FAQs for AWS Cloud Utility

This section lists the FAQs for the AWS Cloud Utility.

Where can I install the AWS Cloud/CloudWatch/Cloud Utilities?

AWS Cloud Utility can be installed on any appliance-based product. It is compatible with the ESA and the DSG that are installed on-premise or on cloud platforms, such as, AWS, Azure, or GCP.

If an instance is created on the AWS using the cloud image, then Cloud Utility AWS is preinstalled on this instance.

Which version of AWS CLI is supported by the AWS Cloud Utility product v2.3.0?

AWS CLI 2.15.41 is supported by the Cloud Utility AWS product v2.3.0.

What is the Default Region Name while configuring AWS services?

The Default Region Name on whose servers you want to send the default service requests.

For more information about Default Region Name, refer to the following link: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html

Can I configure multiple accounts for AWS on a single appliance?

No, you cannot configure multiple accounts for AWS on a single appliance.

How to determine the Log group name?

The Log group name is same as the hostname of the appliance.

Can I change the Log group name?

No, you cannot change the Log group name.

Can I change the appliance hostname after enabling CloudWatch integration?

If you change the appliance hostname after enabling CloudWatch integration, then:

  • A new Log Group is created with the updated hostname.
  • Only the new logs will be present in the updated Log Group.​
  • The new Log Group consists of only the updated logs files.
  • It is recommended to manually delete the previous Log Group from the AWS CloudWatch Console.

Are there any configuration files for AWS CloudWatch?​

Yes, there are configuration files for CloudWatch. The configuration files are present in /opt/aws/pty/cloudwatch/config.d/ directory.

The config.json file for cloud watch is present in /opt/aws/pty/cloudwatch/config.json file.

It is recommended not to edit the default configuration files.

What happens if I enable CloudWatch integration with a corrupt file?

The invalid configuration file is listed in a dialog box.

The logs corresponding to all other valid configurations will be sent to the AWS CloudWatch Console.

What happens if I edit the only default configuration files, such as, /opt/aws/pty/cloudwatch/config.d/, with invalid data for CloudWatch integration?

In this case, only metrics will be sent to the AWS CloudWatch Console.

How can I export or import the CloudWatch configuration files?

You can export or import the CloudWatch configuration files either through the CLI Manager or through the Web UI.

For more information about exporting or importing the configuration files through the CLI manager, refer to Exporting Data Configuration to Local File.

For more information about exporting or importing the configuration files through the Web UI, refer to Backing Up Data.

What are the compatible Output Formats while configuring the AWS?

The following Default Output Formats are compatible:

  • json
  • table
  • text

If I use an IAM role, what is the Default Output Formats?

The Default Output Format is json.

If I disable the CloudWatch integration, why do I need to delete Log Groups and Log Streams manually?

You should delete Log Groups and Log Streams manually because this relates to the billing cost.

Protegrity will only disable sending logs and metrics to the CloudWatch Console.

How can I check the status of the CloudWatch agent service?

You can view the status of the of the CloudWatch service using one of the following.

  • On the Web UI, navigate to System > Services.

  • On the CLI Manager, navigate to Administration > Services.

  • On the CLI Manager, navigate to Administration > OS Console and run the following command:

    /etc/init.d/cloudwatch_service status
    

Can I customize the metrics that i want to send to the CloudWatch console?

No, you cannot customize the metrics to send to the CloudWatch console. If you want to customize the metrics, then contact Protegrity Support.

How often are the metrics collected from the appliances?

The metrics are collected at 60 seconds intervals from the appliance.

How much does Amazon CloudWatch cost?

For information about the billing and pricing details, refer to https://aws.amazon.com/cloudwatch/pricing/.|

Can I provide the file path as <foldername/>* to send logs to the folder?

No, you can not provide the file path as <foldername/>*.

Regex is not allowed in the CloudWatch configuration file. You must specify the absolute file path.

Can I configure AWS from OS Console?

No, you can not. If you configure AWS from the OS Console it will change the expected behaviour of the AWS Cloud Utility.

What happens to the custom configurations if I uninstall or remove the AWS Cloud Utility product?

The custom configurations are retained.

What happens to CloudWatch if I delete AWS credentials from ESA after enabling CloudWatch integration?

You can not change the status of the CloudWatch service. You must reconfigure the ESA with valid AWS credentials to perform the CloudWatch-related operations.

Why some of the log files are world readable?

The files with the .log extension present in the /opt/aws/pty/cloudwatch/logs/state folder are not log files. These files are used by the CloudWatch utility to monitor the logs.

Why is the CloudWatch service stopped when the patch is installed? How do I restart the service?

As the CloudWatch service is stopped when the patch is installed, it remains in the stopped state after the Cloud Utility Patch (CUP) installation. So, we must restart the CloudWatch service manually.To restart the CloudWatch service manually, perform the following steps.

  1. Login to the OS Console.
  2. Restart the CloudWatch service using the following command.
    /etc/init.d/cloudwatch_service restart