The last time we worked on EC2 was in Chapter 5, Scaling Your Infrastructure, when we implemented the Auto Scaling groups. We are going to edit the troposphere script we used for this and make the necessary changes.
Go to your template directory and with your text editor, open the file nodeserver-cf-template.pyfrom our EffectiveDevOpsTemplates repository.
Previously, we created a policy to allow access to S3, which we needed for CodeDeploy. We will add a second policy and grant access to CloudWatch, CloudWatch logs, and CloudWatch events. After the creation of the IAM policy AllowS3, add the following resource:
t.add_resource(IAMPolicy(
"MonitoringPolicy",
PolicyName="AllowSendingDataForMonitoring",
PolicyDocument=Policy(
Statement=[
Statement(
Effect=Allow,
Action=[
Action("cloudwatch", "Put*"),
Action("logs", "Create*"),
Action("logs", "Put*"),
Action("logs", "Describe*"),
Action("events", "Put*"),
],
Resource=["*"])
]
),
Roles=[Ref("Role")]
))
We can save our template and generate the new CloudFormation template:
$ git add nodeserver-cf-template.py
$ git commit -m "Adding permissions to interact with CloudWatch Logs, Events"
$ git push
To update our existing stack, we are going to use the AWS CLI. In this particular instance, the main change is at the IAM level where we are creating the Monitoring Policy. The parameters we previously set when we initially created our stacks don't need to be changed. Instead of providing the same parameters again, we are going to use the UsePreviousValue option to update our helloworld stacks as follows:
$ python nodeserver-cf-template.py > nodeserver-cf.template
$ aws cloudformation update-stack
--capabilities CAPABILITY_IAM
--stack-name helloworld-staging
--template-body file://nodeserver-cf.template
--parameters
ParameterKey=InstanceType,UsePreviousValue=true
ParameterKey=KeyPair,,UsePreviousValue=true
ParameterKey=PublicSubnet,,UsePreviousValue=true
ParameterKey=ScaleCapacity,,UsePreviousValue=true
ParameterKey=VpcId,,UsePreviousValue=true
$ aws cloudformation update-stack
--capabilities CAPABILITY_IAM
--stack-name helloworld-production
--template-body file://nodeserver-cf.template
--parameters
ParameterKey=InstanceType,UsePreviousValue=true
ParameterKey=KeyPair,UsePreviousValue=true
ParameterKey=PublicSubnet,UsePreviousValue=true
ParameterKey=ScaleCapacity,UsePreviousValue=true
ParameterKey=VpcId,UsePreviousValue=true
Once the stack update is done, we can commit and merge our ansible changes. Your code should be similar to http://bit.ly/2v3Nqr0:
$ cd ansible
$ git add nodeserver.yml roles/awslogs $ git commit -m "Adding awslogs role and permission to use CloudWatch" $ git push
$ cd helloworld
$ git add .
$ git commit -m "Adding CloudWatch support to our application"
$ git push
Within a few minutes, you should be able to see your new log groups in CloudWatch under the Logs section, and, inside them, the different log streams of our different hosts, and in the Metrics section, our helloworld traffic graph:
We now have an elegant solution to send logs from an EC2 instance into CloudWatch.
We won't cover this in this book, but CloudWatch has a dashboard feature that will let you create custom views to group some of the critical metrics. For example: if you are monitoring a web application, you may create a dashboard with your application error rate, latency, and queries per second (QPS).
Averages can be misleading when looking at certain metrics. A classic example is latency. To monitor the latency of your application, you want to collect and graph the worst 95th and 99th percentiles, as opposed to simply the mean or the average. These two graphs will often tell you a different story of how some users are perceiving the latency on the site.
We now need to provide the same functionalities to ECS.