How CloudWatch Agent Completes EC2 Monitoring: A Comprehensive Guide

Jay TilluJay Tillu
4 min read

"Why don’t I see my application logs in CloudWatch?"

That was the question bugging Arjun, again. His EC2 instance was running fine, but CloudWatch looked empty. No logs. No memory usage. No granular CPU stats.

Until he discovered CloudWatch Agent — the bridge between your EC2 instance and CloudWatch magic.


💭 First, the Problem

By default, EC2 instances don’t send logs or detailed system metrics to CloudWatch.

  • You won’t see your /var/log/app.log in CloudWatch Logs.

  • You won’t get memory or disk space metrics in CloudWatch Metrics.

So how do you fix that?
You install a small agent inside your EC2. That’s it.


🛠️ What is the CloudWatch Agent?

Think of the CloudWatch Agent as your instance’s personal messenger to CloudWatch.

It collects:

  • 🔹 Logs (like application or system logs)

  • 🔹 Metrics (like RAM usage, disk I/O, network stats)

And sends them to CloudWatch in near real-time.

There are two types of agents:

Agent TypePurposeStatus
CloudWatch Logs AgentSends only logsOld
CloudWatch Unified AgentSends logs + metricsNew & Recommended ✅

🚀 Arjun’s Setup Story

Let’s walk through how Arjun set it up:

🧱 Step 1: Attach IAM Role

Arjun created an IAM Role with CloudWatchAgentServerPolicy and attached it to his EC2 instance.
🔐 This gave permission for the agent to push logs and metrics to CloudWatch.

🧩 Step 2: Install the Agent

He used the official CloudWatch Agent installation script for Amazon Linux 2.

sudo yum install amazon-cloudwatch-agent

🧰 Step 3: Configure It

Arjun chose CloudWatch Unified Agent, which can be configured in two ways:

  • Using a JSON file locally

  • Or more elegantly, from SSM Parameter Store for centralized setup!

SSM config? Yes — with Unified Agent, he could control multiple agents from one place. No more SSH-ing into 10 servers.


📦 What Did He Get?

After setup, Arjun’s CloudWatch dashboard transformed:

📄 Logs:

  • /var/log/syslog

  • /home/app/error.log

  • Custom logs from his app

📊 Metrics:

TypeExamples
CPUuser, system, idle, steal
RAMfree, used, cache, active
Disk I/Oreads/sec, writes/sec, bytes
NetworkTCP/UDP connections, packets, errors
Processesrunning, sleeping, dead
Swapusage, percentage

And guess what? EC2’s default CloudWatch metrics don’t even include memory or swap. You need this agent for those!


💡 Bonus: Works On-Prem Too

Running a server on-premises?
Yes, Arjun did that too. He installed the same Unified Agent on a Linux VM in his local data center — and logs flowed into AWS CloudWatch.

CloudWatch doesn’t care where the server is — as long as the agent is installed and has permissions.


🎓 SAA Exam Tip

Unified CloudWatch Agent = Logs + Granular Metrics + SSM Support
Old Logs Agent = Logs only, no metrics, no SSM
✅ You must give EC2 instances the right IAM role
✅ Works on EC2 or on-prem VMs


🧘 Arjun’s Takeaway

Before the agent, he was blind. After it, he had superpowers.

So next time you're not seeing logs or memory stats from EC2, remember:

Install the CloudWatch Unified Agent.


More AWS SAA Articles

Follow me for more such content

0
Subscribe to my newsletter

Read articles from Jay Tillu directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Jay Tillu
Jay Tillu

Hello! I'm Jay Tillu, an Information Security Engineer at Simple2Call. I have expertise in security frameworks and compliance, including NIST, ISO 27001, and ISO 27701. My specialities include Vulnerability Management, Threat Analysis, and Incident Response. I have also earned certifications in Google Cybersecurity and Microsoft Azure. I’m always eager to connect and discuss cybersecurity—let's get in touch!