Amazon CloudWatch Logs 模板代码段 - Amazon CloudFormation
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

Amazon CloudWatch Logs 模板代码段

Amazon CloudWatch Logs 能够监控系统、应用程序和来自 Amazon EC2 实例或其他源的自定义日志文件。您可以使用 Amazon CloudFormation 配置和管理日志组和指标筛选条件。有关 Amazon CloudWatch Logs 入门的更多信息,请参阅《Amazon CloudWatch 用户指南》中的监控系统、应用程序和自定义日志文件

从 Linux 实例将日志发送到 CloudWatch Logs

下面的模板描述了一个 Web 服务器及其自定义指标。来自该 Web 服务器日志的日志事件为自定义指标提供了数据。为了将日志事件发送到自定义指标,UserData 字段在 Amazon EC2 实例上安装一个 CloudWatch Logs 代理。该代理的配置信息 (如服务器日志文件的位置、日志组名称和日志流名称) 在 /tmp/cwlogs/apacheaccess.conf 文件中定义。在 Web 服务器向 /var/log/httpd/access_log 文件发送日志事件后,将创建日志流。

注意

有关权限的说明:WebServerHost 实例引用 LogRoleInstanceProfile 实例配置文件,后者又引用 LogRole 角色。LogRolearn:aws:s3:::* 指定 s3:GetObject 权限。

该权限是必需的,因为 WebServerHostUserData 部分中的 Amazon S3 下载 CloudWatch Logs 代理 (awslogs-agent-setup.py)。

两个指标筛选条件描述了将日志信息转换成 CloudWatch 指标的方法。404 指标用于统计出现 404 错误的次数。大小指标用于跟踪请求的大小。如果两分钟内出现两次以上的 404 错误,或平均请求大小在高于 3500 KB 的情况下持续 10 分钟,这两个 CloudWatch 警报将发送通知。

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "AWS CloudFormation Sample Template for CloudWatch Logs.", "Parameters": { "KeyName": { "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances", "Type": "AWS::EC2::KeyPair::KeyName", "ConstraintDescription": "must be the name of an existing EC2 KeyPair." }, "SSHLocation": { "Description": "The IP address range that can be used to SSH to the EC2 instances", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "0.0.0.0/0", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, "OperatorEmail": { "Description": "Email address to notify if there are any scaling operations", "Type": "String" } }, "Mappings": { "RegionMap": { "us-east-1": { "AMI": "ami-0ff8a91507f77f867" }, "us-west-1": { "AMI": "ami-0bdb828fd58c52235" }, "us-west-2": { "AMI": "ami-a0cfeed8" }, "eu-west-1": { "AMI": "ami-047bb4163c506cd98" }, "ap-southeast-1": { "AMI": "ami-08569b978cc4dfa10" }, "ap-southeast-2": { "AMI": "ami-09b42976632b27e9b" }, "ap-northeast-1": { "AMI": "ami-06cd52961ce9f0d85" }, "sa-east-1": { "AMI": "ami-07b14488da8ea02a0" }, "eu-central-1": { "AMI": "ami-0233214e13e500f77" } } }, "Resources": { "LogRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/", "Policies": [ { "PolicyName": "LogRolePolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:Create*", "logs:PutLogEvents", "s3:GetObject" ], "Resource": [ "arn:aws:logs:*:*:*", "arn:aws:s3:::*" ] } ] } } ] } }, "LogRoleInstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "LogRole" } ] } }, "WebServerSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Enable HTTP access via port 80 and SSH access via port 22", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "tcp", "FromPort": 22, "ToPort": 22, "CidrIp": { "Ref": "SSHLocation" } } ] } }, "WebServerHost": { "Type": "AWS::EC2::Instance", "Metadata": { "Comment": "Install a simple PHP application", "AWS::CloudFormation::Init": { "config": { "packages": { "yum": { "httpd": [], "php": [] } }, "files": { "/tmp/cwlogs/apacheaccess.conf": { "content": { "Fn::Join": [ "", [ "[general]\n", "state_file= /var/awslogs/agent-state\n", "[/var/log/httpd/access_log]\n", "file = /var/log/httpd/access_log\n", "log_group_name = ", { "Ref": "WebServerLogGroup" }, "\n", "log_stream_name = {instance_id}/apache.log\n", "datetime_format = %d/%b/%Y:%H:%M:%S" ] ] }, "mode": "000400", "owner": "apache", "group": "apache" }, "/var/www/html/index.php": { "content": { "Fn::Join": [ "", [ "<?php\n", "echo '<h1>AWS CloudFormation sample PHP application</h1>';\n", "?>\n" ] ] }, "mode": "000644", "owner": "apache", "group": "apache" }, "/etc/cfn/cfn-hup.conf": { "content": { "Fn::Join": [ "", [ "[main]\n", "stack=", { "Ref": "AWS::StackId" }, "\n", "region=", { "Ref": "AWS::Region" }, "\n" ] ] }, "mode": "000400", "owner": "root", "group": "root" }, "/etc/cfn/hooks.d/cfn-auto-reloader.conf": { "content": { "Fn::Join": [ "", [ "[cfn-auto-reloader-hook]\n", "triggers=post.update\n", "path=Resources.WebServerHost.Metadata.AWS::CloudFormation::Init\n", "action=/opt/aws/bin/cfn-init -s ", { "Ref": "AWS::StackId" }, " -r WebServerHost ", " --region ", { "Ref": "AWS::Region" }, "\n", "runas=root\n" ] ] } } }, "services": { "sysvinit": { "httpd": { "enabled": "true", "ensureRunning": "true" }, "sendmail": { "enabled": "false", "ensureRunning": "false" } } } } } }, "CreationPolicy": { "ResourceSignal": { "Timeout": "PT5M" } }, "Properties": { "ImageId": { "Fn::FindInMap": [ "RegionMap", { "Ref": "AWS::Region" }, "AMI" ] }, "KeyName": { "Ref": "KeyName" }, "InstanceType": "t1.micro", "SecurityGroups": [ { "Ref": "WebServerSecurityGroup" } ], "IamInstanceProfile": { "Ref": "LogRoleInstanceProfile" }, "UserData": { "Fn::Base64": { "Fn::Join": [ "", [ "#!/bin/bash -xe\n", "# Get the latest CloudFormation package\n", "yum install -y aws-cfn-bootstrap\n", "# Start cfn-init\n", "/opt/aws/bin/cfn-init -s ", { "Ref": "AWS::StackId" }, " -r WebServerHost ", " --region ", { "Ref": "AWS::Region" }, " || error_exit 'Failed to run cfn-init'\n", "# Start up the cfn-hup daemon to listen for changes to the EC2 instance metadata\n", "/opt/aws/bin/cfn-hup || error_exit 'Failed to start cfn-hup'\n", "# Get the CloudWatch Logs agent\n", "wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py\n", "# Install the CloudWatch Logs agent\n", "python awslogs-agent-setup.py -n -r ", { "Ref": "AWS::Region" }, " -c /tmp/cwlogs/apacheaccess.conf || error_exit 'Failed to run CloudWatch Logs agent setup'\n", "# All done so signal success\n", "/opt/aws/bin/cfn-signal -e $? ", " --stack ", { "Ref": "AWS::StackName" }, " --resource WebServerHost ", " --region ", { "Ref": "AWS::Region" }, "\n" ] ] } } } }, "WebServerLogGroup": { "Type": "AWS::Logs::LogGroup", "Properties": { "RetentionInDays": 7 } }, "404MetricFilter": { "Type": "AWS::Logs::MetricFilter", "Properties": { "LogGroupName": { "Ref": "WebServerLogGroup" }, "FilterPattern": "[ip, identity, user_id, timestamp, request, status_code = 404, size, ...]", "MetricTransformations": [ { "MetricValue": "1", "MetricNamespace": "test/404s", "MetricName": "test404Count" } ] } }, "BytesTransferredMetricFilter": { "Type": "AWS::Logs::MetricFilter", "Properties": { "LogGroupName": { "Ref": "WebServerLogGroup" }, "FilterPattern": "[ip, identity, user_id, timestamp, request, status_code, size, ...]", "MetricTransformations": [ { "MetricValue": "$size", "MetricNamespace": "test/BytesTransferred", "MetricName": "testBytesTransferred" } ] } }, "404Alarm": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "AlarmDescription": "The number of 404s is greater than 2 over 2 minutes", "MetricName": "test404Count", "Namespace": "test/404s", "Statistic": "Sum", "Period": "60", "EvaluationPeriods": "2", "Threshold": "2", "AlarmActions": [ { "Ref": "AlarmNotificationTopic" } ], "ComparisonOperator": "GreaterThanThreshold" } }, "BandwidthAlarm": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "AlarmDescription": "The average volume of traffic is greater 3500 KB over 10 minutes", "MetricName": "testBytesTransferred", "Namespace": "test/BytesTransferred", "Statistic": "Average", "Period": "300", "EvaluationPeriods": "2", "Threshold": "3500", "AlarmActions": [ { "Ref": "AlarmNotificationTopic" } ], "ComparisonOperator": "GreaterThanThreshold" } }, "AlarmNotificationTopic": { "Type": "AWS::SNS::Topic", "Properties": { "Subscription": [ { "Endpoint": { "Ref": "OperatorEmail" }, "Protocol": "email" } ] } } }, "Outputs": { "InstanceId": { "Description": "The instance ID of the web server", "Value": { "Ref": "WebServerHost" } }, "WebsiteURL": { "Value": { "Fn::Join": [ "", [ "http://", { "Fn::GetAtt": [ "WebServerHost", "PublicDnsName" ] } ] ] }, "Description": "URL for newly created LAMP stack" }, "PublicIP": { "Description": "Public IP address of the web server", "Value": { "Fn::GetAtt": [ "WebServerHost", "PublicIp" ] } }, "CloudWatchLogGroupName": { "Description": "The name of the CloudWatch log group", "Value": { "Ref": "WebServerLogGroup" } } } }

YAML

AWSTemplateFormatVersion: 2010-09-09 Description: AWS CloudFormation Sample Template for CloudWatch Logs. Parameters: KeyName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instances Type: 'AWS::EC2::KeyPair::KeyName' ConstraintDescription: must be the name of an existing EC2 KeyPair. SSHLocation: Description: The IP address range that can be used to SSH to the EC2 instances Type: String MinLength: '9' MaxLength: '18' Default: 0.0.0.0/0 AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. OperatorEmail: Description: Email address to notify if there are any scaling operations Type: String Mappings: RegionMap: us-east-1: AMI: ami-0ff8a91507f77f867 us-west-1: AMI: ami-0bdb828fd58c52235 us-west-2: AMI: ami-a0cfeed8 eu-west-1: AMI: ami-047bb4163c506cd98 ap-southeast-1: AMI: ami-08569b978cc4dfa10 ap-southeast-2: AMI: ami-09b42976632b27e9b ap-northeast-1: AMI: ami-06cd52961ce9f0d85 sa-east-1: AMI: ami-07b14488da8ea02a0 eu-central-1: AMI: ami-0233214e13e500f77 Resources: LogRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: LogRolePolicy PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - 'logs:Create*' - 'logs:PutLogEvents' - 's3:GetObject' Resource: - 'arn:aws:logs:*:*:*' - 'arn:aws:s3:::*' LogRoleInstanceProfile: Type: 'AWS::IAM::InstanceProfile' Properties: Path: / Roles: - !Ref LogRole WebServerSecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: !Ref SSHLocation WebServerHost: Type: 'AWS::EC2::Instance' Metadata: Comment: Install a simple PHP application 'AWS::CloudFormation::Init': config: packages: yum: httpd: [] php: [] files: /tmp/cwlogs/apacheaccess.conf: content: !Join - '' - - | [general] - | state_file= /var/awslogs/agent-state - | [/var/log/httpd/access_log] - | file = /var/log/httpd/access_log - 'log_group_name = ' - !Ref WebServerLogGroup - |+ - | log_stream_name = {instance_id}/apache.log - 'datetime_format = %d/%b/%Y:%H:%M:%S' mode: '000400' owner: apache group: apache /var/www/html/index.php: content: !Join - '' - - | <?php - | echo '<h1>AWS CloudFormation sample PHP application</h1>'; - | ?> mode: '000644' owner: apache group: apache /etc/cfn/cfn-hup.conf: content: !Join - '' - - | [main] - stack= - !Ref 'AWS::StackId' - |+ - region= - !Ref 'AWS::Region' - |+ mode: '000400' owner: root group: root /etc/cfn/hooks.d/cfn-auto-reloader.conf: content: !Join - '' - - | [cfn-auto-reloader-hook] - | triggers=post.update - > path=Resources.WebServerHost.Metadata.AWS::CloudFormation::Init - 'action=/opt/aws/bin/cfn-init -s ' - !Ref 'AWS::StackId' - ' -r WebServerHost ' - ' --region ' - !Ref 'AWS::Region' - |+ - | runas=root services: sysvinit: httpd: enabled: 'true' ensureRunning: 'true' sendmail: enabled: 'false' ensureRunning: 'false' CreationPolicy: ResourceSignal: Timeout: PT5M Properties: ImageId: !FindInMap - RegionMap - !Ref 'AWS::Region' - AMI KeyName: !Ref KeyName InstanceType: t1.micro SecurityGroups: - !Ref WebServerSecurityGroup IamInstanceProfile: !Ref LogRoleInstanceProfile UserData: !Base64 'Fn::Join': - '' - - | #!/bin/bash -xe - | # Get the latest CloudFormation package - | yum install -y aws-cfn-bootstrap - | # Start cfn-init - '/opt/aws/bin/cfn-init -s ' - !Ref 'AWS::StackId' - ' -r WebServerHost ' - ' --region ' - !Ref 'AWS::Region' - |2 || error_exit 'Failed to run cfn-init' - > # Start up the cfn-hup daemon to listen for changes to the EC2 instance metadata - | /opt/aws/bin/cfn-hup || error_exit 'Failed to start cfn-hup' - | # Get the CloudWatch Logs agent - > wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py - | # Install the CloudWatch Logs agent - 'python awslogs-agent-setup.py -n -r ' - !Ref 'AWS::Region' - |2 -c /tmp/cwlogs/apacheaccess.conf || error_exit 'Failed to run CloudWatch Logs agent setup' - | # All done so signal success - '/opt/aws/bin/cfn-signal -e $? ' - ' --stack ' - !Ref 'AWS::StackName' - ' --resource WebServerHost ' - ' --region ' - !Ref 'AWS::Region' - |+ WebServerLogGroup: Type: 'AWS::Logs::LogGroup' Properties: RetentionInDays: 7 404MetricFilter: Type: 'AWS::Logs::MetricFilter' Properties: LogGroupName: !Ref WebServerLogGroup FilterPattern: >- [ip, identity, user_id, timestamp, request, status_code = 404, size, ...] MetricTransformations: - MetricValue: '1' MetricNamespace: test/404s MetricName: test404Count BytesTransferredMetricFilter: Type: 'AWS::Logs::MetricFilter' Properties: LogGroupName: !Ref WebServerLogGroup FilterPattern: '[ip, identity, user_id, timestamp, request, status_code, size, ...]' MetricTransformations: - MetricValue: $size MetricNamespace: test/BytesTransferred MetricName: testBytesTransferred 404Alarm: Type: 'AWS::CloudWatch::Alarm' Properties: AlarmDescription: The number of 404s is greater than 2 over 2 minutes MetricName: test404Count Namespace: test/404s Statistic: Sum Period: '60' EvaluationPeriods: '2' Threshold: '2' AlarmActions: - !Ref AlarmNotificationTopic ComparisonOperator: GreaterThanThreshold BandwidthAlarm: Type: 'AWS::CloudWatch::Alarm' Properties: AlarmDescription: The average volume of traffic is greater 3500 KB over 10 minutes MetricName: testBytesTransferred Namespace: test/BytesTransferred Statistic: Average Period: '300' EvaluationPeriods: '2' Threshold: '3500' AlarmActions: - !Ref AlarmNotificationTopic ComparisonOperator: GreaterThanThreshold AlarmNotificationTopic: Type: 'AWS::SNS::Topic' Properties: Subscription: - Endpoint: !Ref OperatorEmail Protocol: email Outputs: InstanceId: Description: The instance ID of the web server Value: !Ref WebServerHost WebsiteURL: Value: !Join - '' - - 'http://' - !GetAtt - WebServerHost - PublicDnsName Description: URL for newly created LAMP stack PublicIP: Description: Public IP address of the web server Value: !GetAtt - WebServerHost - PublicIp CloudWatchLogGroupName: Description: The name of the CloudWatch log group Value: !Ref WebServerLogGroup

从 Windows 实例将日志发送到 CloudWatch Logs

以下模板为 Windows 2012R2 实例配置 CloudWatch Logs。

Windows 上的 CloudWatch Logs 代理(Windows 2012R2 和 Windows 2016 AMI 上的 SSM 代理)仅在启动之后才会发送日志,因此不会发送启动之前生成的任何日志。针对此问题,该模板帮助确保在任何日志写入之前启动代理,方法为:

  • 将代理安装程序配置为 cfn-init config 中的第一个 configSets 项。

  • 使用 waitAfterCompletion 在启动代理的命令之后插入一个暂停。

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Sample template that sets up and configures CloudWatch logs on Windows 2012R2 instance instance.", "Parameters": { "KeyPair": { "Description": "Name of an existing EC2 KeyPair to enable RDP access to the instances", "Type": "AWS::EC2::KeyPair::KeyName", "ConstraintDescription": "must be the name of an existing EC2 KeyPair." }, "RDPLocation": { "Description": "The IP address range that can be used to RDP to the EC2 instances", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "0.0.0.0/0", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, "OperatorEmail": { "Description": "Email address to notify if there are any scaling operations", "Type": "String" } }, "Mappings": { "AWSAMIRegionMap": { "ap-northeast-1": { "WS2012R2": "ami-09e7006451ad8bf4d" }, "ap-northeast-2": { "WS2012R2": "ami-0754980e4d02153f9" }, "ap-south-1": { "WS2012R2": "ami-00ad91b37d56c1d08" }, "ap-southeast-1": { "WS2012R2": "ami-09e7006451ad8bf4d" }, "ap-southeast-2": { "WS2012R2": "ami-000d23d3067008aea" }, "ca-central-1": { "WS2012R2": "ami-0d8e70862465b9da0" }, "eu-central-1": { "WS2012R2": "ami-0c0f322f5676ba254" }, "eu-west-1": { "WS2012R2": "ami-0a46adf18f8875ad6" }, "eu-west-2": { "WS2012R2": "ami-0651428174d9438e9" }, "sa-east-1": { "WS2012R2": "ami-08ebd138109a6c223" }, "us-east-1": { "WS2012R2": "ami-0ef6fb504535468b2" }, "us-east-2": { "WS2012R2": "ami-0f466c6044f510bd3" }, "us-west-1": { "WS2012R2": "ami-026f68ef6465e6c09" }, "us-west-2": { "WS2012R2": "ami-0274ca53943a86543" } } }, "Resources": { "WebServerSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Enable HTTP access via port 80 and RDP access via port 3389", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "tcp", "FromPort": "3389", "ToPort": "3389", "CidrIp": { "Ref": "RDPLocation" } } ] } }, "LogRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" ], "Path": "/", "Policies": [ { "PolicyName": "LogRolePolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:Create*", "logs:PutLogEvents", "s3:GetObject" ], "Resource": [ "arn:aws:logs:*:*:*", "arn:aws:s3:::*" ] } ] } } ] } }, "LogRoleInstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "LogRole" } ] } }, "WebServerHost": { "Type": "AWS::EC2::Instance", "CreationPolicy": { "ResourceSignal": { "Timeout": "PT15M" } }, "Metadata": { "AWS::CloudFormation::Init": { "configSets": { "config": [ "00-ConfigureCWLogs", "01-InstallWebServer", "02-ConfigureApplication", "03-Finalize" ] }, "00-ConfigureCWLogs": { "files": { "C:\\Program Files\\Amazon\\SSM\\Plugins\\awsCloudWatch\\AWS.EC2.Windows.CloudWatch.json": { "content": { "Fn::Sub": "{\n \"EngineConfiguration\": {\n \"Components\": [\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"ApplicationEventLog\",\n \"Parameters\": {\n \"Levels\": \"7\",\n \"LogName\": \"Application\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"SystemEventLog\",\n \"Parameters\": {\n \"Levels\": \"7\",\n \"LogName\": \"System\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"SecurityEventLog\",\n \"Parameters\": {\n \"Levels\": \"7\",\n \"LogName\": \"Security\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"EC2ConfigLog\",\n \"Parameters\": {\n \"CultureName\": \"en-US\",\n \"Encoding\": \"ASCII\",\n \"Filter\": \"EC2ConfigLog.txt\",\n \"LogDirectoryPath\": \"C:\\\\Program Files\\\\Amazon\\\\Ec2ConfigService\\\\Logs\",\n \"TimeZoneKind\": \"UTC\",\n \"TimestampFormat\": \"yyyy-MM-ddTHH:mm:ss.fffZ:\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CfnInitLog\",\n \"Parameters\": {\n \"CultureName\": \"en-US\",\n \"Encoding\": \"ASCII\",\n \"Filter\": \"cfn-init.log\",\n \"LogDirectoryPath\": \"C:\\\\cfn\\\\log\",\n \"TimeZoneKind\": \"Local\",\n \"TimestampFormat\": \"yyyy-MM-dd HH:mm:ss,fff\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"IISLogs\",\n \"Parameters\": {\n \"CultureName\": \"en-US\",\n \"Encoding\": \"UTF-8\",\n \"Filter\": \"\",\n \"LineCount\": \"3\",\n \"LogDirectoryPath\": \"C:\\\\inetpub\\\\logs\\\\LogFiles\\\\W3SVC1\",\n \"TimeZoneKind\": \"UTC\",\n \"TimestampFormat\": \"yyyy-MM-dd HH:mm:ss\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"MemoryPerformanceCounter\",\n \"Parameters\": {\n \"CategoryName\": \"Memory\",\n \"CounterName\": \"Available MBytes\",\n \"DimensionName\": \"\",\n \"DimensionValue\": \"\",\n \"InstanceName\": \"\",\n \"MetricName\": \"Memory\",\n \"Unit\": \"Megabytes\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchApplicationEventLog\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/ApplicationEventLog\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchSystemEventLog\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/SystemEventLog\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchSecurityEventLog\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/SecurityEventLog\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchEC2ConfigLog\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/EC2ConfigLog\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchCfnInitLog\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/CfnInitLog\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatchIISLogs\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"LogGroup\": \"${LogGroup}\",\n \"LogStream\": \"{instance_id}/IISLogs\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n },\n {\n \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatch.CloudWatchOutputComponent,AWS.EC2.Windows.CloudWatch\",\n \"Id\": \"CloudWatch\",\n \"Parameters\": {\n \"AccessKey\": \"\",\n \"NameSpace\": \"Windows/Default\",\n \"Region\": \"${AWS::Region}\",\n \"SecretKey\": \"\"\n }\n }\n ],\n \"Flows\": {\n \"Flows\": [\n \"ApplicationEventLog,CloudWatchApplicationEventLog\",\n \"SystemEventLog,CloudWatchSystemEventLog\",\n \"SecurityEventLog,CloudWatchSecurityEventLog\",\n \"EC2ConfigLog,CloudWatchEC2ConfigLog\",\n \"CfnInitLog,CloudWatchCfnInitLog\",\n \"IISLogs,CloudWatchIISLogs\",\n \"MemoryPerformanceCounter,CloudWatch\"\n ]\n },\n \"PollInterval\": \"00:00:05\"\n },\n \"IsEnabled\": true\n}\n" } } }, "commands": { "0-enableSSM": { "command": "powershell.exe -Command \"Set-Service -Name AmazonSSMAgent -StartupType Automatic\" ", "waitAfterCompletion": "0" }, "1-restartSSM": { "command": "powershell.exe -Command \"Restart-Service AmazonSSMAgent \"", "waitAfterCompletion": "30" } } }, "01-InstallWebServer": { "commands": { "01_install_webserver": { "command": "powershell.exe -Command \"Install-WindowsFeature Web-Server -IncludeAllSubFeature\"", "waitAfterCompletion": "0" } } }, "02-ConfigureApplication": { "files": { "c:\\Inetpub\\wwwroot\\index.htm": { "content": "<html> <head> <title>Test Application Page</title> </head> <body> <h1>Congratulations !! Your IIS server is configured.</h1> </body> </html>" } } }, "03-Finalize": { "commands": { "00_signal_success": { "command": { "Fn::Sub": "cfn-signal.exe -e 0 --resource WebServerHost --stack ${AWS::StackName} --region ${AWS::Region}" }, "waitAfterCompletion": "0" } } } } }, "Properties": { "KeyName": { "Ref": "KeyPair" }, "ImageId": { "Fn::FindInMap": [ "AWSAMIRegionMap", { "Ref": "AWS::Region" }, "WS2012R2" ] }, "InstanceType": "t2.xlarge", "SecurityGroupIds": [ { "Ref": "WebServerSecurityGroup" } ], "IamInstanceProfile": { "Ref": "LogRoleInstanceProfile" }, "UserData": { "Fn::Base64": { "Fn::Sub": "<script>\nwmic product where \"description='Amazon SSM Agent' \" uninstall\nwmic product where \"description='aws-cfn-bootstrap' \" uninstall \nstart /wait c:\\\\Windows\\\\system32\\\\msiexec /passive /qn /i https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-win64-latest.msi\npowershell.exe -Command \"iwr https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe -UseBasicParsing -OutFile C:\\\\AmazonSSMAgentSetup.exe\"\nstart /wait C:\\\\AmazonSSMAgentSetup.exe /install /quiet\ncfn-init.exe -v -c config -s ${AWS::StackName} --resource WebServerHost --region ${AWS::Region} \n</script>\n" } } } }, "LogGroup": { "Type": "AWS::Logs::LogGroup", "Properties": { "RetentionInDays": 7 } }, "404MetricFilter": { "Type": "AWS::Logs::MetricFilter", "Properties": { "LogGroupName": { "Ref": "LogGroup" }, "FilterPattern": "[timestamps, serverip, method, uri, query, port, dash, clientip, useragent, status_code = 404, ...]", "MetricTransformations": [ { "MetricValue": "1", "MetricNamespace": "test/404s", "MetricName": "test404Count" } ] } }, "404Alarm": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "AlarmDescription": "The number of 404s is greater than 2 over 2 minutes", "MetricName": "test404Count", "Namespace": "test/404s", "Statistic": "Sum", "Period": "60", "EvaluationPeriods": "2", "Threshold": "2", "AlarmActions": [ { "Ref": "AlarmNotificationTopic" } ], "ComparisonOperator": "GreaterThanThreshold" } }, "AlarmNotificationTopic": { "Type": "AWS::SNS::Topic", "Properties": { "Subscription": [ { "Endpoint": { "Ref": "OperatorEmail" }, "Protocol": "email" } ] } } }, "Outputs": { "InstanceId": { "Description": "The instance ID of the web server", "Value": { "Ref": "WebServerHost" } }, "WebsiteURL": { "Value": { "Fn::Sub": "http://${WebServerHost.PublicDnsName}" }, "Description": "URL for newly created IIS web server" }, "PublicIP": { "Description": "Public IP address of the web server", "Value": { "Fn::GetAtt": [ "WebServerHost", "PublicIp" ] } }, "CloudWatchLogGroupName": { "Description": "The name of the CloudWatch log group", "Value": { "Ref": "LogGroup" } } } }

YAML

AWSTemplateFormatVersion: 2010-09-09 Description: >- Sample template that sets up and configures CloudWatch logs on Windows 2012R2 instance instance. Parameters: KeyPair: Description: Name of an existing EC2 KeyPair to enable RDP access to the instances Type: 'AWS::EC2::KeyPair::KeyName' ConstraintDescription: must be the name of an existing EC2 KeyPair. RDPLocation: Description: The IP address range that can be used to RDP to the EC2 instances Type: String MinLength: '9' MaxLength: '18' Default: 0.0.0.0/0 AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. OperatorEmail: Description: Email address to notify if there are any scaling operations Type: String Mappings: AWSAMIRegionMap: ap-northeast-1: WS2012R2: ami-09e7006451ad8bf4d ap-northeast-2: WS2012R2: ami-0754980e4d02153f9 ap-south-1: WS2012R2: ami-00ad91b37d56c1d08 ap-southeast-1: WS2012R2: ami-09e7006451ad8bf4d ap-southeast-2: WS2012R2: ami-000d23d3067008aea ca-central-1: WS2012R2: ami-0d8e70862465b9da0 eu-central-1: WS2012R2: ami-0c0f322f5676ba254 eu-west-1: WS2012R2: ami-0a46adf18f8875ad6 eu-west-2: WS2012R2: ami-0651428174d9438e9 sa-east-1: WS2012R2: ami-08ebd138109a6c223 us-east-1: WS2012R2: ami-0ef6fb504535468b2 us-east-2: WS2012R2: ami-0f466c6044f510bd3 us-west-1: WS2012R2: ami-026f68ef6465e6c09 us-west-2: WS2012R2: ami-0274ca53943a86543 Resources: WebServerSecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: Enable HTTP access via port 80 and RDP access via port 3389 SecurityGroupIngress: - IpProtocol: tcp FromPort: '80' ToPort: '80' CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: '3389' ToPort: '3389' CidrIp: !Ref RDPLocation LogRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - 'sts:AssumeRole' ManagedPolicyArns: - 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore' Path: / Policies: - PolicyName: LogRolePolicy PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - 'logs:Create*' - 'logs:PutLogEvents' - 's3:GetObject' Resource: - 'arn:aws:logs:*:*:*' - 'arn:aws:s3:::*' LogRoleInstanceProfile: Type: 'AWS::IAM::InstanceProfile' Properties: Path: / Roles: - !Ref LogRole WebServerHost: Type: 'AWS::EC2::Instance' CreationPolicy: ResourceSignal: Timeout: PT15M Metadata: 'AWS::CloudFormation::Init': configSets: config: - 00-ConfigureCWLogs - 01-InstallWebServer - 02-ConfigureApplication - 03-Finalize 00-ConfigureCWLogs: files: 'C:\Program Files\Amazon\SSM\Plugins\awsCloudWatch\AWS.EC2.Windows.CloudWatch.json': content: !Sub | { "EngineConfiguration": { "Components": [ { "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "ApplicationEventLog", "Parameters": { "Levels": "7", "LogName": "Application" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "SystemEventLog", "Parameters": { "Levels": "7", "LogName": "System" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "SecurityEventLog", "Parameters": { "Levels": "7", "LogName": "Security" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "EC2ConfigLog", "Parameters": { "CultureName": "en-US", "Encoding": "ASCII", "Filter": "EC2ConfigLog.txt", "LogDirectoryPath": "C:\\Program Files\\Amazon\\Ec2ConfigService\\Logs", "TimeZoneKind": "UTC", "TimestampFormat": "yyyy-MM-ddTHH:mm:ss.fffZ:" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "CfnInitLog", "Parameters": { "CultureName": "en-US", "Encoding": "ASCII", "Filter": "cfn-init.log", "LogDirectoryPath": "C:\\cfn\\log", "TimeZoneKind": "Local", "TimestampFormat": "yyyy-MM-dd HH:mm:ss,fff" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "IISLogs", "Parameters": { "CultureName": "en-US", "Encoding": "UTF-8", "Filter": "", "LineCount": "3", "LogDirectoryPath": "C:\\inetpub\\logs\\LogFiles\\W3SVC1", "TimeZoneKind": "UTC", "TimestampFormat": "yyyy-MM-dd HH:mm:ss" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "MemoryPerformanceCounter", "Parameters": { "CategoryName": "Memory", "CounterName": "Available MBytes", "DimensionName": "", "DimensionValue": "", "InstanceName": "", "MetricName": "Memory", "Unit": "Megabytes" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchApplicationEventLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/ApplicationEventLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchSystemEventLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/SystemEventLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchSecurityEventLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/SecurityEventLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchEC2ConfigLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/EC2ConfigLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchCfnInitLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/CfnInitLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchIISLogs", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/IISLogs", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatch.CloudWatchOutputComponent,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatch", "Parameters": { "AccessKey": "", "NameSpace": "Windows/Default", "Region": "${AWS::Region}", "SecretKey": "" } } ], "Flows": { "Flows": [ "ApplicationEventLog,CloudWatchApplicationEventLog", "SystemEventLog,CloudWatchSystemEventLog", "SecurityEventLog,CloudWatchSecurityEventLog", "EC2ConfigLog,CloudWatchEC2ConfigLog", "CfnInitLog,CloudWatchCfnInitLog", "IISLogs,CloudWatchIISLogs", "MemoryPerformanceCounter,CloudWatch" ] }, "PollInterval": "00:00:05" }, "IsEnabled": true } commands: 0-enableSSM: command: >- powershell.exe -Command "Set-Service -Name AmazonSSMAgent -StartupType Automatic" waitAfterCompletion: '0' 1-restartSSM: command: powershell.exe -Command "Restart-Service AmazonSSMAgent " waitAfterCompletion: '30' 01-InstallWebServer: commands: 01_install_webserver: command: >- powershell.exe -Command "Install-WindowsFeature Web-Server -IncludeAllSubFeature" waitAfterCompletion: '0' 02-ConfigureApplication: files: 'c:\Inetpub\wwwroot\index.htm': content: >- <html> <head> <title>Test Application Page</title> </head> <body> <h1>Congratulations !! Your IIS server is configured.</h1> </body> </html> 03-Finalize: commands: 00_signal_success: command: !Sub >- cfn-signal.exe -e 0 --resource WebServerHost --stack ${AWS::StackName} --region ${AWS::Region} waitAfterCompletion: '0' Properties: KeyName: !Ref KeyPair ImageId: !FindInMap - AWSAMIRegionMap - !Ref 'AWS::Region' - WS2012R2 InstanceType: t2.xlarge SecurityGroupIds: - !Ref WebServerSecurityGroup IamInstanceProfile: !Ref LogRoleInstanceProfile UserData: !Base64 'Fn::Sub': > <script> wmic product where "description='Amazon SSM Agent' " uninstall wmic product where "description='aws-cfn-bootstrap' " uninstall start /wait c:\\Windows\\system32\\msiexec /passive /qn /i https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-win64-latest.msi powershell.exe -Command "iwr https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe -UseBasicParsing -OutFile C:\\AmazonSSMAgentSetup.exe" start /wait C:\\AmazonSSMAgentSetup.exe /install /quiet cfn-init.exe -v -c config -s ${AWS::StackName} --resource WebServerHost --region ${AWS::Region} </script> LogGroup: Type: 'AWS::Logs::LogGroup' Properties: RetentionInDays: 7 404MetricFilter: Type: 'AWS::Logs::MetricFilter' Properties: LogGroupName: !Ref LogGroup FilterPattern: >- [timestamps, serverip, method, uri, query, port, dash, clientip, useragent, status_code = 404, ...] MetricTransformations: - MetricValue: '1' MetricNamespace: test/404s MetricName: test404Count 404Alarm: Type: 'AWS::CloudWatch::Alarm' Properties: AlarmDescription: The number of 404s is greater than 2 over 2 minutes MetricName: test404Count Namespace: test/404s Statistic: Sum Period: '60' EvaluationPeriods: '2' Threshold: '2' AlarmActions: - !Ref AlarmNotificationTopic ComparisonOperator: GreaterThanThreshold AlarmNotificationTopic: Type: 'AWS::SNS::Topic' Properties: Subscription: - Endpoint: !Ref OperatorEmail Protocol: email Outputs: InstanceId: Description: The instance ID of the web server Value: !Ref WebServerHost WebsiteURL: Value: !Sub 'http://${WebServerHost.PublicDnsName}' Description: URL for newly created IIS web server PublicIP: Description: Public IP address of the web server Value: !GetAtt - WebServerHost - PublicIp CloudWatchLogGroupName: Description: The name of the CloudWatch log group Value: !Ref LogGroup

另请参阅

有关 CloudWatch Logs 资源的更多信息,请参阅 AWS::Logs::LogGroupAWs::Logs::MetricFilter