SYS 360 Lab 9 1: CloudWatch Agent on Windows - JadenGil/Jaden-Tech-Journal GitHub Wiki

This lab was done by Jaden Gilmond and Sam Vaudo on TeamFore

Creating an IAM Role:

Navigate to IAM and then select Roles and Create Role:

image

We want to use AWS service for the Trusted entity type and EC2 as the Use Case:

image

Then on the next page we want to set the following permissions:

image

Then we want to set the name and description to the following:

image

Launch a Windows 2k22 Server-Base Instance

Then we want to launch a free tier instance with default settings:

image

Note from lab: Make sure you have access to your AWS Key as you will need it to decrypt the Administrator password for RDP. In other words, create a new key and keep it!.

Attach the IAM Role your created to Instance:

With our instance made we want to select our instance and select Actions --> Security --> Modify IAM Role

image

And on the IAM role page select the following:

image

You should then see the following when the role is attached:

image

Download the CloudWatch Agent:

We will want to Connect to the EC2 Instance using Remote Desktop or Session Manager and once we're in the Windows desktop, open Windows PowerShell. and in PowerShell we want to get the CloudWatch Agent installation package invoking PowerShell’s Invoke-WebRequest cmdlet.

cmdlet:

Invoke-WebRequest -Uri https://s3.amazonaws.com/amazoncloudwatch-agent/windows/amd64/latest/amazon-cloudwatch-agent.msi -OutFile $env:USERPROFILE\Desktop\amazon-cloudwatch-agent.msi

image

We then want to run msiexec /i $env:USERPROFILE\Desktop\amazon-cloudwatch-agent.msi in order to run the CloudWatch Agent MSI installer.

Running that command will open a window with a progress bar showing that everything is installing:

image

Configuring and Activating the CloudWatch Agent:

We then want to run this code snippet & $env:ProgramFiles\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-config-wizard.exe this launches amazon-cloudwatch-agent-config-wizard.exe

This will then ask a lot of questions about what options will be enabled. We want to do the following:

image

Once all of that is done we want to run this code snippet & $env:ProgramFiles\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-ctl.ps1 -a fetch-config -m ec2 -c file:C:\\config.json -s which applies the agent configuration by telling the CloudWatch Agent to fetch the config from the directory we ran the agent wizard in.

image

Viewing Windows Logs and Metrics in Cloudwatch:

We want to lock the screen and enter some bad passwords on the login screen

We then want to select our instance in Cloudwatch:

image

Entering failed in the searchbar will show the failed password attempts:

Deliverable 1:

image

Then under Metrics --> all metrics

Deliverable 2:

image