Install AWS Cloudwatch agent on on-premises Windows server

First, create an IAM user with programmatic access and attach the below-mentioned policy:

1. CloudWatchAgentAdminPolicy
2. AmazonSSMManagedInstanceCore

Now, create a credentials file as per the below image:

Now download and install the Amazon Cloudwatch agent from the below link: https://s3.amazonaws.com/amazoncloudwatch-agent/windows/amd64/latest/amazon-cloudwatch-agent.msi

Update the common-config.toml file:

1. The file is located at C:\ProgramData\Amazon\AmazonCloudWatchAgent
2. Open the file in any editor and change the credentials file as you see below.
3. Here I created the credentials file on the desktop.

Now, configure AWS CLI from the cmd:

1. If you don’t have aws cli in windows then download and install from the below link:

Installing, updating, and uninstalling the AWS CLI version 2 on Windows

2. Now in cmd enter AWS configure command and enter the access key and secret key which you created earlier.

Now, In AWS console create an IAM role:

1. In the IAM console click create the role.
2. Then click on EC2.

3. Click on next and add permission below mentioned.

• CloudWatchAgentServerPolicy
• AmazonSSMManagedInstanceCore
• AmazonSSMDirectoryServiceAccess

4. click on next and name to the role ‘ SSMInstanceProfile ‘.

5. create a role.

Now, create an EC2 instance and attach the above mention role.

Note: Please give the name to the instance in Tag like “Name: cloud-watch”

Now create hybrid activation using the following command run this command in cmd:

aws ssm create-activation -default-instance-name cloud-watch -iam-role SSMInstanceProfile -registration-limit 5 -region us-east-1

You will see the below output:

Now, Install SSM Agent for a Hybrid Environment (Windows)

Open Powershell in Administrator mode and enter the following command:

1. $code = “activation-code"
2. $id = “activation-id"
3. $region = “region"
4. $dir = $env:TEMP + “\ssm”
5. New-Item -ItemType directory -Path $dir -Force
6. cd $dir
7. (New-Object System.Net.WebClient).DownloadFile(“https://amazon-ssm-$region.s3.amazonaws.com/latest/windows_amd64/AmazonSSMAgentSetup.exe", $dir + “\AmazonSSMAgentSetup.exe”)
8. Start-Process .\AmazonSSMAgentSetup.exe -ArgumentList @(“/q”, “/log”, “install.log”, “CODE=$code”, “ID=$id”, “REGION=$region”) -Wait
9. Get-Content ($env:ProgramData + “\Amazon\SSM\InstanceData\registration”)
10. Get-Service -Name “AmazonSSMAgent”

Now, In PowerShell configure the config-wizard script:

change the path to the C:\Program Files\Amazon\AmazonCloudWatchAgent> and run

.\amazon-cloudwatch-agent-config-wizard.exe

Give the input of generated questions

Starting the CloudWatch Agent

To use SSM Agent to start the CloudWatch agent on an on-premises server

1. Open the Systems Manager console at https://console.aws.amazon.com/systems-manager/.
2. In the navigation pane, choose Run Command.-or-If the AWS Systems Manager home page opens, scroll down and choose to Explore Run Command.
3. Choose the Run command.
4. In the Command document list, select the button next to AmazonCloudWatch-ManageAgent.
5. In the Targets area, select the instance where you installed the agent.
6. In the Action list, choose to configure.
7. In the Mode list, choose onPremise.
8. In the Optional Configuration Location box, enter the name of the agent configuration file that you created with the wizard and stored in the Parameter Store. (you get this from the parameter store in AWS system manager parameter store)
9. Choose Run.

After successfully running this command you can see the metrics in the Cloudwatch console.

OUTPUT: