# aws jam北大交流賽 第一題:自動化 1. RDS=>Aurora Mysql 2. EC2 runcommand cat那個檔案 **task 1** Penalty: 9 points Clue 2:Walkthrough The CloudWatch agent must be installed and running in order to capture metrics such as memory and disk space used. You must also update the permissions for the EC2 instance profile that is attached to your EC2 instance to include permissions to use send data to CloudWatch. Since there is no private key configured for the EC2 instance, you must install the CloudWatch agent without having to ssh into the instance. Update permissions for the AWS EC2 Instance Note: If you update the permissions after installing the CloudWatch agent, you will need to stop and restart the AWS CloudWatch agent so that it can retrieve the updated credentials. Update the EC2 instance profile role with the additional AWS Systems Manager permissions required. a. Open the EC2 service menu and list your EC2 instances. The details for the instance identify the IAM role in use by the instance. b. Click on the instance profile name to open the MemoryLossJamChallenge role in the IAM service menu. c. Attach the CloudWatchAgentServerPolicy AWS Managed Policy to the role. The AWS Systems Manager agent is running on the instance so you can install the CloudWatch agent using AWS Systems Manager Distributor or using AWS Systems Manager Session Manager. Choose either flow below to complete the first step. AWS Systems Manager Distributor Cloudwatch Agent Installation Flow AWS Systems Manager Distributor includes an AWS managed package called AmazonCloudWatchAgent that enables you to install the latest version of the Amazon CloudWatch agent. AWS Systems Manager Distributor uses a run command with the AWS Systems Manager document, AWS-ConfigureAWSPackage, to install the CloudWatch agent. a. Open the AWS Systems Manager service menu and select Distributor from the service menu. b. Select the AmazonCloudWatchAgent package and choose Install one time. c. For targets, select Choose instances manually and then select your EC2 instance. Uncheck the Enable writing to an S3 bucket and choose Run. After installation of the agent, you can then use the AWS Systems Manager Run Command option in the Instances & Nodes sub-menu to execute the AmazonCloudWatch-ManageAgent document to configure the agent with a default CloudWatch configuration that includes the mem_used_percent metric and also restarts the CloudWatch agent. a. Open the AWS Systems Manager service menu and choose Documents from the menu. b. In the search bar, choose Document name prefix : Equals : AmazonCloudWatch and then choose the AmazonCloudWatch-ManageAgent document. c. Choose Run command with the following options: * **Action**: configure * **Mode**: ec2 * **Optional Configuration Source**: default * **Optional Restart**: yes d. Select Choose instances manually and select the instance for the challenge. Uncheck the Enable writing to an S3 bucket and choose Run. The CloudWatch agent will now start with the default configuration. AWS Systems Manager Session Manager CloudWatch Agent Installation Flow AWS Systems Manager Session Manager can be used to login to the instance and manually install and configure the CloudWatch agent. a. Open the AWS Systems Manager service menu and choose Session Manager from the service menu. b. Choose Start Session and then select the EC2 instance for the challenge and choose Start session. c. Enter: sudo yum install amazon-cloudwatch-agent d. Enter: cd /opt/aws/amazon-cloudwatch-agent/bin e. Enter: sudo ./amazon-cloudwatch-agent-ctl -a start -m ec2 -c default -s The CloudWatch agent will now start with the default configuration. Confirm that the CloudWatch agent is capturing the mem_used_percent metric Proceed to the CloudWatch service in the AWS console and choose the Metrics feature. Within 5 minutes, you should see the CWAgent custom namespace appear. a. Click on the "CWAgent" namespace. Within this namespace you should see a dimension group called ImageId, InstanceId, InstanceType. Click on this dimension group to see the metrics within it. b. Confirm that the mem_used_percent metric is available. Check the metric to see the latest observations in a graph. Finished! Now the CloudWatch agent running on your EC2 instance is reporting the memory in use by your EC2 instance for your analysis and actions. **task 2** Penalty: 9 points Clue 2:Walkthrough In order to complete this task, you must create an alarm for the 'mem_used_percent' metric that you are capturing for your EC2 instance. Open the CloudWatch service from the AWS Console and choose Metrics from the menu. Click the CWAgent namespace under Custom Namespaces. This is the default namespace for CloudWatch metrics generated by the CloudWatch agent. Click the ImageId, InstanceId, InstanceType dimension set. These are the dimensions applied to the mem_used_percent metric. Select the metric from the metric list for the EC2 instance. Click the Graphed Metrics tab and then select the bell icon in the Actions column for the metric. Set the Conditions section to Static, Greater than ... and enter 75 for the threshold value and select Next. For notification, select "In alarm" and select "Create new topic". This will create a new SNS topic that can be used for notifications by email, text message, or any SNS supported notification endpoint. Enter a name for the notification topic, such as "Alarm-Memory-High". Enter your email address or an email address that you have access to for the notification target in the "Email endpoints..." text box. Click "Create Topic". When the topic is created, you should receive an email asking you to confirm subscription to the topic. Normally, you would confirm subscription so you could receive new notifications. However, you are not required to raise an alarm for this topic so you can ignore the request. Finally, for Alarm Name, enter a descriptive name, such as "Alarm-Memory-High-Dev-Server". You can optionally enter a description. Click Next and review all the options for this alarm. Click create to create this alarm. Finished! Now, if the memory used was to exceed 75% on the EC2 instance, you would receive an email at the address you entered for the SNS topic.