Monitoring Memory Metrics for EC2 Linux Instances
While Amazon CloudWatch provides CPU, network and disk usage metrics for Amazon EC2 instances, it doesn't provide memory usage metrics by default. Commander provides the ability to monitor memory usage through the use of custom CloudWatch scripts. When memory usage metrics are enabled for an instance:
- VM owners can monitor memory usage
- Commander can issue memory rightsizing recommendations for the VM
Note: Commander also detects and uses memory metrics for EC2 instances deployed in the AWS console.
This topic explains how to enable memory usage monitoring for new Amazon EC2 Linux instances deployed by Commander. See also Monitoring Memory Metrics for EC2 Windows Instances.
Commander supports memory metrics for the following Linux distributions:
- Amazon Linux 2014.09.2
- Red Hat Enterprise Linux 6.6
- Ubuntu Server 14.04
- SUSE Linux Enterprise Server 12
Note: By default, Open SUSE Linux Enterprise Server 12 SP1 is supported. To support another version, you can edit the script as explained below.
When you enable memory usage monitoring for a new Linux VM, during provisioning, Commander runs a script as AWS user data. The script is added to any other user data configured for the new VM.
The script downloads and installs prerequisites (Perl modules) using yum, apt_get or zypper, depending on the Linux distribution. The script then downloads CloudWatch Monitoring scripts from AWS and sets up a Cron job to send VM memory usage statistics to AWS every five minutes.
The two AWS memory metrics and their Commander equivalents are:
See Monitoring Memory and Disk Metrics for Amazon EC2 Linux Instances in the AWS documentation for detailed information on the memory monitoring scripts.
The script which is run by Commander as user data during provisioning is stored in the following location on the Commander server:
To enable memory usage monitoring for new VMs, the following conditions must be met:
- Memory usage monitoring must be enabled. See Enable memory usage monitoring below.
- The deployed VM must have credentials that allow reading and writing CloudWatch data. See Assign credentials with CloudWatch permissions below.
- The deployed VM must have internet access, so that the required scripts can be downloaded.
To configure memory usage monitoring, enable the option Monitor Memory Usage for the service catalog entry. You can find this option on the Infrastructure tab of the Component Blueprint page, as shown below.
For more information, see Monitor Memory Usage(VM templates only).
- You can also enable memory usage monitoring during manual deployment.
- If you're using your own custom script to enable memory usage monitoring, you must disable memory usage monitoring in the service catalog blueprint.
The deployed VM must have credentials that allow reading and writing CloudWatch data.
Assigning an IAM role is the recommended method, to avoid the need for placing plain-text credentials in a script.
There are two ways to assign an IAM role during the Commander provisioning process:
- Assign the IAM role to the service catalog blueprint (see the image in the section above). See Adding AWS Services to the Catalog for more information.
- Assign the IAM role to the deployment destination. This option makes sense if you deploy the same template (AMI) to multiple deployment destinations, or if you have a large number of catalog entries. You can find the IAM Role option on the Resources & Security page of the Automated Deployment Placement wizard, as shown below.
Important: Commander does not validate IAM role names, so ensure that role names entered in Commander match those in AWS. IAM role names are not case-sensitive.
See Optionally, enter the name of an IAM Role to assign to the deployed VM. The maximum number of characters is 255. Configuring the IAM role in the deployment destination rather than in the catalog blueprint makes sense if you deploy the same template (AMI) to multiple deployment destinations, or if you have a large number of catalog entries. If an IAM role is also configured in the catalog blueprint, the blueprint takes precedence. Administrators can override the IAM role during manual deployment. Important: Commander doesn't validate IAM role names, so ensure that role names entered in Commander match those in AWS. IAM role names are not case-sensitive. for more information.
Note: If an IAM role is configured in both the deployment destination and the blueprint, the blueprint takes precedence.
Provisioning won't fail if you don't assign an IAM role through one of these methods, because it's possible to assign credentials through a script.
To verify script execution and view script output, you can view the output log in the following location on the deployed VM:
Or, you can access the system log from the AWS console. Right-click the instance and choose VM Actions > Instance Settings > Get System Log.
Note for RedHat Linux: The cloud init log on RedHat isn't retrieved by the system log. Instead, you can find it in the following location on the deployed VM:
By default, Open SUSE Linux Enterprise Server 12 SP1 is supported. To support another version, you can edit the script as explained here.
- Open the following file for editing on the Commander server:
- Locate the following line in the file:
- Replace the repository URL in this line with the appropriate URL for the required version of SUSE.