Configuring Amazon CloudWatch support

Configure the appliance to send statistical data to Amazon CloudWatch which can then be used by AWS services to perform load balancing and scaling functions.

About this task

To install the CloudWatch agent the 'IBM Security Verify Access Extension for Amazon CloudWatch Agent' extension must be obtained from IBM Security App Exchange and installed on the appliance.

If you already have an AWS Identity and Access Management role that is associated with your instance, ensure that it has permissions to perform the Amazon CloudWatch PutMetricData operation. Otherwise, you must create a new IAM role with permissions to perform CloudWatch operations and associate that role before you install the extension. Additional information on the access requirements for CloudWatch can be found at Identity and Access Management for Amazon CloudWatch.

After the extension has been installed the metrics collected and the frequency which the agent uploads data can be set in the aws/amazon_cloud_watch_agent.json configuration file in Auxiliary Configuration Files. Documentation for supported JSON configuration can be found at the Cloud Watch User Guide. By default the appliance reports memory, swap, and disk space usage metrics to Amazon CloudWatch.

The Access Key and Access Secret associated with this IAM role must be updated in the aws/credentials file in the Auxiliary Configuration Files.

Procedure

  1. In the appliance local management interface, go to System > Updates and Licensing > Extensions.
  2. Click New.
  3. Select the extension file which was obtained from IBM Security App Exchange.
    Note: The file which is downloaded from IBM Security App Exchange is a zip file, and the extension file must first be extracted from this zip file.
  4. Click Next.
  5. Supply the requested information, including the Amazon CloudWatch agent RPM and signature files.
  6. Click Install.