How CloudWatch Agent Completes EC2 Monitoring: A Comprehensive Guide

"Why don’t I see my application logs in CloudWatch?"
That was the question bugging Arjun, again. His EC2 instance was running fine, but CloudWatch looked empty. No logs. No memory usage. No granular CPU stats.
Until he discovered CloudWatch Agent — the bridge between your EC2 instance and CloudWatch magic.
💭 First, the Problem
By default, EC2 instances don’t send logs or detailed system metrics to CloudWatch.
You won’t see your
/var/log/app.log
in CloudWatch Logs.You won’t get memory or disk space metrics in CloudWatch Metrics.
So how do you fix that?
You install a small agent inside your EC2. That’s it.
🛠️ What is the CloudWatch Agent?
Think of the CloudWatch Agent as your instance’s personal messenger to CloudWatch.
It collects:
🔹 Logs (like application or system logs)
🔹 Metrics (like RAM usage, disk I/O, network stats)
And sends them to CloudWatch in near real-time.
There are two types of agents:
Agent Type | Purpose | Status |
CloudWatch Logs Agent | Sends only logs | Old |
CloudWatch Unified Agent | Sends logs + metrics | New & Recommended ✅ |
🚀 Arjun’s Setup Story
Let’s walk through how Arjun set it up:
🧱 Step 1: Attach IAM Role
Arjun created an IAM Role with CloudWatchAgentServerPolicy
and attached it to his EC2 instance.
🔐 This gave permission for the agent to push logs and metrics to CloudWatch.
🧩 Step 2: Install the Agent
He used the official CloudWatch Agent installation script for Amazon Linux 2.
sudo yum install amazon-cloudwatch-agent
🧰 Step 3: Configure It
Arjun chose CloudWatch Unified Agent, which can be configured in two ways:
Using a JSON file locally
Or more elegantly, from SSM Parameter Store for centralized setup!
SSM config? Yes — with Unified Agent, he could control multiple agents from one place. No more SSH-ing into 10 servers.
📦 What Did He Get?
After setup, Arjun’s CloudWatch dashboard transformed:
📄 Logs:
/var/log/syslog
/home/app/error.log
Custom logs from his app
📊 Metrics:
Type | Examples |
CPU | user, system, idle, steal |
RAM | free, used, cache, active |
Disk I/O | reads/sec, writes/sec, bytes |
Network | TCP/UDP connections, packets, errors |
Processes | running, sleeping, dead |
Swap | usage, percentage |
And guess what? EC2’s default CloudWatch metrics don’t even include memory or swap. You need this agent for those!
💡 Bonus: Works On-Prem Too
Running a server on-premises?
Yes, Arjun did that too. He installed the same Unified Agent on a Linux VM in his local data center — and logs flowed into AWS CloudWatch.
CloudWatch doesn’t care where the server is — as long as the agent is installed and has permissions.
🎓 SAA Exam Tip
✅ Unified CloudWatch Agent = Logs + Granular Metrics + SSM Support
❌ Old Logs Agent = Logs only, no metrics, no SSM
✅ You must give EC2 instances the right IAM role
✅ Works on EC2 or on-prem VMs
🧘 Arjun’s Takeaway
Before the agent, he was blind. After it, he had superpowers.
So next time you're not seeing logs or memory stats from EC2, remember:
Install the CloudWatch Unified Agent.
More AWS SAA Articles
Understanding Amazon S3 Storage Classes for Smarter Storage Solution
How to Effectively Use Amazon S3 Replication for Data Duplication
AWS Load Balancers: How Deregistration Delay Ensures Seamless Shutdowns
Follow me for more such content
Subscribe to my newsletter
Read articles from Jay Tillu directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by

Jay Tillu
Jay Tillu
Hello! I'm Jay Tillu, an Information Security Engineer at Simple2Call. I have expertise in security frameworks and compliance, including NIST, ISO 27001, and ISO 27701. My specialities include Vulnerability Management, Threat Analysis, and Incident Response. I have also earned certifications in Google Cybersecurity and Microsoft Azure. I’m always eager to connect and discuss cybersecurity—let's get in touch!