CloudWatch Agent on Lightsail

Step 3: IAM API credentials

This process is directly followed from the official AWS documentation located at Create IAM Users to Use with CloudWatch Agent on On-premises Servers. The first procedure is to creates the IAM user to run the CloudWatch agent. This new user provides permissions for sending data to CloudWatch from the remote machine via an API key.

  1. Sign in to the AWS Management Console and open the IAM console at
  2. In the navigation pane on the left, choose UsersAdd user.
  3. Type the user name for the new user. (Note from David: ‘CloudWatchAgent’ as the username.)
  4. Select Programmatic access, and choose Next: Permissions.
  5. Choose Attach existing policies directly.
  6. In the list of policies, select the checkbox next to CloudWatchAgentServerPolicy. Use the search box to find the policy, if necessary.
  7. (Note from David: This step is not needed for us we are not using SSM at this time.) To use SSM to install or configure the CloudWatch agent, select the check box next to AmazonEC2RoleforSSM. Use the search box to find the policy, if necessary. This policy is not necessary if you start and configure the agent only through the command line.
  8. Choose Next: Review.
  9. Confirm that the correct policies are listed, and choose Create user.
  10. Next to the name of the new user, choose Show. Copy the access key and secret key to a file so that you can use them when installing the agent, and choose Close.
    (Note from David: Save these API keys in notepad! We can not retrieve them later.)
Permissions are done man.

Alright, that was not too hard?With an API keys to provide to the CloudWatch Agent I moved on to Step 3.

One thought on “CloudWatch Agent on Lightsail

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.