This is a particularly useful option provided by the SSM agent, especially when you don't want to log in to each and every instance and troubleshoot issues. Integrating the SSM agent's logs with CloudWatch enables you to have all your logs captured and analyzed at one central location, which undoubtedly ends up saving a lot of time, but it also brings additional benefits such as the ability to configure alarms, view the various metrics using CloudWatch dashboard, and retain the logs for a much longer duration.

But before we get to configuring the agent, we first need to create a separate log group within CloudWatch that will stream the agent logs from individual instances here:

1. To do so, from the AWS Management Console, select the CloudWatch option, or alternatively, click on the following link to open your CloudWatch dashboard from https://console.aws.amazon.com/cloudwatch/.
2. Next, select the Logs option from the navigation pane. Here, click on Create log group and provide a suitable name for your log group, as shown in the following screenshot:

3. Once completed, SSH back into your Dev instance and run the following command:

# sudo cp /etc/amazon/ssm/seelog.xml.template /etc/amazon/ssm/seelog.xml 

4. Next, using your favorite editor, open the newly copied file and paste the following content in it. Remember to swap out the <CLOUDWATCH_LOG_GROUP_NAME> field with the name of your own log group:

# sudo vi /etc/amazon/ssm/seelog.xml 
<seelog minlevel="info" critmsgcount="500" maxinterval="100000000" 
 mininterval="2000000" type="adaptive"> 
 <exceptions> 
 <exception minlevel="error" filepattern="test*"/> 
 </exceptions> 
 <outputs formatid="fmtinfo"> 
 <console formatid="fmtinfo"/> 
 <rollingfile type="size" maxrolls="5" maxsize="30000000" 
 filename="{{LOCALAPPDATA}}AmazonSSMLogsamazon-ssm-agent.log"/> 
 <filter formatid="fmterror" levels="error,critical"> 
 <rollingfile type="size" maxrolls="5" maxsize="10000000" 
 filename="{{LOCALAPPDATA}}AmazonSSMLogserrors.log"/> 
 </filter> 
 <custom name="cloudwatch_receiver" formatid="fmtdebug" data-log-group="<CLOUDWATCH_LOG_GROUP_NAME>"/> 
 </outputs> 
CODE: 

5. With the changes made, save and exit the editor. Now have a look at your newly created log group using the CloudWatch dashboard; you should see your SSM agent's error logs, if any, displayed there for easy troubleshooting.

With this step completed, we have now successfully installed and configured our EC2 instance as a Managed Instance in Systems Manager. To verify whether your instance has indeed been added, select the Managed Instance option provided under the Systems Manager Shared Resources section from the navigation pane of your EC2 dashboard; you should see your instance listed, as shown here:

In the next section, we will deep dive into the various features provided as a part of the Systems Manager, starting off with one of the most widely used: Run Command!