This role will install the AWS CloudWatch Agent on Ubuntu (64-bit, precise/trusty/xenial).
- config and credentials are stored in /root/.aws/
- the process runs as root
See the subdir "ExampleCfgs" for an example of how to configure this role.
(Optional) AWS region. Defaults to "us-east-1".
aws_cwa_region: "us-east-1"
The namespace in which your metrics will reside (e.g. 'myApplication').
aws_cwa_namespace: "myApplication"
(Optional) List of logfiles that you wish to monitor, and their associated parameters -- for example:
- file_path: '/var/log/syslog'
log_group_name: 'log_group_name_goes_here'
- TagKey: TagValue
log_stream_name: '{{ansible_hostname}}/log_stream_name'
log_retention: '7'
timestamp_format: '%b %-d %H:%M:%S'
timezone: 'LOCAL'
"log_retention" is specified in days, and must be one of: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653.
Omitting the "log_retention" attribute will result in the associated log group having its retention policy, if any, deleted (i.e. 'Never Expire')
For the timestamp_format syntax, see
(Optional) List of paths (i.e. different partitions) that you wish to monitor for space. Defaults to "/". For example:
- "/"
- "/opt"
AWS access key
aws_cwa_key_access: (encrypted)ACCESSKEYGOESHERE
AWS secret key
aws_cwa_key_secret: (encrypted)SECRETKEYGOESHERE
AWS security token
deploy_security_token : "{{ lookup('env','AWS_SECURITY_TOKEN') }}"
Used while assuming an assumed role
It's recommended that you declare aws_cwa_key_access
and aws_cwa_key_secret
in either a vault-encypted var file, or as vault-encrypted strings within a var file.
Path (absolute, or relative to playbook) containing the TEMPLATE named "amazon-cloudwatch-agent.json.j2" for the CloudWatch Agent config
Only "amazon-cloudwatch-agent.json.j2" in the given directory will be processed. The '.j2' extension will be removed.
aws_cwa_cfgs: "group_files/awscwa_cfg/webserver-stg"
- hosts: all
become: yes
become_user: root
- ansible-role-amazon-cloudwatch-agent
├── group_files
│ └── awscwa_cfg
│ └── webserver-stg
│ └── amazon-cloudwatch-agent.json.j2
├── group_vars
│ └── all.yml
├── inventory
├── main.yml
└── roles
└── ansible-role-amazon-cloudwatch-agent
├── handlers
│ └── main.yml
└── tasks
├── main.yml
├── ubuntu-12.yml
├── ubuntu-14.yml
└── ubuntu-16.yml