Create an EC2 Instance Supporting Custom Metrics using the CLI


You will need an existing keypair to access your EC2 instance via SSH. (How can I see my existing keypairs?)


In this example, we’ll create an EC2 instance that supports writing memory metrics to CloudWatch. You don’t get those metrics by default with EC2 instances, but setting them up is a breeze using the CLI.

Actually, this setup winds up being quite a lot simpler than using the Console since most of what we need to do gets declared in two files.

The first file contains the JSON for creating the CloudWatchMetrics role. The second file contains the userdata needed when creating the EC2 instance.

Two commands complete the creation.

First, we’ll look at creating the files; then the necessary CLI commands to spin up the machine.

The Files

Create a file called “cloudwatch-role-full-access.json” using Example 1.

Example 1

 "Version": "2012-10-17",
 "Statement": [
 "Effect": "Allow",
 "Principal": {
 "Service": ""
 "Action": "sts:AssumeRole"

Create a file called “ec2-metrics-user-data.txt”.

Example 2

sudo su 
yum update -y 
yum install perl-Switch perl-DateTime perl-Sys-Syslog perl-LWP-Protocol-https -y 
mkdir /CloudWatch 
cd /CloudWatch 
curl -O 
echo "*/5 * * * * ec2-user /CloudWatch/aws-scripts-mon/ --mem-util --mem-used --mem-avail" >> /etc/crontab

The CLI Commands

aws iam create-role --role-name CloudWatchMetrics --assume-role-policy-document file://cloudwatch-role-full-access.json
aws ec2 run-instances --iam-instance-profile Name=CloudWatchMetrics --image-id ami-d874e0a0 --count 1 --instance-type t2.micro --region us-west-2 --key-name xxx-yyy-zzz --security-group-ids sg-xxxxyyyy --subnet-id subnet-yyyyzzzz --associate-public-ip-address --user-data file://ec2-metrics-user-data.txt
  • The second command:
    • we’re using the standard Amazon image.
    • the instance-type is the t2.micro. This might not be free for you depending on your account.
  • Parameters you’ll need from your account.
    • –region. For a list available to you, use the “aws ec2 describe-regions” command in the cli.
    • –key-name. As mentioned in the prerequisites. This will be specific to your account. (Which key pairs are available to me?)
    • –security-group. Will need to be available for you subnet and have SSH access.
    • –subnet-id. Console the Console.

Notes on the User Data Script

  • First, we run two yum commands to update installed packages and add support for perl. (What is yum?)
  • Next, we create a CloudWatch directory off the root and download the CloudWatchMonitoringScripts zip, unzipping it and then removing the download.
  • Lastly, we update /etc/crontab with a command to write three memory metrics back to CloudWatch using the perl scripts downloaded and unzipped.

Feature Photo by Mitchel Boot on Unsplash


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s