--- AWSTemplateFormatVersion: '2010-09-09' Parameters: ClusterName: Type: String Description: Enter the name of your ECS cluster from which you want to collect metrics CreateIAMRoles: Type: String Default: 'False' AllowedValues: - 'True' - 'False' Description: Whether to create default IAM roles ConstraintDescription: must specify True or False. TaskRoleArn: Type: String Default: Default Description: Enter the role arn you want to use as the ecs task role ExecutionRoleArn: Type: String Default: Default Description: Enter the role arn you want to use as the ecs execution role Conditions: CreateRoles: Fn::Equals: - Ref: CreateIAMRoles - 'True' DefaultTaskRole: Fn::Equals: - Ref: TaskRoleArn - Default DefaultExecutionRole: Fn::Equals: - Ref: ExecutionRoleArn - Default Resources: ECSTaskDefinition: Type: AWS::ECS::TaskDefinition Properties: Family: ecs-cwagent-daemon-service TaskRoleArn: Fn::If: - CreateRoles - Fn::GetAtt: - ECSTaskRole - Arn - Fn::If: - DefaultTaskRole - Fn::Sub: arn:aws:iam::${AWS::AccountId}:role/CWAgentECSTaskRole - Ref: TaskRoleArn ExecutionRoleArn: Fn::If: - CreateRoles - Fn::GetAtt: - ECSExecutionRole - Arn - Fn::If: - DefaultExecutionRole - Fn::Sub: arn:aws:iam::${AWS::AccountId}:role/CWAgentECSExecutionRole - Ref: ExecutionRoleArn NetworkMode: bridge ContainerDefinitions: - Name: cloudwatch-agent Image: amazon/cloudwatch-agent:latest MountPoints: - ReadOnly: true ContainerPath: "/rootfs/proc" SourceVolume: proc - ReadOnly: true ContainerPath: "/rootfs/dev" SourceVolume: dev - ReadOnly: true ContainerPath: "/sys/fs/cgroup" SourceVolume: al2_cgroup - ReadOnly: true ContainerPath: "/cgroup" SourceVolume: al1_cgroup - ReadOnly: true ContainerPath: "/rootfs/sys/fs/cgroup" SourceVolume: al2_cgroup - ReadOnly: true ContainerPath: "/rootfs/cgroup" SourceVolume: al1_cgroup Environment: - Name: CW_CONFIG_CONTENT Value: 'ecs-cwagent-daemon-service' LogConfiguration: LogDriver: awslogs Options: awslogs-create-group: 'True' awslogs-group: "/ecs/ecs-cwagent-daemon-service" awslogs-region: Ref: AWS::Region awslogs-stream-prefix: ecs RequiresCompatibilities: - EC2 Volumes: - Name: proc Host: SourcePath: "/proc" - Name: dev Host: SourcePath: "/dev" - Name: al1_cgroup Host: SourcePath: "/cgroup" - Name: al2_cgroup Host: SourcePath: "/sys/fs/cgroup" Cpu: '128' Memory: '64' ECSDaemonService: Type: AWS::ECS::Service Properties: TaskDefinition: Ref: ECSTaskDefinition Cluster: Ref: ClusterName LaunchType: EC2 SchedulingStrategy: DAEMON ServiceName: cwagent-daemon-service ECSTaskRole: Type: AWS::IAM::Role Condition: CreateRoles Properties: Description: Allows ECS tasks to call AWS services on your behalf. AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Sid: '' Effect: Allow Principal: Service: ecs-tasks.amazonaws.com Action: sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy RoleName: CWAgentECSTaskRole ECSExecutionRole: Type: AWS::IAM::Role Condition: CreateRoles Properties: Description: Allows ECS container agent makes calls to the Amazon ECS API on your behalf. AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Sid: '' Effect: Allow Principal: Service: ecs-tasks.amazonaws.com Action: sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy RoleName: CWAgentECSExecutionRole