AWS CloudWatch Monitoring
Implementing CloudWatch Monitoring for Nginx Web Server on EC2
Step 1: Launch an EC2 Instance
Go to AWS Console → EC2 → Launch Instance.
Configure the following:
Name:
nginx-serverAMI: Ubuntu 22.04 LTS
Instance Type: t2.micro (Free Tier eligible)
Key pair: Create or select an existing one.
Security Group: Allow inbound rules for:
Port 22 (SSH)
Port 80 (HTTP)
Launch the instance.
Step 2: Install and Start Nginx
Connect to the EC2 instance using SSH:
ssh -i your-key.pem ubuntu@your-ec2-public-ip
Update and install nginx:
sudo apt update -y
sudo apt install nginx -y
Start and enable nginx service:
sudo systemctl start nginx
sudo systemctl enable nginx
Verify by accessing the public IP address of the EC2 instance in a web browser. You should see the Nginx welcome page.
Step 3: Create an IAM Role for CloudWatch
Navigate to IAM → Roles → Create Role.
Trusted Entity: EC2.
Attach the following policies:
CloudWatchAgentServerPolicy
AmazonSSMManagedInstanceCore (optional but recommended for easier management)
Name the role appropriately, for example:
EC2CloudWatchAgentRole.Attach this role to the running EC2 instance (EC2 → Actions → Security → Modify IAM Role).
Step 4: Install the CloudWatch Agent
Since amazon-cloudwatch-agent is not available via apt on Ubuntu, install it manually:
cd /tmp
wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
sudo dpkg -i -E ./amazon-cloudwatch-agent.deb
Verify the installation:
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a status
Step 5: Create a CloudWatch Agent Configuration File
Create a configuration file to specify which logs to collect:
sudo vim /opt/aws/amazon-cloudwatch-agent/bin/config.json
Paste the following configuration:
{
"logs": {
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "/var/log/nginx/access.log",
"log_group_name": "nginx-access-logs",
"log_stream_name": "{instance_id}-access",
"timezone": "UTC"
},
{
"file_path": "/var/log/nginx/error.log",
"log_group_name": "nginx-error-logs",
"log_stream_name": "{instance_id}-error",
"timezone": "UTC"
}
]
}
}
}
}
Save and exit the file.
Step 6: Start the CloudWatch Agent
Start the CloudWatch Agent with the created configuration:
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl \
-a fetch-config \
-m ec2 \
-c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json \
-s
This will start collecting the nginx logs and push them to CloudWatch.
Step 7: Verify in AWS Console
Go to AWS Console → CloudWatch → Log Groups.
You should see two log groups:
nginx-access-logs
You can now monitor the nginx access and error logs directly from the CloudWatch console.
Final Outcome
A running EC2 instance with an nginx web server installed and active.
CloudWatch Agent installed and configured to collect nginx logs.
Log streams visible and accessible in the AWS CloudWatch service for monitoring.
