AWS CloudFormation
User Guide (API Version 2010-05-15)
AWS 服务或AWS文档中描述的功能,可能因地区/位置而异。请点击 Amazon AWS 入门,可查看中国地区的具体差异

Amazon CloudWatch Logs 模板代码段

Amazon CloudWatch Logs 能够监控系统、应用程序和来自 Amazon EC2 实例或其他源的自定义日志文件。您可以使用 AWS CloudFormation 配置和管理日志组和指标筛选器。有关 Amazon CloudWatch Logs 入门的更多信息,请参阅 Amazon CloudWatch 用户指南 中的监控系统、应用程序和自定义日志文件

从 Linux 实例将日志发送到 CloudWatch Logs

下面的模板描述了一个 Web 服务器及其自定义指标。来自该 Web 服务器日志的日志事件为自定义指标提供了数据。为向自定义指标发送日志事件,UserData 字段在 Amazon EC2 实例上安装了一个 CloudWatch Logs 代理。该代理的配置信息 (如服务器日志文件的位置、日志组名称和日志流名称) 在 /tmp/cwlogs/apacheaccess.conf 文件中定义。在 Web 服务器向 /var/log/httpd/access_log 文件发送日志事件后,将创建日志流。

注意

有关权限的说明:WebServerHost 实例引用 LogRoleInstanceProfile 实例配置文件,后者又引用 LogRole 角色。LogRole 指定 arn:aws:s3:::*s3:GetObject 权限。

该权限是必需的,因为 WebServerHost 需要从 UserData 部分中的 Amazon S3 下载 CloudWatch Logs 代理 (awslogs-agent-setup.py)。

两个指标筛选器描述了将日志信息转换成 CloudWatch 指标的方法。404 指标用于统计出现 404 错误的次数。大小指标用于跟踪请求的大小。如果两分钟内出现两次以上的 404 错误,或平均请求大小在高于 3500 KB 的情况下持续 10 分钟,这两个 CloudWatch 警报将发送通知。

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "AWS CloudFormation Sample Template for CloudWatch Logs.", "Parameters": { "KeyName": { "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances", "Type": "AWS::EC2::KeyPair::KeyName", "ConstraintDescription" : "must be the name of an existing EC2 KeyPair." }, "SSHLocation" : { "Description" : "The IP address range that can be used to SSH to the EC2 instances", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "0.0.0.0/0", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, "OperatorEmail": { "Description": "Email address to notify if there are any scaling operations", "Type": "String" } }, "Mappings": { "RegionMap": { "us-east-1": { "AMI": "ami-fb8e9292" }, "us-west-1": { "AMI": "ami-7aba833f" }, "us-west-2": { "AMI": "ami-043a5034" }, "eu-west-1": { "AMI": "ami-2918e35e" }, "ap-southeast-1": { "AMI": "ami-b40d5ee6" }, "ap-southeast-2": { "AMI": "ami-3b4bd301" }, "ap-northeast-1": { "AMI": "ami-c9562fc8" }, "sa-east-1": { "AMI": "ami-215dff3c" }, "eu-central-1": { "AMI" : "ami-a03503bd" } } }, "Resources": { "LogRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/", "Policies": [ { "PolicyName": "LogRolePolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:Create*", "logs:PutLogEvents", "s3:GetObject" ], "Resource": [ "arn:aws:logs:*:*:*", "arn:aws:s3:::*" ] } ] } } ] } }, "LogRoleInstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "LogRole" } ] } }, "WebServerSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Enable HTTP access via port 80 and SSH access via port 22", "SecurityGroupIngress" : [ {"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"}, {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "SSHLocation"}} ] } }, "WebServerHost": { "Type": "AWS::EC2::Instance", "Metadata": { "Comment": "Install a simple PHP application", "AWS::CloudFormation::Init": { "config": { "packages": { "yum": { "httpd": [], "php": [] } }, "files": { "/tmp/cwlogs/apacheaccess.conf": { "content": { "Fn::Join": [ "", [ "[general]\n", "state_file= /var/awslogs/agent-state\n", "[/var/log/httpd/access_log]\n", "file = /var/log/httpd/access_log\n", "log_group_name = ", {"Ref": "WebServerLogGroup"}, "\n", "log_stream_name = {instance_id}/apache.log\n", "datetime_format = %d/%b/%Y:%H:%M:%S" ] ] }, "mode": "000400", "owner": "apache", "group": "apache" }, "/var/www/html/index.php": { "content": { "Fn::Join": [ "", [ "<?php\n", "echo '<h1>AWS CloudFormation sample PHP application</h1>';\n", "?>\n" ] ] }, "mode": "000644", "owner": "apache", "group": "apache" }, "/etc/cfn/cfn-hup.conf": { "content": { "Fn::Join": [ "", [ "[main]\n", "stack=", { "Ref": "AWS::StackId" }, "\n", "region=", { "Ref": "AWS::Region" }, "\n" ] ] }, "mode": "000400", "owner": "root", "group": "root" }, "/etc/cfn/hooks.d/cfn-auto-reloader.conf": { "content": { "Fn::Join": [ "", [ "[cfn-auto-reloader-hook]\n", "triggers=post.update\n", "path=Resources.WebServerHost.Metadata.AWS::CloudFormation::Init\n", "action=/opt/aws/bin/cfn-init -s ", { "Ref": "AWS::StackId" }, " -r WebServerHost ", " --region ", { "Ref": "AWS::Region" }, "\n", "runas=root\n" ] ] } } }, "services": { "sysvinit": { "httpd": { "enabled": "true", "ensureRunning": "true" }, "sendmail": { "enabled": "false", "ensureRunning": "false" } } } } } }, "CreationPolicy" : { "ResourceSignal" : { "Timeout" : "PT5M" } }, "Properties": { "ImageId": { "Fn::FindInMap": [ "RegionMap", { "Ref": "AWS::Region" }, "AMI" ] }, "KeyName": { "Ref": "KeyName" }, "InstanceType": "t1.micro", "SecurityGroups": [ { "Ref": "WebServerSecurityGroup" } ], "IamInstanceProfile": { "Ref": "LogRoleInstanceProfile" }, "UserData": { "Fn::Base64": { "Fn::Join": [ "", [ "#!/bin/bash -xe\n", "# Get the latest CloudFormation package\n", "yum install -y aws-cfn-bootstrap\n", "# Start cfn-init\n", "/opt/aws/bin/cfn-init -s ", { "Ref": "AWS::StackId" }, " -r WebServerHost ", " --region ", { "Ref": "AWS::Region" }, " || error_exit 'Failed to run cfn-init'\n", "# Start up the cfn-hup daemon to listen for changes to the EC2 instance metadata\n", "/opt/aws/bin/cfn-hup || error_exit 'Failed to start cfn-hup'\n", "# Get the CloudWatch Logs agent\n", "wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py\n", "# Install the CloudWatch Logs agent\n", "python awslogs-agent-setup.py -n -r ", { "Ref" : "AWS::Region" }, " -c /tmp/cwlogs/apacheaccess.conf || error_exit 'Failed to run CloudWatch Logs agent setup'\n", "# All done so signal success\n", "/opt/aws/bin/cfn-signal -e $? ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource WebServerHost ", " --region ", { "Ref" : "AWS::Region" }, "\n" ] ] } } } }, "WebServerLogGroup": { "Type": "AWS::Logs::LogGroup", "Properties": { "RetentionInDays": 7 } }, "404MetricFilter": { "Type": "AWS::Logs::MetricFilter", "Properties": { "LogGroupName": { "Ref": "WebServerLogGroup" }, "FilterPattern": "[ip, identity, user_id, timestamp, request, status_code = 404, size, ...]", "MetricTransformations": [ { "MetricValue": "1", "MetricNamespace": "test/404s", "MetricName": "test404Count" } ] } }, "BytesTransferredMetricFilter": { "Type": "AWS::Logs::MetricFilter", "Properties": { "LogGroupName": { "Ref": "WebServerLogGroup" }, "FilterPattern": "[ip, identity, user_id, timestamp, request, status_code, size, ...]", "MetricTransformations": [ { "MetricValue": "$size", "MetricNamespace": "test/BytesTransferred", "MetricName": "testBytesTransferred" } ] } }, "404Alarm": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "AlarmDescription": "The number of 404s is greater than 2 over 2 minutes", "MetricName": "test404Count", "Namespace": "test/404s", "Statistic": "Sum", "Period": "60", "EvaluationPeriods": "2", "Threshold": "2", "AlarmActions": [ { "Ref": "AlarmNotificationTopic" } ], "ComparisonOperator": "GreaterThanThreshold" } }, "BandwidthAlarm": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "AlarmDescription": "The average volume of traffic is greater 3500 KB over 10 minutes", "MetricName": "testBytesTransferred", "Namespace": "test/BytesTransferred", "Statistic": "Average", "Period": "300", "EvaluationPeriods": "2", "Threshold": "3500", "AlarmActions": [ { "Ref": "AlarmNotificationTopic" } ], "ComparisonOperator": "GreaterThanThreshold" } }, "AlarmNotificationTopic": { "Type": "AWS::SNS::Topic", "Properties": { "Subscription": [ { "Endpoint": { "Ref": "OperatorEmail" }, "Protocol": "email" } ] } } }, "Outputs": { "InstanceId": { "Description": "The instance ID of the web server", "Value": { "Ref": "WebServerHost" } }, "WebsiteURL" : { "Value" : { "Fn::Join" : ["", ["http://", { "Fn::GetAtt" : [ "WebServerHost", "PublicDnsName" ]}]] }, "Description" : "URL for newly created LAMP stack" }, "PublicIP": { "Description": "Public IP address of the web server", "Value": { "Fn::GetAtt": [ "WebServerHost", "PublicIp" ] } }, "CloudWatchLogGroupName": { "Description": "The name of the CloudWatch log group", "Value": { "Ref": "WebServerLogGroup" } } } }

YAML

AWSTemplateFormatVersion: '2010-09-09' Description: AWS CloudFormation Sample Template for CloudWatch Logs. Parameters: KeyName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instances Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: must be the name of an existing EC2 KeyPair. SSHLocation: Description: The IP address range that can be used to SSH to the EC2 instances Type: String MinLength: '9' MaxLength: '18' Default: 0.0.0.0/0 AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. OperatorEmail: Description: Email address to notify if there are any scaling operations Type: String Mappings: RegionMap: us-east-1: AMI: ami-fb8e9292 us-west-1: AMI: ami-7aba833f us-west-2: AMI: ami-043a5034 eu-west-1: AMI: ami-2918e35e ap-southeast-1: AMI: ami-b40d5ee6 ap-southeast-2: AMI: ami-3b4bd301 ap-northeast-1: AMI: ami-c9562fc8 sa-east-1: AMI: ami-215dff3c eu-central-1: AMI: ami-a03503bd Resources: LogRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole Path: "/" Policies: - PolicyName: LogRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - logs:Create* - logs:PutLogEvents - s3:GetObject Resource: - arn:aws:logs:*:*:* - arn:aws:s3:::* LogRoleInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: "/" Roles: - Ref: LogRole WebServerSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 SecurityGroupIngress: - IpProtocol: tcp FromPort: '80' ToPort: '80' CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: '22' ToPort: '22' CidrIp: Ref: SSHLocation WebServerHost: Type: AWS::EC2::Instance Metadata: Comment: Install a simple PHP application AWS::CloudFormation::Init: config: packages: yum: httpd: [] php: [] files: "/tmp/cwlogs/apacheaccess.conf": content: !Sub | [general] state_file= /var/awslogs/agent-state [/var/log/httpd/access_log] file = /var/log/httpd/access_log log_group_name = ${WebServerLogGroup} log_stream_name = {instance_id}/apache.log datetime_format = %d/%b/%Y:%H:%M:%S mode: '000400' owner: apache group: apache "/var/www/html/index.php": content: !Sub | "<?php" "echo '<h1>AWS CloudFormation sample PHP application</h1>';" "?>" mode: '000644' owner: apache group: apache "/etc/cfn/cfn-hup.conf": content: !Sub | [main] stack= ${AWS::StackId} region=${AWS::Region} mode: "000400" owner: "root" group: "root" "/etc/cfn/hooks.d/cfn-auto-reloader.conf": content: !Sub | [cfn-auto-reloader-hook] triggers=post.update path=Resources.WebServerHost.Metadata.AWS::CloudFormation::Init action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource WebServerHost --region ${AWS::Region} mode: "000400" owner: "root" group: "root" services: sysvinit: httpd: enabled: 'true' ensureRunning: 'true' sendmail: enabled: 'false' ensureRunning: 'false' CreationPolicy: ResourceSignal: Timeout: PT5M Properties: ImageId: Fn::FindInMap: - RegionMap - Ref: AWS::Region - AMI KeyName: Ref: KeyName InstanceType: t1.micro SecurityGroups: - Ref: WebServerSecurityGroup IamInstanceProfile: Ref: LogRoleInstanceProfile UserData: "Fn::Base64": !Sub | #!/bin/bash -xe # Get the latest CloudFormation package yum update -y aws-cfn-bootstrap # Start cfn-init /opt/aws/bin/cfn-init -s ${AWS::StackId} -r WebServerHost --region ${AWS::Region} || error_exit 'Failed to run cfn-init' # Start up the cfn-hup daemon to listen for changes to the EC2 instance metadata /opt/aws/bin/cfn-hup || error_exit 'Failed to start cfn-hup' # Get the CloudWatch Logs agent wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py # Install the CloudWatch Logs agent python awslogs-agent-setup.py -n -r ${AWS::Region} -c /tmp/cwlogs/apacheaccess.conf || error_exit 'Failed to run CloudWatch Logs agent setup' # All done so signal success /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackId} --resource WebServerHost --region ${AWS::Region} WebServerLogGroup: Type: AWS::Logs::LogGroup Properties: RetentionInDays: 7 404MetricFilter: Type: AWS::Logs::MetricFilter Properties: LogGroupName: Ref: WebServerLogGroup FilterPattern: "[ip, identity, user_id, timestamp, request, status_code = 404, size, ...]" MetricTransformations: - MetricValue: '1' MetricNamespace: test/404s MetricName: test404Count BytesTransferredMetricFilter: Type: AWS::Logs::MetricFilter Properties: LogGroupName: Ref: WebServerLogGroup FilterPattern: "[ip, identity, user_id, timestamp, request, status_code, size, ...]" MetricTransformations: - MetricValue: "$size" MetricNamespace: test/BytesTransferred MetricName: testBytesTransferred 404Alarm: Type: AWS::CloudWatch::Alarm Properties: AlarmDescription: The number of 404s is greater than 2 over 2 minutes MetricName: test404Count Namespace: test/404s Statistic: Sum Period: '60' EvaluationPeriods: '2' Threshold: '2' AlarmActions: - Ref: AlarmNotificationTopic ComparisonOperator: GreaterThanThreshold BandwidthAlarm: Type: AWS::CloudWatch::Alarm Properties: AlarmDescription: The average volume of traffic is greater 3500 KB over 10 minutes MetricName: testBytesTransferred Namespace: test/BytesTransferred Statistic: Average Period: '300' EvaluationPeriods: '2' Threshold: '3500' AlarmActions: - Ref: AlarmNotificationTopic ComparisonOperator: GreaterThanThreshold AlarmNotificationTopic: Type: AWS::SNS::Topic Properties: Subscription: - Endpoint: Ref: OperatorEmail Protocol: email Outputs: InstanceId: Description: The instance ID of the web server Value: Ref: WebServerHost WebsiteURL: Value: !Sub 'http://${WebServerHost.PublicDnsName}' Description: URL for newly created LAMP stack PublicIP: Description: Public IP address of the web server Value: !GetAtt WebServerHost.PublicIp CloudWatchLogGroupName: Description: The name of the CloudWatch log group Value: !Ref WebServerLogGroup

从 Windows 实例将日志发送到 CloudWatch Logs

以下模板为 Windows 2012R2 实例配置 CloudWatch Logs。

Windows 上的 CloudWatch Logs 代理 (Windows 2012R2 和 Windows 2016 AMI 上的 SSM 代理) 仅在启动之后才会发送日志,因此不会发送启动之前生成的任何日志。针对此问题,该模板帮助确保在任何日志写入之前启动代理,方法为:

  • 将代理安装程序配置为 cfn-init configSets 中的第一个 config 项。

  • 使用 waitAfterCompletion 在启动代理的命令之后插入一个暂停。

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Sample template that sets up and configures CloudWatch logs on Windows 2012R2 instance.", "Parameters": { "KeyPair" : { "Description": "Name of an existing EC2 KeyPair to enable RDP access to the instances", "Type": "AWS::EC2::KeyPair::KeyName", "ConstraintDescription" : "must be the name of an existing EC2 KeyPair." }, "RDPLocation" : { "Description" : "The IP address range that can be used to RDP to the EC2 instances", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "0.0.0.0/0", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, "OperatorEmail": { "Description": "Email address to notify if there are any scaling operations", "Type": "String" } }, "Mappings": { "AWSAMIRegionMap": { "ap-northeast-1": { "WS2012R2": "ami-cb7429ac" }, "ap-northeast-2": { "WS2012R2": "ami-34d4075a" }, "ap-south-1": { "WS2012R2": "ami-dd8cfcb2" }, "ap-southeast-1": { "WS2012R2": "ami-e5a51786" }, "ap-southeast-2": { "WS2012R2": "ami-a63934c5" }, "ca-central-1": { "WS2012R2": "ami-d242ffb6" }, "eu-central-1": { "WS2012R2": "ami-d029febf" }, "eu-west-1": { "WS2012R2": "ami-d3dee9b5" }, "eu-west-2": { "WS2012R2": "ami-e5b3a681" }, "sa-east-1": { "WS2012R2": "ami-83f594ef" }, "us-east-1": { "WS2012R2": "ami-11e84107" }, "us-east-2": { "WS2012R2": "ami-d85773bd" }, "us-west-1": { "WS2012R2": "ami-052d7565" }, "us-west-2": { "WS2012R2": "ami-09f47d69" } } }, "Resources": { "WebServerSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Enable HTTP access via port 80 and RDP access via port 3389", "SecurityGroupIngress" : [ {"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"}, {"IpProtocol" : "tcp", "FromPort" : "3389", "ToPort" : "3389", "CidrIp" : { "Ref" : "RDPLocation"}} ] } }, "LogRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "ManagedPolicyArns" : [ "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"], "Path": "/", "Policies": [ { "PolicyName": "LogRolePolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:Create*", "logs:PutLogEvents", "s3:GetObject" ], "Resource": [ "arn:aws:logs:*:*:*", "arn:aws:s3:::*" ] } ] } } ] } }, "LogRoleInstanceProfile": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "LogRole" } ] } }, "WebServerHost": { "Type": "AWS::EC2::Instance", "CreationPolicy" : { "ResourceSignal" : { "Timeout" : "PT15M" } }, "Metadata": { "AWS::CloudFormation::Init" : { "configSets" : { "config": [ "00-ConfigureCWLogs", "01-InstallWebServer", "02-ConfigureApplication", "03-Finalize" ] }, "00-ConfigureCWLogs" : { "files": { "C:\\Program Files\\Amazon\\SSM\\Plugins\\awsCloudWatch\\AWS.EC2.Windows.CloudWatch.json": { "content": { "Fn::Join": [ "", [ "{", " \"IsEnabled\" : true,", " \"EngineConfiguration\" : {", " \"PollInterval\" : \"00:00:05\",", " \"Components\" : [{", " \"Id\" : \"ApplicationEventLog\",", " \"FullName\" : \"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\" : {", " \"LogName\" : \"Application\",", " \"Levels\" : \"7\"", " }", " },", " {", " \"Id\" : \"SystemEventLog\",", " \"FullName\" : \"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\" : {", " \"LogName\" : \"System\",", " \"Levels\" : \"7\"", " }", " },", " {", " \"Id\" : \"SecurityEventLog\",", " \"FullName\" : \"AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\" : {", " \"LogName\" : \"Security\",", " \"Levels\" : \"7\"", " }", " },", " {", " \"Id\" : \"EC2ConfigLog\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"LogDirectoryPath\": \"C:\\\\Program Files\\\\Amazon\\\\Ec2ConfigService\\\\Logs\",", " \"TimestampFormat\": \"yyyy-MM-ddTHH:mm:ss.fffZ:\",", " \"Encoding\": \"ASCII\",", " \"Filter\": \"EC2ConfigLog.txt\",", " \"CultureName\": \"en-US\",", " \"TimeZoneKind\": \"UTC\"", " }", " },", " {", " \"Id\": \"CfnInitLog\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"LogDirectoryPath\": \"C:\\\\cfn\\\\log\",", " \"TimestampFormat\": \"yyyy-MM-dd HH:mm:ss,fff\",", " \"Encoding\": \"ASCII\",", " \"Filter\": \"cfn-init.log\",", " \"CultureName\": \"en-US\",", " \"TimeZoneKind\": \"Local\"", " }", " },", " {", " \"Id\" : \"IISLogs\",", " \"FullName\" : \"AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\" : {", " \"LogDirectoryPath\" : \"C:\\\\inetpub\\\\logs\\\\LogFiles\\\\W3SVC1\",", " \"TimestampFormat\" : \"yyyy-MM-dd HH:mm:ss\",", " \"Encoding\" : \"UTF-8\",", " \"Filter\" : \"\",", " \"CultureName\" : \"en-US\",", " \"TimeZoneKind\" : \"UTC\",", " \"LineCount\" : \"3\"", " }", " },", " {", " \"Id\" : \"MemoryPerformanceCounter\",", " \"FullName\" : \"AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\" : {", " \"CategoryName\" : \"Memory\",", " \"CounterName\" : \"Available MBytes\",", " \"InstanceName\" : \"\",", " \"MetricName\" : \"Memory\",", " \"Unit\" : \"Megabytes\",", " \"DimensionName\" : \"\",", " \"DimensionValue\" : \"\"", " }", " },", " {", " \"Id\": \"CloudWatchApplicationEventLog\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"AccessKey\": \"\",", " \"SecretKey\": \"\",", { "Fn::Sub": " \"Region\": \"${AWS::Region}\"," }, { "Fn::Sub": " \"LogGroup\": \"${LogGroup}\"," }, " \"LogStream\": \"{instance_id}/ApplicationEventLog\"", " }", " },", " {", " \"Id\": \"CloudWatchSystemEventLog\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"AccessKey\": \"\",", " \"SecretKey\": \"\",", { "Fn::Sub": " \"Region\": \"${AWS::Region}\"," }, { "Fn::Sub": " \"LogGroup\": \"${LogGroup}\"," }, " \"LogStream\": \"{instance_id}/SystemEventLog\"", " }", " },", " {", " \"Id\": \"CloudWatchSecurityEventLog\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"AccessKey\": \"\",", " \"SecretKey\": \"\",", { "Fn::Sub": " \"Region\": \"${AWS::Region}\"," }, { "Fn::Sub": " \"LogGroup\": \"${LogGroup}\"," }, " \"LogStream\": \"{instance_id}/SecurityEventLog\"", " }", " },", " {", " \"Id\": \"CloudWatchEC2ConfigLog\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"AccessKey\": \"\",", " \"SecretKey\": \"\",", { "Fn::Sub": " \"Region\": \"${AWS::Region}\"," }, { "Fn::Sub": " \"LogGroup\": \"${LogGroup}\"," }, " \"LogStream\": \"{instance_id}/EC2ConfigLog\"", " }", " },", " {", " \"Id\": \"CloudWatchCfnInitLog\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"AccessKey\": \"\",", " \"SecretKey\": \"\",", { "Fn::Sub": " \"Region\": \"${AWS::Region}\"," }, { "Fn::Sub": " \"LogGroup\": \"${LogGroup}\"," }, " \"LogStream\": \"{instance_id}/CfnInitLog\"", " }", " },", " {", " \"Id\": \"CloudWatchIISLogs\",", " \"FullName\": \"AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\": {", " \"AccessKey\": \"\",", " \"SecretKey\": \"\",", { "Fn::Sub": " \"Region\": \"${AWS::Region}\"," }, { "Fn::Sub": " \"LogGroup\": \"${LogGroup}\"," }, " \"LogStream\": \"{instance_id}/IISLogs\"", " }", " },", " {", " \"Id\" : \"CloudWatch\",", " \"FullName\" : \"AWS.EC2.Windows.CloudWatch.CloudWatch.CloudWatchOutputComponent,AWS.EC2.Windows.CloudWatch\",", " \"Parameters\" : {", " \"AccessKey\" : \"\",", " \"SecretKey\" : \"\",", { "Fn::Sub": " \"Region\": \"${AWS::Region}\"," }, " \"NameSpace\" : \"Windows/Default\"", " }", " }],", " \"Flows\": {", " \"Flows\": [", " \"ApplicationEventLog,CloudWatchApplicationEventLog\",", " \"SystemEventLog,CloudWatchSystemEventLog\",", " \"SecurityEventLog,CloudWatchSecurityEventLog\",", " \"EC2ConfigLog,CloudWatchEC2ConfigLog\",", " \"CfnInitLog,CloudWatchCfnInitLog\",", " \"IISLogs,CloudWatchIISLogs\",", " \"MemoryPerformanceCounter,CloudWatch\"", " ]", " }", " }", "}" ] ] } } }, "commands": { "0-enableSSM" : { "command" : "powershell.exe -Command \"Set-Service -Name AmazonSSMAgent -StartupType Automatic\" ", "waitAfterCompletion" : "0" }, "1-restartSSM": { "command" : "powershell.exe -Command \"Restart-Service AmazonSSMAgent \"", "waitAfterCompletion" : "30" } } }, "01-InstallWebServer": { "commands": { "01_install_webserver": { "command": "powershell.exe -Command \"Install-WindowsFeature Web-Server -IncludeAllSubFeature\"", "waitAfterCompletion": "0" } } }, "02-ConfigureApplication": { "files": { "c:\\Inetpub\\wwwroot\\index.htm": { "content": { "Fn::Join": [ "\n", [ "<html>", "<head>", "<title>Test Application</title>", "</head>", "<body>", "<h1>Congratulations!! Your IIS Web Server is configured.</h1>", "</body>", "</html>" ] ] } } } }, "03-Finalize": { "commands": { "00_signal_success": { "command": { "Fn::Sub" : "cfn-signal.exe -e 0 --resource WebServerHost --stack ${AWS::StackName} --region ${AWS::Region} " }, "waitAfterCompletion": "0" } } } } }, "Properties": { "KeyName": { "Ref" : "KeyPair"}, "ImageId": { "Fn::FindInMap": [ "AWSAMIRegionMap", { "Ref": "AWS::Region" }, "WS2012R2" ] }, "InstanceType": "t2.xlarge", "SecurityGroupIds" : [{ "Ref" : "WebServerSecurityGroup"}], "IamInstanceProfile" : { "Ref" : "LogRoleInstanceProfile"}, "UserData": { "Fn::Base64": { "Fn::Join": [ "\n", [ "<script>", "wmic product where \"description='Amazon SSM Agent' \" uninstall", "wmic product where \"description='aws-cfn-bootstrap' \" uninstall ", "start /wait c:\\Windows\\system32\\msiexec /passive /qn /i https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-win64-latest.msi", "powershell.exe -Command \"iwr https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe -UseBasicParsing -OutFile C:\\AmazonSSMAgentSetup.exe\"", "start /wait C:\\AmazonSSMAgentSetup.exe /install /quiet", { "Fn::Sub" : "cfn-init.exe -v -c config -s ${AWS::StackName} --resource WebServerHost --region ${AWS::Region} " }, "</script>" ] ] } } } }, "LogGroup": { "Type": "AWS::Logs::LogGroup", "Properties": { "RetentionInDays": 7 } }, "404MetricFilter": { "Type": "AWS::Logs::MetricFilter", "Properties": { "LogGroupName": { "Ref": "LogGroup" }, "FilterPattern": "[timestamps,serverip, method, uri, query, port, dash, clientip, useragent, status_code = 404, ...]", "MetricTransformations": [ { "MetricValue": "1", "MetricNamespace": "test/404s", "MetricName": "test404Count" } ] } }, "404Alarm": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "AlarmDescription": "The number of 404s is greater than 2 over 2 minutes", "MetricName": "test404Count", "Namespace": "test/404s", "Statistic": "Sum", "Period": "60", "EvaluationPeriods": "2", "Threshold": "2", "AlarmActions": [ { "Ref": "AlarmNotificationTopic" } ], "ComparisonOperator": "GreaterThanThreshold" } }, "AlarmNotificationTopic": { "Type": "AWS::SNS::Topic", "Properties": { "Subscription": [ { "Endpoint": { "Ref": "OperatorEmail" }, "Protocol": "email" } ] } } }, "Outputs": { "InstanceId": { "Description": "The instance ID of the web server", "Value": { "Ref": "WebServerHost" } }, "WebsiteURL" : { "Value" : { "Fn::Join" : ["", ["http://", { "Fn::GetAtt" : [ "WebServerHost", "PublicDnsName" ]}]] }, "Description" : "URL for newly created IIS web server" }, "PublicIP": { "Description": "Public IP address of the web server", "Value": { "Fn::GetAtt": [ "WebServerHost", "PublicIp" ] } }, "CloudWatchLogGroupName": { "Description": "The name of the CloudWatch log group", "Value": { "Ref": "LogGroup" } } } }

YAML

AWSTemplateFormatVersion: '2010-09-09' Description: Sample template that sets up and configures CloudWatch logs on Windows 2012R2 instance instance. Parameters: KeyPair: Description: Name of an existing EC2 KeyPair to enable RDP access to the instances Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: must be the name of an existing EC2 KeyPair. RDPLocation: Description: The IP address range that can be used to RDP to the EC2 instances Type: String MinLength: '9' MaxLength: '18' Default: 0.0.0.0/0 AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. OperatorEmail: Description: Email address to notify if there are any scaling operations Type: String Mappings: AWSAMIRegionMap: ap-northeast-1: WS2012R2: ami-cb7429ac ap-northeast-2: WS2012R2: ami-34d4075a ap-south-1: WS2012R2: ami-dd8cfcb2 ap-southeast-1: WS2012R2: ami-e5a51786 ap-southeast-2: WS2012R2: ami-a63934c5 ca-central-1: WS2012R2: ami-d242ffb6 eu-central-1: WS2012R2: ami-d029febf eu-west-1: WS2012R2: ami-d3dee9b5 eu-west-2: WS2012R2: ami-e5b3a681 sa-east-1: WS2012R2: ami-83f594ef us-east-1: WS2012R2: ami-11e84107 us-east-2: WS2012R2: ami-d85773bd us-west-1: WS2012R2: ami-052d7565 us-west-2: WS2012R2: ami-09f47d69 Resources: WebServerSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable HTTP access via port 80 and RDP access via port 3389 SecurityGroupIngress: - IpProtocol: tcp FromPort: '80' ToPort: '80' CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: '3389' ToPort: '3389' CidrIp: !Ref 'RDPLocation' LogRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM Path: / Policies: - PolicyName: LogRolePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - logs:Create* - logs:PutLogEvents - s3:GetObject Resource: - arn:aws:logs:*:*:* - arn:aws:s3:::* LogRoleInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref 'LogRole' WebServerHost: Type: AWS::EC2::Instance CreationPolicy: ResourceSignal: Timeout: PT15M Metadata: AWS::CloudFormation::Init: configSets: config: - 00-ConfigureCWLogs - 01-InstallWebServer - 02-ConfigureApplication - 03-Finalize 00-ConfigureCWLogs: files: C:\Program Files\Amazon\SSM\Plugins\awsCloudWatch\AWS.EC2.Windows.CloudWatch.json: content: !Sub | { "EngineConfiguration": { "Components": [ { "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "ApplicationEventLog", "Parameters": { "Levels": "7", "LogName": "Application" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "SystemEventLog", "Parameters": { "Levels": "7", "LogName": "System" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.EventLog.EventLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "SecurityEventLog", "Parameters": { "Levels": "7", "LogName": "Security" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "EC2ConfigLog", "Parameters": { "CultureName": "en-US", "Encoding": "ASCII", "Filter": "EC2ConfigLog.txt", "LogDirectoryPath": "C:\\Program Files\\Amazon\\Ec2ConfigService\\Logs", "TimeZoneKind": "UTC", "TimestampFormat": "yyyy-MM-ddTHH:mm:ss.fffZ:" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "CfnInitLog", "Parameters": { "CultureName": "en-US", "Encoding": "ASCII", "Filter": "cfn-init.log", "LogDirectoryPath": "C:\\cfn\\log", "TimeZoneKind": "Local", "TimestampFormat": "yyyy-MM-dd HH:mm:ss,fff" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CustomLog.CustomLogInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "IISLogs", "Parameters": { "CultureName": "en-US", "Encoding": "UTF-8", "Filter": "", "LineCount": "3", "LogDirectoryPath": "C:\\inetpub\\logs\\LogFiles\\W3SVC1", "TimeZoneKind": "UTC", "TimestampFormat": "yyyy-MM-dd HH:mm:ss" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.PerformanceCounterComponent.PerformanceCounterInputComponent,AWS.EC2.Windows.CloudWatch", "Id": "MemoryPerformanceCounter", "Parameters": { "CategoryName": "Memory", "CounterName": "Available MBytes", "DimensionName": "", "DimensionValue": "", "InstanceName": "", "MetricName": "Memory", "Unit": "Megabytes" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchApplicationEventLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/ApplicationEventLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchSystemEventLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/SystemEventLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchSecurityEventLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/SecurityEventLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchEC2ConfigLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/EC2ConfigLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchCfnInitLog", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/CfnInitLog", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatchLogsOutput,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatchIISLogs", "Parameters": { "AccessKey": "", "LogGroup": "${LogGroup}", "LogStream": "{instance_id}/IISLogs", "Region": "${AWS::Region}", "SecretKey": "" } }, { "FullName": "AWS.EC2.Windows.CloudWatch.CloudWatch.CloudWatchOutputComponent,AWS.EC2.Windows.CloudWatch", "Id": "CloudWatch", "Parameters": { "AccessKey": "", "NameSpace": "Windows/Default", "Region": "${AWS::Region}", "SecretKey": "" } } ], "Flows": { "Flows": [ "ApplicationEventLog,CloudWatchApplicationEventLog", "SystemEventLog,CloudWatchSystemEventLog", "SecurityEventLog,CloudWatchSecurityEventLog", "EC2ConfigLog,CloudWatchEC2ConfigLog", "CfnInitLog,CloudWatchCfnInitLog", "IISLogs,CloudWatchIISLogs", "MemoryPerformanceCounter,CloudWatch" ] }, "PollInterval": "00:00:05" }, "IsEnabled": true } commands: 0-enableSSM: command: 'powershell.exe -Command "Set-Service -Name AmazonSSMAgent -StartupType Automatic" ' waitAfterCompletion: '0' 1-restartSSM: command: 'powershell.exe -Command "Restart-Service AmazonSSMAgent "' waitAfterCompletion: '30' 01-InstallWebServer: commands: 01_install_webserver: command: powershell.exe -Command "Install-WindowsFeature Web-Server -IncludeAllSubFeature" waitAfterCompletion: '0' 02-ConfigureApplication: files: c:\Inetpub\wwwroot\index.htm: content: '<html> <head> <title>Test Application Page</title> </head> <body> <h1>Congratulations !! Your IIS server is configured.</h1> </body> </html>' 03-Finalize: commands: 00_signal_success: command: !Sub 'cfn-signal.exe -e 0 --resource WebServerHost --stack ${AWS::StackName} --region ${AWS::Region}' waitAfterCompletion: '0' Properties: KeyName: !Ref 'KeyPair' ImageId: !FindInMap [AWSAMIRegionMap, !Ref 'AWS::Region', WS2012R2] InstanceType: t2.xlarge SecurityGroupIds: - !Ref 'WebServerSecurityGroup' IamInstanceProfile: !Ref 'LogRoleInstanceProfile' UserData: Fn::Base64: !Sub | <script> wmic product where "description='Amazon SSM Agent' " uninstall wmic product where "description='aws-cfn-bootstrap' " uninstall start /wait c:\\Windows\\system32\\msiexec /passive /qn /i https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-win64-latest.msi powershell.exe -Command "iwr https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe -UseBasicParsing -OutFile C:\\AmazonSSMAgentSetup.exe" start /wait C:\\AmazonSSMAgentSetup.exe /install /quiet cfn-init.exe -v -c config -s ${AWS::StackName} --resource WebServerHost --region ${AWS::Region} </script> LogGroup: Type: AWS::Logs::LogGroup Properties: RetentionInDays: 7 404MetricFilter: Type: AWS::Logs::MetricFilter Properties: LogGroupName: !Ref 'LogGroup' FilterPattern: '[timestamps, serverip, method, uri, query, port, dash, clientip, useragent, status_code = 404, ...]' MetricTransformations: - MetricValue: '1' MetricNamespace: test/404s MetricName: test404Count 404Alarm: Type: AWS::CloudWatch::Alarm Properties: AlarmDescription: The number of 404s is greater than 2 over 2 minutes MetricName: test404Count Namespace: test/404s Statistic: Sum Period: '60' EvaluationPeriods: '2' Threshold: '2' AlarmActions: - !Ref 'AlarmNotificationTopic' ComparisonOperator: GreaterThanThreshold AlarmNotificationTopic: Type: AWS::SNS::Topic Properties: Subscription: - Endpoint: !Ref 'OperatorEmail' Protocol: email Outputs: InstanceId: Description: The instance ID of the web server Value: !Ref 'WebServerHost' WebsiteURL: Value: !Sub 'http://${WebServerHost.PublicDnsName}' Description: URL for newly created IIS web server PublicIP: Description: Public IP address of the web server Value: !GetAtt 'WebServerHost.PublicIp' CloudWatchLogGroupName: Description: The name of the CloudWatch log group Value: !Ref 'LogGroup'

另请参阅

有关 CloudWatch Logs 资源的更多信息,请参阅 AWS::Logs::LogGroupAWS::Logs::MetricFilter