Amazon Web Service's (AWS) CloudWatch is a great cloud service to monitor your AWS services. If you're using CloudWatch to monitor Amazon Elastic Compute Cloud (EC2) instances, like many other computer-monitoring services, it has a software agent you must install on any EC2 instance you'd like to monitor.

In this article, we're going to cover how to install, configure, and test the CloudWatch agent in the shortest time possible. First, you'll need an AWS account and a running EC2 instance to try this. If you've got these items covered, that's about all you need!

You first need to set up an Identity and Access Management (IAM) role for your EC2 instances if you don't have one already. To do this, I'll log into my AWS account, go to my IAM services, click on Roles on the left side and then on Create role. Once here, I'll then choose EC2.

Creating an IAM role

Creating an IAM role

I will then follow the remaining step-by-step instructions in the AWS documentation Create IAM roles to use with CloudWatch agent on Amazon EC2 instances.

Once I've created the IAM role, I then need to attach it to my EC2 instance by browsing to my EC2 instances, selecting one, and then selecting Actions –> Instance Settings –> Attach/Replace IAM Role.

Attaching an IAM role

Attaching an IAM role

I'll then choose the IAM role I just created.

After I've created and attached the IAM role, I then need to download and install the CloudWatch agent on the EC2 instance. To do this, I'll RDP to my EC2 instance and open up a PowerShell console. PowerShell has a command called Invoke-WebRequest I can use to download the agent zip file from AWS as shown below.

$parameters = @{
    Uri = ''
    OutFile = "$env:TEMP\"
Invoke-WebRequest @parameter

Once I've downloaded the agent installer zip file, I then need to expand it to create the AmazonCloudWatchAgent folder.

Expand-Archive -Path "$env:TEMP\" -DestinationPath "$env:TEMP\AmazonCloudWatchAgent"

I'll then set the current directory to the agent installer folder and run the provided install.ps1 script.

Set-Location -Path "$env:TEMP\AmazonCloudWatchAgent"

Next I have to create the CloudWatch agent configuration file. I can do this by going into the AmazonCloudWatchAgent folder the installer created and running the amazon-cloudwatch-agent-config-wizard tool. For more information about this configuration, you can check out the AWS docs.

This will walk you through a long list of questions asking you how you'd like to configure the agent.

Set-Location -Path 'C:\Program Files\Amazon\AmazonCloudWatchAgent\'

Configuring the CloudWatch agent

Configuring the CloudWatch agent

After finishing the configuration, you can then start the CloudWatch agent service by using the amazon-cloudwatch-agent-ctl.ps1 script located in the Program Files agent folder. The command below sends the configuration you just created up to CloudWatch and starts the agent.

Subscribe to 4sysops newsletter!

PS> .\amazon-cloudwatch-agent-ctl.ps1 -a fetch-config -m ec2 -c file:'C:\Program Files\Amazon\AmazonCloudWatchAgent\config.json' -s
Start configuration validation...
Valid Json input schema.
Configuration validation first phase succeeded
Configuration validation second phase succeeded
Configuration validation succeeded

Once the agent starts, you can now check out the CloudWatch console in AWS where you'll hopefully see your EC2 instance has checked in and is sending data to CloudWatch.

  1. Ameer 4 years ago

    Hi Dear,

    how can i fixed  this error


    Got Home directory: C:\Users\Administrator

    I! Set home dir windows: C:\Users\Administrator

    I! SDKRegionWithCredsMap region: Unable to determine aws-region.

    Please make sure the credentials and region set correctly on your hosts.

    Refer to

    Fail to fetch the config!


    failed to run commands: exit status 1

  2. arda 4 years ago

    I have encountered "fail to fetch the config" error and it gives me "unable to determine aws-region" error.

    May you tell the how to solve problem . It is very urgent issue.

  3. arda 4 years ago


    This problem is  related to "Windows 2016 EC2Launch cannot find meta data". You have to overcome route problem by using below described link. You can add script and you can run this script in powershell. After that, problem will be solved.

  4. Adrian 4 years ago

    How to set http proxy. Our servers require proxy settings to hit cloudwatch


Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account