Install the AWS CloudWatch agent on Windows

• Author
• Recent Posts

Adam Bertram

Adam Bertram is a 20-year IT veteran, Microsoft MVP, blogger, and trainer.

Latest posts by Adam Bertram (see all)

• Create a certificate-signed RDP shortcut via Group Policy - Fri, Aug 9 2019
• Monitor web server uptime with a PowerShell script - Tue, Aug 6 2019
• How to build a PowerShell inventory script for Windows Servers - Fri, Aug 2 2019

In this article, we're going to cover how to install, configure, and test the CloudWatch agent in the shortest time possible. First, you'll need an AWS account and a running EC2 instance to try this. If you've got these items covered, that's about all you need!

You first need to set up an Identity and Access Management (IAM) role for your EC2 instances if you don't have one already. To do this, I'll log into my AWS account, go to my IAM services, click on Roles on the left side and then on Create role. Once here, I'll then choose EC2.

Creating an IAM role

I will then follow the remaining step-by-step instructions in the AWS documentation Create IAM roles to use with CloudWatch agent on Amazon EC2 instances.

Once I've created the IAM role, I then need to attach it to my EC2 instance by browsing to my EC2 instances, selecting one, and then selecting Actions –> Instance Settings –> Attach/Replace IAM Role.

Attaching an IAM role

I'll then choose the IAM role I just created.

After I've created and attached the IAM role, I then need to download and install the CloudWatch agent on the EC2 instance. To do this, I'll RDP to my EC2 instance and open up a PowerShell console. PowerShell has a command called Invoke-WebRequest I can use to download the agent zip file from AWS as shown below.

$parameters = @{
    Uri = 'https://s3.amazonaws.com/amazoncloudwatch-agent/windows/amd64/latest/AmazonCloudWatchAgent.zip'
    OutFile = "$env:TEMP\AmazonCloudWatchAgent.zip"
}
Invoke-WebRequest @parameter

Once I've downloaded the agent installer zip file, I then need to expand it to create the AmazonCloudWatchAgent folder.

Expand-Archive -Path "$env:TEMP\AmazonCloudWatchAgent.zip" -DestinationPath "$env:TEMP\AmazonCloudWatchAgent"

I'll then set the current directory to the agent installer folder and run the provided install.ps1 script.

Set-Location -Path "$env:TEMP\AmazonCloudWatchAgent"
.\install.ps1

Next I have to create the CloudWatch agent configuration file. I can do this by going into the AmazonCloudWatchAgent folder the installer created and running the amazon-cloudwatch-agent-config-wizard tool. For more information about this configuration, you can check out the AWS docs.

This will walk you through a long list of questions asking you how you'd like to configure the agent.

Set-Location -Path 'C:\Program Files\Amazon\AmazonCloudWatchAgent\'

.\amazon-cloudwatch-agent-config-wizard.exe

Configuring the CloudWatch agent

After finishing the configuration, you can then start the CloudWatch agent service by using the amazon-cloudwatch-agent-ctl.ps1 script located in the Program Files agent folder. The command below sends the configuration you just created up to CloudWatch and starts the agent.

PS> .\amazon-cloudwatch-agent-ctl.ps1 -a fetch-config -m ec2 -c file:'C:\Program Files\Amazon\AmazonCloudWatchAgent\config.json' -s
Start configuration validation...
Valid Json input schema.
Configuration validation first phase succeeded
Configuration validation second phase succeeded
Configuration validation succeeded

Once the agent starts, you can now check out the CloudWatch console in AWS where you'll hopefully see your EC2 instance has checked in and is sending data to CloudWatch.