AWSTemplateFormatVersion: '2010-09-09'
Description: CloudFormation template to create endpoints for CloudWatch Agent within an existing VPC and a single subnet with specific private IP addresses.
Parameters:
SubnetId:
Type: String
Default: subnet-05cf58c7b070975c8
Description: The ID of the existing subnet
PrivateIp1:
Type: String
Default: 10.0.1.120
Description: The private IP address for the first endpoint
PrivateIp2:
Type: String
Default: 10.0.1.121
Description: The private IP address for the second endpoint
Resources:
# Create a security group to allow access for CloudWatch Agent
MySecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow access for CloudWatch Agent
VpcId: vpc-xxx # Fixed VPC ID
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: MySecurityGroup
# Create the first Network Interface with a specific private IP address
NetworkInterface1:
Type: AWS::EC2::NetworkInterface
Properties:
SubnetId: !Ref SubnetId
PrivateIpAddress: !Ref PrivateIp1
GroupSet:
- !Ref MySecurityGroup
Tags:
- Key: Name
Value: NetworkInterface1
# Create the second Network Interface with a specific private IP address
NetworkInterface2:
Type: AWS::EC2::NetworkInterface
Properties:
SubnetId: !Ref SubnetId
PrivateIpAddress: !Ref PrivateIp2
GroupSet:
- !Ref MySecurityGroup
Tags:
- Key: Name
Value: NetworkInterface2
# Create the CloudWatch Monitoring endpoint
CloudWatchMonitoringEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
ServiceName: !Sub com.amazonaws.${AWS::Region}.monitoring
VpcId: vpc-xxx # Fixed VPC ID
SubnetIds:
- !Ref SubnetId
SecurityGroupIds:
- !Ref MySecurityGroup
VpcEndpointType: Interface
PrivateDnsEnabled: true
NetworkInterfaceIds:
- !Ref NetworkInterface1
# Create the CloudWatch Logs endpoint
CloudWatchLogsEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
ServiceName: !Sub com.amazonaws.${AWS::Region}.logs
VpcId: vpc-xxx # Fixed VPC ID
SubnetIds:
- !Ref SubnetId
SecurityGroupIds:
- !Ref MySecurityGroup
VpcEndpointType: Interface
PrivateDnsEnabled: true
NetworkInterfaceIds:
- !Ref NetworkInterface2
Outputs:
SecurityGroupId:
Description: The security group ID
Value: !Ref MySecurityGroup
CloudWatchMonitoringEndpointId:
Description: The CloudWatch monitoring endpoint ID
Value: !Ref CloudWatchMonitoringEndpoint
CloudWatchLogsEndpointId:
Description: The CloudWatch logs endpoint ID
Value: !Ref CloudWatchLogsEndpoint
NetworkInterface1Id:
Description: The first network interface ID
Value: !Ref NetworkInterface1
NetworkInterface2Id:
Description: The second network interface ID
Value: !Ref NetworkInterface2
{
"agent": {
"run_as_user": "root"
},
"metrics": {
"namespace": "CWAgent",
"append_dimensions": {
"AutoScalingGroupName": "${aws:AutoScalingGroupName}",
"ImageId": "${aws:ImageId}",
"InstanceId": "${aws:InstanceId}",
"InstanceType": "${aws:InstanceType}"
},
"metrics_collected": {
"cpu": {
"measurement": [
"cpu_usage_idle",
"cpu_usage_iowait",
"cpu_usage_user",
"cpu_usage_system"
],
"totalcpu": true,
"metrics_collection_interval": 60
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 60
}
}
},
"logs": {
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "/var/log/messages",
"log_group_name": "messages",
"log_stream_name": "{instance_id}"
},
{
"file_path": "/var/log/syslog",
"log_group_name": "syslog",
"log_stream_name": "{instance_id}"
}
]
}
}
},
"endpoint_override": {
"monitoring": "10.0.1.120",
"logs": "10.0.1.121"
}
}