Confusion aws cloudwatch old agent vs unified cloudwatch agent - amazon-web-services

I was going through the AWS cloudwatch documentation for Cloudwatch agents.
So I came across the documentation which says:
Unified Cloud watch agent is recommended and it has support across all operating systems.
But for old Cloud watch agent(on the path to deprecation) documentation mentions that "it supports the collection of logs from only servers running Linux".
But when I went ahead in documentation in next section (for Old cloudwatch agent):
Documentation mentions that "Using the CloudWatch Logs agent, you can publish log data from Amazon EC2 instances running Linux or Windows Server, and logged events from AWS CloudTrail. We recommend instead using the CloudWatch unified agent to publish your log data."
So I am confused regarding whether the old cloudwatch agent supports EC2 instances running Windows server or not?
Is there anything I am overlooking?
Or is it just a documentation error from AWS side?
Edit:
Getting Started with CloudWatch Logs- This link mentions: Old cloudwatch agent supports the collection of logs from only servers running Linux.
Using old cloudwatch agent - This link mentions: Using the CloudWatch Logs agent, you can publish log data from Amazon EC2 instances running Linux or Windows Server, and logged events from AWS CloudTrail

If you check the next section of "Using old cloudwatch agent", it listed the CloudWatch Logs agent prerequisites, it doesn't include windows server.
Amazon Linux version 2014.03.02 or later. Amazon Linux 2 is not supported
Ubuntu Server version 12.04, 14.04, or 16.04
CentOS version 6, 6.3, 6.4, 6.5, or 7.0
Red Hat Enterprise Linux (RHEL) version 6.5 or 7.0
Debian 8.0
However, from the following URL it is clear that you can use cloudwatch logs (old cloudwatch agent) for windows server.
So, I believe cloudwatch logs (old cloudwatch agent) supports windows server.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartWindows2016.html

Just was having some similar doubt.
The old cloudwatch logs is going to be deprecated
[...] Recommended – The unified CloudWatch agent. It enables you to collect both logs and advanced metrics with one agent. It offers support across operating systems, including servers running Windows Server. [...]
And the old one as you say, it does not support collecting metrics from windows servers:
[...] The older CloudWatch Logs agent, which supports the collection of logs from only servers running Linux. [...]
Source: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_GettingStarted.html

Related

Find what is making EC2 IMDSv1 calls on Windows Servers

I'm trying to get all our instances (all Windows based) upgraded to IMDSv2 and have been following the advice found here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html#instance-metadata-transition-to-version-2 and using CloudWatch to find instances making MetadataNoToken calls (i.e. using IMDSv1).
I've found several instances using IMDSv1 this way, but I can't work out how to find out what is making the calls from with the OS.
According to CloudWatch each server is making one call per minute to the IMDSv1 service.
The support article mentions upgrading any AWS SDKs or CLI tools, but the servers in question don't have seem to have any SDKs or CLI tools installed.
Each instance has the following AWS published tools installed on them:
Amazon SSM Agent
Amazon CloudWatch Agent
AWS Tools for Windows
EC2ConfigService
AWS PV Drivers
aws-cfn-bootstrap
I've updated the Amazon SSM Agent and the Amazon CloudWatch Agent to the latest versions. But I can't find any information about how to update the AWS Tools for Windows package.
I've also run TCPView from Sysinternals on the servers and tried to find what process is making calls to the 169.254.169.254 endpoint, but it doesn't seem to pick up any traffic to that address.
I'm reluctant to just disable IMDSv1 and do a scream test as they are production servers.
If anyone has any advice or guidance on how to find what is making the IMDSv1 calls it would be appreciated.
I figured it out in the end, using the £Windows Resource Monitor Network monitor" tool, I found the exectucable that was making the calls.
I've written up the proceess in this blog post:
https://www.greystone.co.uk/2022/03/24/how-greystone-upgraded-its-aws-ec2-instances-to-use-instance-meta-data-service-version-2-imdsv2/

How to update CloudWatch Agent version on Windows Instance?

Let's say that the CloudWatch Agent installed on Windows Server was version X.0. After few months, there was an update, and the latest available version of CloudWatch Agent was X.1. So, how can I proceed with updating the already installed CloudWatch Agent version on Windows Server?
In the user guide, I am able to find ways to 'Download and Configure the CloudWatch Agent' and other related processes but not able to find ways to update the CloudWatch Agent version.
Any prompt support in this regard will be highly appreciated.
You can re-install using AWS Systems Manager, for that Systems Manager has to be installed already and you need to add these I AM roles if not there already
AmazonSSMManagedInstanceCore, CloudWatchAgentServerPolicy.
Download the CloudWatch agent package
Systems Manager Run Command enables you to manage the configuration of your instances. You specify a Systems Manager document, specify parameters, and execute the command on one or more instances. SSM Agent on the instance processes the command and configures the instance as specified.
To download the CloudWatch agent using Run Command:
Open the Systems Manager console at
https://console.aws.amazon.com/systems-manager/.
In the navigation pane, choose Run Command.
-or-
If the AWS Systems Manager home page opens, scroll down and choose
Explore Run Command.
Choose Run command.
In the Command document list, choose AWS-ConfigureAWSPackage.
In the Targets area, choose the instance on which to install the
CloudWatch agent. If you do not see a specific instance, it might not be configured for Run Command. For more information, see Setting Up AWS Systems Manager for Hybrid Environments in the AWS Systems Manager User Guide.
In the Action list, choose Install.
In the Name box, enter AmazonCloudWatchAgent.
Keep Version set to latest to install the latest version of the agent.
Choose Run.
Optionally, in the Targets and outputs areas, select the button next to an instance name and choose View output. Systems Manager should show that the agent was successfully installed.
As below it does uninstall and reinstall.
Reference: AWS Documentation

Checking Datadog agent versions installed on AWS EC2 Instances

Recent Tenable scan highlighted an issue with certain versions of datadog versions. This is also brought to attention in Datadog monitor.
Critical bug in Windows Agent versions 6.14.0 and 6.14.1. See --> http://dtdg.co/win-614-fix <-- for steps to fix the issue.
As the bulk of our servers are hosted on AWS - just wondered if I could query this through AWS CLI to list which servers were using the affected versions.
On the bottom of the infrastructure list, you should see a link called "JSON API permalink". If you query it, this should give you a JSON of all your hosts with their agent version. You can then query it with a quick Python script.

Ubuntu AWS Workspace

We've been toying with switching to cloud based desktops, specifically AWS Workspace. Is there support for Ubuntu desktops though? To this point I've only been able to generate Windows environments.
UPDATE: Amazon Workspaces now supports Amazon Linux 2, an offshoot of CentOS.
Update: Workspaces now have a linux option, in case anyone finds this.
AWS Workspaces only supports Windows at the moment.
From the product description:
Amazon WorkSpaces is a managed, secure cloud desktop service. You can use Amazon WorkSpaces to provision either Windows or Linux desktops
Amazon Workspaces now allows the use of Windows 7 and Windows 10, as well as Amazon Linux 2. There are options that are eligible for the Free Tier.
Descriptions of what software you can install are available here.

Enabling CloudWatch Integration for EC2Config version 4.2.1442

I have tried sending custom metrics to Cloud Watch.
For Ec2Config version till 4.1, I had to enable the cloud watch logs integration. It looked like the following :
Now, I am trying to do it for the instances whose Ec2Config service version is 4.2.1442, but the Cloud Watch Integration Checkbox is not visible. Infact, the CloudWatch Logs section is not being shown. Because of this, I am unable to send custom metrics to CLoudWatch.
How do I enable CloudWatch Logs integration now? Please suggest.
I am using an updated version of EC2Config (4.2.x), and this is the reason why I am unable to find the CloudWatch Logs Integration checkbox.
According to AWS Documentation :
http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/send_logs_to_cwl.html
Step 2 clearly notes the following :
NOTE :
If you don't see the Enable CloudWatch Logs integration option, then you are using an updated version of the EC2Config service that no longer supports enabling CloudWatch integration. You must use Systems Manager Run Command to enable CloudWatch integration.
As suggested, I followed the following link :
http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/remote-commands-cloudwatch.html
By following that, I was able to solve it. My instance had no IAM Role attached, so I attached it using the AWS CLI. Then, I ran the Run Command from the AWS EC2 console which automatically pushed custom performance counters to CloudWatch.