Install Cloud Watch Agent in Amazon Lightsail instance for Monitoring, Logging & Debugging

Install Cloud Watch Agent in Amazon Lightsail instance for Monitoring, Logging & Debugging

Use the Cloud Watch agent to send logging and debugging to Cloud Watch. You can check logs without logging into instances. It's accessible even after the instance is terminated.

Life is far from perfect, and so does Amazon Lightsail instances. It can be frustrating if there is an error and you don't know how to debug it. The server itself and applications installed in it produces log files. And server stats can be helpful in monitoring, logging, and debugging.


It would help if you had an existing Amazon Lightsail instance. You can create a new instance by following "Deploy WordPress App to Amazon Lightsail" or "Deploy Laravel Application to Amazon Lightsail".

Let's go 🏃‍♂️

Create an IAM User

  1. Go to IAM Console.
  2. Click on the Users menu from the navigation panel and then click on the Add Users button. CleanShot 2022-06-03 at 18.45.52@2x.png
  3. You will be in the Add user screen: CleanShot 2022-06-03 at 18.49.18@2x.png
    • A. Give it a name. For me, it's LightsailCloudWatchAgent.
    • B. Check the Access key - Programmatic access option
    • C. Click on the Next: Permissions button.
  4. You will be in the Set permissions page: CleanShot 2022-06-03 at 18.53.25@2x.png
    • A. Select the Attach existing policies directly option.
    • B. Search for CloudWatchAgentServerPolicy.
    • C. Select CloudWatchAgentServerPolicy, and
    • D. Click the Next: Tags button.
  5. Tags are optional. You can choose your tags. Click on the Next: Review after you are done.
  6. From review page you can check if everything alright and then click the Create user button.
  7. Your account is created and you will be in this screen: CleanShot 2022-06-03 at 19.15.00@2x.png
    • A. & B. Copy Access Key ID and Secret access key in somewhere safe, or,
    • C. Download the csv file. We will need this access later.

Configure AWS Access

  1. Check if AWS CLI is installed by running aws --version. You should see the current version. If you get an error, CLI probably is not installed.

  2. Ignore this if AWS CLI is already installed. Run this on ubuntu:

    curl "" -o ""
    sudo ./aws/install
    sudo ./aws/install --bin-dir /usr/bin --install-dir /usr/local/aws-cli --update

    Follow this instruction to install on other servers.

  3. Now, we are going to configure the AWS access generated in the last step. Run this

    sudo aws configure --profile AmazonCloudWatchAgent

    Enter Access Key and Secret Like this: CleanShot 2022-06-03 at 19.59.18@2x.png

Install the Cloudwatch Agent

  1. You need to SSH into your instance. Here is how you can SSH into your Amazon Lightsail Instance.

  2. Now, let's install the agent. I'm using ubuntu, you can just run this command

    # Download the agent
    # Install the agent
    sudo dpkg -i -E ./amazon-cloudwatch-agent.deb
  3. Now run this command configure the agent.

    sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard

    Input your choices as I did. Check the arrow mark. You can choose your own or follow mine. CleanShot 2022-06-04 at 10.03.13@2x.png

  4. Give AWS Access to the Agent. Run this:

    sudo vim /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml

Paste this in the bottom of the file:

shared_credential_profile = "AmazonCloudWatchAgent"

Now hit ESC and then :wq!.

  1. Start the agent:

    sudo amazon-cloudwatch-agent-ctl -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json -a fetch-config -s
  2. Check the status of the agent by using:

    sudo amazon-cloudwatch-agent-ctl -a status

    You should see something like this: CleanShot 2022-06-03 at 20.21.53@2x.png

Verify metrics on CloudWatch

  1. Go to the Cloudwatch Console
  2. On the left navigation panel, choose Metrics.
  3. Under “Custom Namespaces”, You should see a link for “CWAgent”.
  4. Choose CWAgent.
  5. Choose any ImageId, InstanceId, InstanceType.
  6. Select the checkbox to display metrics on the graph. Here is mine: CleanShot 2022-06-04 at 10.08.02@2x.png


Hope you enjoyed this article. This is the last article of the Amazon Lightsail series. You can ask me any Lightsail-related question in the comments or on social media.

You can subscribe to my newsletter to get blog updates every week. Follow me on Twitter,, and Hashnode.

Did you find this article valuable?

Support Harun R Rayhan by becoming a sponsor. Any amount is appreciated!