
-UseBasicParsing -OutFile C:\\AmazonSSMAgentSetup.exe"
start /wait C:\\AmazonSSMAgentSetup.exe /install /quiet
cfn-init.exe -v -c config -s ${AWS::StackName} --resource
WebServerHost --region ${AWS::Region}
</script>
LogGroup:
Type: 'AWS::Logs::LogGroup'
Properties:
RetentionInDays: 7
404MetricFilter:
Type: 'AWS::Logs::MetricFilter'
Properties:
LogGroupName: !Ref LogGroup
FilterPattern: >-
[timestamps, serverip, method, uri, query, port, dash, clientip,
useragent, status_code = 404, ...]
MetricTransformations:
- MetricValue: '1'
MetricNamespace: test/404s
MetricName: test404Count
404Alarm:
Type: 'AWS::CloudWatch::Alarm'
Properties:
AlarmDescription: The number of 404s is greater than 2 over 2 minutes
MetricName: test404Count
Namespace: test/404s
Statistic: Sum
Period: '60'
EvaluationPeriods: '2'
Threshold: '2'
AlarmActions:
- !Ref AlarmNotificationTopic
ComparisonOperator: GreaterThanThreshold
AlarmNotificationTopic:
Type: 'AWS::SNS::Topic'
Properties:
Subscription:
- Endpoint: !Ref OperatorEmail
Protocol: email
Outputs:
InstanceId:
Description: The instance ID of the web server
Value: !Ref WebServerHost
WebsiteURL:
Value: !Sub 'http://${WebServerHost.PublicDnsName}'
Description: URL for newly created IIS web server
PublicIP:
Description: Public IP address of the web server
Value: !GetAtt
- WebServerHost
- PublicIp
CloudWatchLogGroupName:
Description: The name of the CloudWatch log group
Value: !Ref LogGroup
另請參閱
如需有關 CloudWatch Logs 資源的詳細資訊,請參閱 AWS::Logs::LogGroup 或 AWS::Logs::MetricFilter。
