Skip to content
/ amazon-cloudwatch-agent-nix Public

This flake enables Amazon CloudWatch Agent on NixOS. This is a WIP project with a final goal to submit a PR in the official nixpgs repo.

License

MIT license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

wearetechnative/amazon-cloudwatch-agent-nix

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config.json
config.json
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 
module.nix
module.nix
 
 
package.nix
package.nix
 
 

Repository files navigation

Amazon CloudWatch Agent on NixOS

Flake to install's the CloudWatch Agent on NixOS.

TODO

  • more configuration options
  • more documentation
  • PR for nixpkgs

Usage

This is how you Install Amazon CloudWatch Agent on NixOS. In the inputs of your flake, add the Amazon CloudWatch Agent flake.

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
    amazon-cloudwatch-agent.url = "github:mipmip/amazon-cloudwatch-agent-nix";
  }
}

Then you will need to import the module and also add the cloudwatch agent software to the system packages.

Below is an example setup.

{
  description = "NixOS configuration Amazon CloudWatch Agent";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
    amazon-cloudwatch-agent.url = "github:mipmip/amazon-cloudwatch-agent-nix";
  };

  outputs = { self, nixpkgs, amazon-cloudwatch-agent }:
    let
      system = "x86_64-linux";

      amazon-cloudwatch-module = amazon-cloudwatch-agent.nixosModules.default;
      amazon-cloudwatch-config = {
        services.amazon-cloudwatch-agent.enable = true;
        environment.systemPackages = [
         amazon-cloudwatch-agent.packages."${system}".amazon-cloudwatch-agent
        ];
      };

    in {
      nixosConfigurations."<hostname>" = nixpkgs.lib.nixosSystem {
        inherit system;
        modules = [
          amazon-cloudwatch-module
          amazon-cloudwatch-config
          ./configuration.nix
        ];
      };
    };
}

Give CloudWatch Agent permission to publish to CloudWatch

Once the agent is installed, you just need to make sure it has permission to publish its metrics to CloudWatch. You grant this permission by adding a policy to the IAM Instance Profile.

Below is an example piece of Terraform code on how to add this to your EC2 profile.

resource "aws_iam_instance_profile" "ssm-access-iam-profile" {
  name = "ec2_profile"
  role = aws_iam_role.ssm-access-iam-role.name
}

resource "aws_iam_role" "ssm-access-iam-role" {
  name        = "ssm-access-role"
  description = "The role to access EC2 with SSM"

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect    = "Allow"
        Principal = {
          Service = "ec2.amazonaws.com"
        }
        Action = "sts:AssumeRole"
      }
    ]
  })
}

resource "aws_iam_role_policy_attachment" "cloudwatch-policy" {
  role       = aws_iam_role.ssm-access-iam-role.name
  policy_arn = "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"
}

credits

About

This flake enables Amazon CloudWatch Agent on NixOS. This is a WIP project with a final goal to submit a PR in the official nixpgs repo.

Topics

aws nix ec2 nixos cloudwatch nix-flake

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

5 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Contributors 2

  •  
  •  

Languages