Setup Container Insights

There are 2 components that work together to collect Metrics, Logs data for Container Insights in EKS

  1. CloudWatch agent
  2. FluentD

Application setup

In this section we will be setting up Container Insights for the Example Microservices module. If you haven’t done that yet, go ahead and deploy the application and come back here again to proceed with Container Insights.


Setup IAM policy

In order for the EKS worker nodes to be able to send logs and metrics to CloudWatch, follow the steps below

test -n "$ROLE_NAME" && echo ROLE_NAME is "$ROLE_NAME" || echo ROLE_NAME is not set

If ROLE_NAME is not set, please review: this

You could also go to the EC2 console and get the IAM Role the EKS nodes are assuming from there. If you do so, make sure you replace $ROLE_NAME in the below command to the name of the role you got from the EC2 console.

Caution - This is NOT the Role ARN, but the friendly role name which needs to be used here.

aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy --role-name $ROLE_NAME

Setup Container Insights

Ensure you change the value of AWS_REGION environment variable to the one that fits your needs

Linux / macOS users
export Cluster_Name=eksworkshop-eksctl
export AWS_REGION=us-east-1

curl https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/master/k8s-yaml-templates/quickstart/cwagent-fluentd-quickstart.yaml | sed "s/{{cluster_name}}/Cluster_Name/;s/{{region_name}}/AWS_REGION/" | kubectl apply -f -
Windows users
Set-Item -Path Env:Cluster_Name -Value "eksworkshop-eksctl"
Set-Item -Path Env:AWS_REGION -Value "us-east-1"

kubectl apply -f (New-Item -ItemType "File" -Name "containerinsights.yml" -Force -Value ((Invoke-WebRequest -Uri https://raw.githubusercontent.com/aws-samples/amazon-cloudwatch-container-insights/master/k8s-yaml-templates/quickstart/cwagent-fluentd-quickstart.yaml).Content -replace "{{cluster_name}}", $env:Cluster_Name -replace "{{region_name}}", $env:AWS_REGION))