I want to upload my Windows logs to Amazon CloudWatch.
Resolution
Upload your Windows logs to CloudWatch with AWS Systems Manager and Amazon CloudWatch agent. Then, store the configuration file in the SSM Parameter Store, a capability of AWS Systems Manager.
Create IAM roles
Create server and administrator AWS Identity and Access Management (IAM) roles to use with the CloudWatch agent. The server role allows instances to upload metrics and logs to CloudWatch. The administrator role creates and stores the CloudWatch configuration template in the Systems Manager Parameter Store.
Note: Be sure to follow both IAM role creation procedures to limit access to the admin role.
Attach the server role
Attach the server role to any Elastic Compute Cloud (Amazon EC2) instances that you want to upload your logs for.
Attach the administrator role
Attach the administrator role to your administrator configuration instance.
Install the CloudWatch agent package
Download and install the CloudWatch agent package with AWS Systems Manager Run Command. In the Targets area, choose your server instances and your administrator instance.
Note: Before you install the CloudWatch agent, be sure to update or install SSM agent on the instance.
Create the CloudWatch agent configuration file
Create the CloudWatch agent configuration file on your administrator instance using the configuration wizard. Store the file in the Parameter Store. Record the Parameter Store name that you choose. For an example configuration with logs, see CloudWatch agent configuration file: Logs section.
To create your configuration file, complete the following steps:
- Run PowerShell as an administrator.
- To start the configuration wizard, open Command Prompt. Then, run the .exe file that's located at C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-config-wizard.exe.
- To create the configuration file, answer the following questions in the configuration wizard:
On which OS are you planning to use the agent?
Select Windows.
Are you using EC2 or On-Premises hosts?
Select Ec2.
Do you have any existing CloudWatch Log Agent configuration file to import for migration?
Select No.
Do you want to monitor any host metrics?
If you want to push only logs, then select No.
Do you want to monitor any customized log files?
If you want to push only default Windows Event Logs, then select No. If you also want to push custom logs, then select Yes.
Do you want to monitor any Windows event log?
If you want to push Windows Event Logs, then select Yes.
- When the configuration wizard prompts you to store your file in Parameter Store, select Yes to use the parameter in SSM.
Apply your configuration
To apply the configuration to the server instances and start uploading logs, start the CloudWatch agent using Systems Manager Run Command.
For Targets, choose your server instances.
For Optional Configuration Location, enter the Parameter Store name that you chose in the wizard.
Related information
Collect metrics and logs from Amazon EC2 instances and on-premises servers with the CloudWatch agent
Quick Start: Install and configure the CloudWatch Logs agent on a running EC2 Linux instance