I want to troubleshoot an Amazon CloudWatch alarm that monitors CloudWatch agent metrics and is in the INSUFFICIENT_DATA state.
Resolution
Check the configuration file
Make sure that the metric descriptions, such as metric name and dimensions, match the CloudWatch agent configuration file that the agent uses to publish metrics.
You can find the configuration file in the following locations:
- For Linux: /opt/aws/amazon-cloudwatch-agent/bin/config.json
- For Windows: C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent.json
The following is an example mismatch between the CloudWatch agent configuration file and the alarm configuration.
Example configuration file:
{
"metrics": {
"namespace": "CWAgent",
"metrics_collected": {
"cpu": {
"measurement": [
"usage_idle"
],
"metrics_collection_interval": 60,
"totalcpu": false
}
}
}
}
The following configurations are used for the alarm:
- Metric Name: cpu_utilization
- Dimensions: InstanceId
- Statistic: Average
- Period: 60 seconds
- Threshold: 80%
In the preceding examples, the metric names don't match. To resolve this issue, make sure that the metric names are the same.
Check the IAM permissions
Check the permissions of the AWS Identity and Access Management (IAM) role that's attached to the Amazon Elastic Compute Cloud (Amazon EC2) instance. The IAM role must have permission to perform the PutMetricData action. To make sure that the role has all the permissions for the CloudWatch agent, attach CloudWatchAgentServerPolicy to the role.
For more information, see Why doesn't the unified CloudWatch agent push my metrics or log events to CloudWatch?
Check the CloudWatch agent's log file
In the CloudWatch agent log file, check for messages that indicate issues with connectivity, permissions, configuration, or metric collection.
You can find the logs in the following locations:
- For Linux: /var/log/amazon/amazon-cloudwatch-agent/amazon-cloudwatch-agent.log
- For Windows: C:\ProgramData\Amazon\AmazonCloudWatchAgent\Logs\amazon-cloudwatch-agent.log
Check the network connectivity
Make sure that your EC2 instance can connect to the internet and allows the CloudWatch agent to send data to the CloudWatch endpoints. If your instance can't directly connect to the internet, then use Amazon Virtual Private Cloud (Amazon VPC) endpoints. Make sure that the security group that's associated with the Amazon VPC endpoint allows inbound traffic from the instance.
For more information, see Why doesn't the unified CloudWatch agent push my metrics or log events to CloudWatch?
Test the metric collection
Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.
To manually test the process that collects and publishes metrics, run the put-metric-data command on the instances that run the CloudWatch agent.
Related information
How do I troubleshoot my CloudWatch alarm in the INSUFFICIENT_DATA state?
How do I install and configure the unified CloudWatch agent to push metrics and logs from my EC2 instance to CloudWatch?
How do I troubleshoot missing data points in my Amazon CloudWatch metrics?