Solution Overview
AWS CloudWatch can monitor your on-premises servers using the CloudWatch agent. This allows you to collect metrics, logs, and events from your on-premises infrastructure and view them alongside your AWS resources.
Step 1: Set Up IAM Permissions
- Create an IAM user or role with the following permissions:
json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"ec2:DescribeVolumes",
"ec2:DescribeTags",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups",
"logs:CreateLogStream",
"logs:CreateLogGroup"
],
"Resource": "*"
}
]
}
2. Create an IAM access key for the IAM user or generate temporary credentials if using a role.
Step 2: Install the CloudWatch Agent
For Linux:
bash
# Download the CloudWatch agent
wget https://s3.amazonaws.com/amazoncloudwatch-agent/linux/amd64/latest/AmazonCloudWatchAgent.zip
# Unzip the package
unzip AmazonCloudWatchAgent.zip
# Install the agent
sudo ./install.sh
# Configure AWS credentials
mkdir -p ~/.aws/
cat > ~/.aws/credentials << EOL
[AmazonCloudWatchAgent]
aws_access_key_id = YOUR_ACCESS_KEY
aws_secret_access_key = YOUR_SECRET_KEY
region = YOUR_AWS_REGION
EOLFor Windows:
- Download the agent: https://s3.amazonaws.com/amazoncloudwatch-agent/windows/amd64/latest/AmazonCloudWatchAgent.zip
- Extract and run
install.ps1as administrator - Configure AWS credentials in
C:\Program Files\Amazon\AmazonCloudWatchAgent\credentials
Step 3: Configure the CloudWatch Agent
Create a configuration file (e.g., config.json):
json
{
"agent": {
"metrics_collection_interval": 60,
"run_as_user": "cwagent"
},
"metrics": {
"namespace": "OnPremServers",
"metrics_collected": {
"cpu": {
"resources": [
"*"
],
"measurement": [
"cpu_usage_idle",
"cpu_usage_user",
"cpu_usage_system"
],
"totalcpu": true
},
"disk": {
"resources": [
"/",
"/tmp"
],
"measurement": [
"used_percent",
"inodes_free"
]
},
"diskio": {
"resources": [
"*"
],
"measurement": [
"io_time",
"write_bytes",
"read_bytes",
"writes",
"reads"
]
},
"mem": {
"measurement": [
"mem_used_percent"
]
},
"swap": {
"measurement": [
"swap_used_percent"
]
}
}
},
"logs": {
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "/var/log/syslog",
"log_group_name": "onprem-syslog",
"log_stream_name": "{instance_id}-syslog"
},
{
"file_path": "/var/log/application/*.log",
"log_group_name": "onprem-application",
"log_stream_name": "{instance_id}-application-{file_basename}"
}
]
}
}
}
}Step 4: Start the CloudWatch Agent
For Linux:
bash
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m onPremise -s -c file:/path/to/config.jsonFor Windows:
powershell
& "C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-ctl.ps1" -a fetch-config -m onPremise -s -c file:C:\path\to\config.jsonStep 5: Verify Installation
Check the agent status:
For Linux:
bash
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -m onPremise -a statusFor Windows:
powershell
& "C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-ctl.ps1" -m onPremise -a statusCost Considerations
AWS CloudWatch pricing for on-premises servers includes:
- CloudWatch Metrics:
- Basic monitoring: Free for 10 metrics, 1-minute resolution
- Detailed monitoring: $0.30 per metric per month (up to 1-minute resolution)
- High-resolution monitoring: $1.00 per high-resolution metric per month (1-second resolution)
- CloudWatch Logs:
- Data ingestion: $0.50 per GB
- Data storage: $0.03 per GB-month
- Log Insights queries: $0.0056 per GB of data scanned
- CloudWatch Dashboards:
- First 3 dashboards: Free
- Additional dashboards: $3.00 per dashboard per month
- CloudWatch Alarms:
- Standard resolution: $0.10 per alarm metric per month
- High resolution: $0.30 per alarm metric per month
- Data transfer:
- Data transfer IN to AWS: Free
- Data transfer OUT from AWS: Varies by region and volume
Cost Optimization Tips
- Be selective with metrics: Monitor only what you need to reduce costs.
- Use appropriate resolution: Use standard resolution (1-minute) unless you need high-resolution metrics.
- Filter logs: Use log filters to send only relevant log data to CloudWatch.
- Set up log retention: Configure log retention policies to automatically delete older logs.
- Use composite alarms: Group related conditions into composite alarms to reduce the number of alarm metrics.
Let me clarify the CloudWatch cost considerations in more detail:
CloudWatch Costs Explained in Detail
1. CloudWatch Metrics
Basic Monitoring (Free Tier):
You get 10 custom metrics for free
These metrics are collected at standard 1-minute intervals
Example: If you monitor CPU usage on 10 servers, that’s your free allocation used up
Detailed Monitoring ($0.30 per metric per month):
“Detailed monitoring” refers to the frequency of data collection (up to 1-minute resolution)
This applies to any metric beyond your free 10 metrics
Example: If you monitor 50 servers with 5 metrics each, that’s 250 metrics. After the 10 free metrics, you’d pay for 240 metrics × $0.30 = $72/month
High-Resolution Monitoring ($1.00 per metric per month):
“High-resolution” refers to the frequency of data collection (1-second intervals)
This is about time granularity, not visual resolution
Use this when you need to detect brief spikes that might be missed with 1-minute monitoring
Example: Monitoring application response time with 1-second precision
2. CloudWatch Logs
Data Ingestion ($0.50 per GB):
“Data ingestion” means the cost of sending log data to CloudWatch
This is charged when your on-premises servers send logs to CloudWatch
Example: If your servers generate 10GB of logs per month, you’d pay 10GB × $0.50 = $5/month
Data Storage ($0.03 per GB-month):
This is the cost to keep your logs in CloudWatch (not S3)
Separate from S3 costs, this is specifically for CloudWatch’s log storage
Example: If you store 100GB of logs, you’d pay 100GB × $0.03 = $3/month
Log Insights Queries ($0.0056 per GB scanned):
This applies when you use CloudWatch Logs Insights to analyze your logs
You’re charged based on how much data CloudWatch has to examine to answer your query
Example: If your query scans 50GB of logs, you’d pay 50GB × $0.0056 = $0.28
3. CloudWatch Dashboards
First 3 dashboards: Free
Additional dashboards ($3.00 per dashboard per month)
For client reporting, standard dashboards are sufficient for most use cases
You can export dashboards as PDF for client reports
4. CloudWatch Alarms
Alarms are notification triggers based on metric conditions
They are not the same as SQS or SNS (though they can trigger SNS notifications)
Standard Resolution Alarms ($0.10 per alarm metric per month):
Evaluated at 1-minute intervals
Example: An alarm that triggers when CPU exceeds 80% costs $0.10/month
High Resolution Alarms ($0.30 per alarm metric per month):
Evaluated at more frequent intervals (as low as 10 seconds)
Used for time-sensitive applications
Alarms can trigger different actions:
Send notifications via Amazon SNS (additional SNS costs apply)
Execute Auto Scaling actions
Trigger AWS Systems Manager actions
Client Reporting Options
For monthly client reports, I recommend:
Standard CloudWatch Dashboards with scheduled exports to PDF
Most cost-effective for sharing with clients
Can be customized with client branding
Resolution is perfectly adequate for reporting purposes
QuickSight if you need more advanced visualizations (additional costs apply)
Better for interactive dashboards
More expensive than CloudWatch dashboards
Cost Calculation Example
For a medium environment with 20 on-premises servers:
Metrics: 5 metrics per server × 20 servers = 100 metrics
10 free metrics
90 paid metrics × $0.30 = $27.00/month
Logs: Average 500MB logs per server per month = 10GB total
Ingestion: 10GB × $0.50 = $5.00/month
Storage (assuming 3-month retention): 30GB × $0.03 = $0.90/month
Log Insights: Assuming 5GB scanned per month
5GB × $0.0056 = $0.03/month
Dashboards: 2 dashboards (within free tier) = $0/month
Alarms: 10 standard resolution alarms
10 alarms × $0.10 = $1.00/month
Total monthly cost: $33.93/month