Lab complete!
Now that you have completed this lab, make sure to update your Well-Architected review if you have implemented these changes in your workload.
Click here to access the Well-Architected Tool
The CloudWatch agent monitors activity on your EC2 instance to collect logs and metrics. This improves your security posture by providing detailed records you can use to investigate security incidents. The CloudWatch agent needs to be installed on the EC2 instance using AWS Systems Manager Run Command. Run Command enables you to perform actions on EC2 instances remotely. This tool is especially helpful at scale, where you can manage the configuration of many instances with a single command. It is possible to completely automate this process using user data scripts, but that is beyond the scope of this lab.
AmazonCloudWatchAgent
package we will use in this lab is one of these packages.AmazonCloudWatchAgent
latest
Security-CW-Lab-Instance
.AmazonSSMManagedInstanceCore
is attached to this role, allowing Systems Manager to perform operations on the instance.Recap: In this portion of the lab, you installed the AWS CloudWatch agent on an EC2 Instance using AWS Systems Manager Run Command. Run Command facilitated installing the package on the instance without directly accessing it using SSH - exemplifying the Well-Architected Best Practice of “enabling people to perform actions at a distance” and “reducing attack surface”.
Now that you have completed this lab, make sure to update your Well-Architected review if you have implemented these changes in your workload.
Click here to access the Well-Architected Tool