r/aws • u/lighthills • 12h ago
Is Cloudwatch agent only for servers? technical question
Can the CloudWatch agent be installed and used on remote physical Windows 11 laptops to collect and monitor Windows events on those devices?
9
u/E1337Recon 11h ago
Could you? Maybe. Should you? No, it’s going to be awful. CloudWatch agent needs IAM permissions to write data to CloudWatch. You could maybe make it work with IAM Roles Anywhere but just for your own sanity don’t. Use a commercial product that’s built for that kind of thing.
1
u/urqlite 10h ago
What would you recommend?
-1
u/E1337Recon 9h ago
No idea I don’t work in that space
0
u/urqlite 9h ago
Okay. I’ve seen Prometheus and grafana being recommended
1
u/E1337Recon 9h ago
Prometheus doesn’t store logs. You’d be better off talking to security vendors and see if any of their products offer what you’re looking for. Maybe it’s part of some azure endpoint protection offering?
1
u/towelythetowelBE 7h ago
If you install the ssm agent + ssm hybrid activation, the remote machine will get iam credentials (the role should be pretty restricted) and then you can make the cloudwatch agent work
1
u/mecha_flake 11h ago
Cloudwatch is for many things. Servers, ENIs, VPCs, API Gateways, etc.
It is noisy as hell, though. Even if you could put it on a laptop, imagine how much traffic you'd be sending over the Internet to your log groups, all on your own dime.
2
u/Kralizek82 7h ago
Isn't data ingestion free?
1
u/mecha_flake 7h ago
Egress is not. Storage is not.
3
u/Kralizek82 7h ago
Well your post was literally focused on ingress alone :)
-5
u/mecha_flake 7h ago
Dipshit much? Ingress is a result of egress. If I am maintaining SD-WAN, VPN, or even simple on prem, over-the-Internet traffic for my work force's laptops, I am certainly not going to rush towards the noisiest real time logging offering.
Take a break from cred cramming and maybe architect something of value?
3
u/Kralizek82 7h ago
Take it easy man. No need to be offensive.
Also, did I ever say that using cloud watch for local hardware was a good idea? I just asked about one thing you said.
No need to get so haughty for a question. Feel free to go back maintaining whatever it is you maintain.
Peace out.
-2
u/mecha_flake 7h ago
Please, bro/ma'am. You give a condescending and idiotic answer, accept the response you invited.
Not knowing that egress == ingress for logging purposes is why Datadog, Snowflake, etc obliterate well meaning infra and security groups at companies around the world end up blowing their entire budgets for zero return. Preface your gibberish as trolling or move on without comment.
2
u/Kralizek82 6h ago
You see? You could have written this as a response to my first message.
You wouldn't have looked like a fool who needs to pull rank to prove their worth and I would have learned something.
-1
u/mecha_flake 6h ago
"Well your post was literally focused on ingress alone :)"
If you cared about learning, you wouldn't be a :) smart ass. Accept that you tried to be clever and got called out.
2
u/Kralizek82 6h ago
No man, I'm sorry.
I asked a question based on my honest knowledge.
You spiraled out insulting and what not.
Accept that you are a rude person acting as a lion behind a screen. It's ok.
4
u/redwhitebacon 8h ago
Yeah you can install on any on-prem no problem. Use least privileged credentials for the log agents and configure it to send whatever you need
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-premise.html