The Ultimate Guide to Setting Up CloudWatch Agent for Memory Tracking on AL2023

You are currently viewing The Ultimate Guide to Setting Up CloudWatch Agent for Memory Tracking on AL2023

Introduction

You’ve just launched a new instance on Amazon Linux 2023. You open the monitoring tab in the EC2 console to check your resources, and you see everything you expect: CPU utilization, disk reads, and network activity. But there is one glaring omission. Where is the memory usage?

It is a common “gotcha” for developers and DevOps engineers new to AWS. By default, AWS provides visibility into metrics that the hypervisor can view (such as CPU and Network). However, because RAM usage is managed internally by the operating system, AWS cannot see how much memory your specific application is actually using—unless you permit it.

Flying blind on memory usage is a risky approach. Without this data, you might be over-provisioning your instances (wasting money) or, worse, running them so close to the limit that your applications crash from Out-Of-Memory (OOM) errors without warning.

The solution is the Amazon CloudWatch Agent.

In this guide, I will walk you through exactly how to install and configure the CloudWatch Agent specifically for Amazon Linux 2023 (AL2023). We will set up a custom metric that pushes your RAM usage data to CloudWatch so you can finally see the full picture of your infrastructure’s health.

Prerequisites

Before we dive into the terminal, ensure you have the following ready to go. This guide assumes you are already somewhat familiar with the AWS Management Console.

  • An Active AWS Account: You will need access to the AWS Console with permissions to manage EC2 and IAM roles.
  • A Running EC2 Instance (Amazon Linux 2023): This tutorial is specifically tailored for AL2023.
    • Note: If you are using Amazon Linux 2, the steps are similar, but AL2023 defaults to the dnf package manager, which we will use here.
  • SSH Access: You must be able to connect to your instance via your terminal (using PEM keys or EC2 Instance Connect).
  • IAM Permissions: You need sufficient privileges to create and attach IAM roles. We will be creating a role that allows your EC2 instance to “talk” to the CloudWatch service.

Step 1: Create an IAM Role (Crucial First Step)

Before your EC2 instance can send data to CloudWatch, it needs permission to do so. AWS is secure by default, meaning your server cannot talk to other AWS services without explicit authorization. We handle this using an IAM Role.

  1. Log in to your AWS Console and navigate to the IAM Dashboard.
  2. Click Roles in the left sidebar, then select Create role.
  3. Under “Trusted entity type,” select AWS service and choose EC2 from the list.
  4. In the “Add permissions” search bar, type CloudWatchAgentServerPolicy.
    • Note: This is an AWS-managed policy that provides exactly the permissions needed for the agent to upload metrics.
  5. Select the checkbox next to the policy and click Next.
  6. Name your role something descriptive, like EC2-CloudWatch-Role, and click Create role.

Attach the Role to Your Instance: Once created, go back to the EC2 Console. Right-click your running Amazon Linux 2023 instance, select Security > Modify IAM role, choose the role you just created, and click Update IAM role.

Step 2: Install the CloudWatch Agent on Amazon Linux 2023

Amazon Linux 2023 uses dnf (Dandified YUM) as its default package manager. The CloudWatch Agent is available directly in the Amazon Linux repositories, making installation straightforward.

Connect to your instance via SSH and run the following commands:

# Update your package repositories to ensure you get the latest version
sudo dnf update -y

# Install the Amazon CloudWatch Agent
sudo dnf install amazon-cloudwatch-agent -y

If the installation is successful, you will see a “Complete!” message in your terminal. You can verify it is installed (but not yet running) by checking the status:

sudo systemctl status amazon-cloudwatch-agent

Step 3: Configure the Agent using the Wizard

The CloudWatch agent is powerful but complex. It relies on a JSON configuration file that can be tedious to write from scratch. Fortunately, AWS provides a configuration wizard to generate this file for you.

Run the wizard to start the interactive setup:

sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard

The wizard will ask a series of questions. Here are the recommended answers for monitoring Memory on a standard web server:

  1. On which OS are you planning to use the agent? 1. Linux
  2. Are you on an EC2 instance or On-Premise host? 1. EC2
  3. Which user are you planning to run the agent for? 1. root
  4. Do you want to turn on the StatsD daemon? 2. no (Unless you have a specific use case).
  5. Do you want to monitor metrics from CollectD? 2. no
  6. Do you want to monitor CPU metrics per core? 1. yes
  7. Do you want to add ec2 dimensions (ImageId, InstanceId…)? 1. yes
  8. Do you want to aggregate ec2 dimensions? 1. yes (Helps in viewing average data across auto-scaling groups).
  9. Would you like to collect your metrics at high resolution? 4. 60s (Standard resolution is usually sufficient and cheaper.
  10. Which default metrics config do you want?2. Standard
    • Crucial Step: The “Standard” set includes mem_used_percent, which is exactly what we need.
  11. Review the config: The wizard will show you the JSON. Look for "metrics_collected": { "mem": ... }.
  12. Do you want to monitor any log files? 2. no (We are focusing on metrics for this guide.

The wizard will save your configuration to config.json automatically.

Step 4: Start the CloudWatch Agent

Creating the config file doesn’t automatically start the agent. We need to tell the agent to load that specific configuration file and start running.

Run the following command to fetch the configuration and restart the service:

sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl \
-a fetch-config \
-m ec2 \
-s \
-c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json

Breakdown of the command:

  • -a fetch-config: Tells the agent to load a new configuration.
  • -m ec2: Specifies the mode is EC2.
  • -s: Starts the agent immediately after loading.
  • -c file:...: Points to the file path where the wizard saved your answers.

If everything works, you won’t see an error message. To be 100% sure, check the status again:

sudo systemctl status amazon-cloudwatch-agent

You should see “Active: active (running)” in green text.

Step 5: Verify Metrics in AWS Console

Now for the moment of truth. It usually takes about 2 to 5 minutes for the first data points to appear in the AWS Console.

  1. Open the CloudWatch Console in your browser.
  2. In the left navigation, click Metrics > All metrics.
  3. You should see a new Custom Namespace listed under “Custom Namespaces” called CWAgent.
    • If you don’t see it yet, wait a few minutes and hit refresh.
  4. Click CWAgent > ImageId, InstanceId, and InstanceType.
  5. Search for your Instance ID. You will now see metrics like mem_used_percent and swap_used_percent.

Select mem_used_percent to see a graph of your RAM usage. You now have full visibility into your Amazon Linux 2023 instance’s memory performance!

Bonus: Create a Quick Dashboard

Now that your data is flowing, you don’t want to dig through the “All Metrics” menu every time you need to check your RAM. Let’s make this data accessible and actionable.

1. Build a Dashboard

Having a “single pane of glass” for your server health is a game-changer for DevOps teams.

  1. On the left sidebar of the CloudWatch console, click Dashboards.
  2. Click Create dashboard and give it a name (e.g., Production-Health).
  3. Click Add widget and choose Line.
  4. Select Metrics, then browse to CWAgent > ImageId, InstanceId, and InstanceType.
  5. Find your instance and check the box for mem_used_percent.
  6. Click Create widget.
  7. Click Save dashboard at the top.

You now have a permanent visual graph of your memory usage that updates in real-time.

2. Set an Alarm (Don’t stare at the screen!)

Monitoring is useless if you have to watch it 24/7. Let AWS watch it for you.

  1. Go to Alarms > All alarms > Create alarm.
  2. Select the same mem_used_percent metric.
  3. Set the condition: Greater/Equal to 80.
  4. Configure it to send an email via SNS (Simple Notification Service) to your team when memory spikes.

Now, instead of guessing when your server is under load, you’ll get an email the moment things get tight, giving you time to investigate before the server crashes.

Conclusion

Congratulations! You have successfully bridged the gap in default EC2 monitoring. By installing the CloudWatch Agent on Amazon Linux 2023, you have moved from “flying blind” to having full observability into your infrastructure.

This setup enables you to:

  • Prevent Crashes: Catch memory leaks before they cause Out-Of-Memory (OOM) errors.
  • Save Money: Identify instances that are over-provisioned (e.g., using only 20% RAM) and downgrade them to smaller instance types.
  • Scale Confidently: Use memory metrics to trigger Auto Scaling policies, ensuring you scale out based on RAM usage, not just CPU.

If you found this guide helpful, consider bookmarking it for your next server launch.

Have questions about the configuration wizard or facing permission errors? Drop a comment below—I read every single one! And if you want to master more AWS DevOps skills, be sure to subscribe to the newsletter.

Atiqur Rahman

I am MD. Atiqur Rahman graduated from BUET and is an AWS-certified solutions architect. I have successfully achieved 6 certifications from AWS including Cloud Practitioner, Solutions Architect, SysOps Administrator, and Developer Associate. I have more than 8 years of working experience as a DevOps engineer designing complex SAAS applications.

Leave a Reply