blockpane · June 22, 2021 21:25
diff --git a/cloud-init.yml b/cloud-init.yml
 #cloud-config
 # vim: syntax=yaml
 #

 write_files:

 # cloudwatch logs, send log streams, but not metrics:
  - content: |
      {
        "agent": {
          "metrics_collection_interval": 60,
          "logfile": "/var/log/amazon-cloudwatch-agent.log",
          "debug": false
        },
        "logs": {
          "logs_collected": {
            "files": {
              "collect_list": [
                {
                  "file_path": "/var/log/syslog",
                  "log_group_name": "syslog",
                  "log_stream_name": "{instance_id}"
                },
                {
                  "file_path": "/var/log/auth.log",
                  "log_group_name": "auth",
                  "log_stream_name": "{instance_id}"
                },
                {
                  "file_path": "/var/log/fail2ban.log",
                  "log_group_name": "fail2ban",
                  "log_stream_name": "{instance_id}"
                }
              ]
            }
          },
          "force_flush_interval" : 15
        }
      }
    path: "/var/tmp/logs.json"
    owner: "root:root"
    permissions: '0644'

 package_update: true
 package_upgrade: true
 packages:
  - fail2ban
  - unattended-upgrades
  - wget

 runcmd:
  - wget -nv https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
  - dpkg -i -E ./amazon-cloudwatch-agent.deb
  - rm -f ./amazon-cloudwatch-agent.deb
  - /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/var/tmp/logs.json
  - rm -f /var/tmp/logs.json

 power_state:
  mode: reboot
  message: Cloud init complete, Rebooting to ensure latest kernel is installed.
  timeout: 900
  condition: true
	#cloud-config
	# vim: syntax=yaml
	#

	write_files:

	# cloudwatch logs, send log streams, but not metrics:
	- content: \|
	{
	"agent": {
	"metrics_collection_interval": 60,
	"logfile": "/var/log/amazon-cloudwatch-agent.log",
	"debug": false
	},
	"logs": {
	"logs_collected": {
	"files": {
	"collect_list": [
	{
	"file_path": "/var/log/syslog",
	"log_group_name": "syslog",
	"log_stream_name": "{instance_id}"
	},
	{
	"file_path": "/var/log/auth.log",
	"log_group_name": "auth",
	"log_stream_name": "{instance_id}"
	},
	{
	"file_path": "/var/log/fail2ban.log",
	"log_group_name": "fail2ban",
	"log_stream_name": "{instance_id}"
	}
	]
	}
	},
	"force_flush_interval" : 15
	}
	}
	path: "/var/tmp/logs.json"
	owner: "root:root"
	permissions: '0644'

	package_update: true
	package_upgrade: true
	packages:
	- fail2ban
	- unattended-upgrades
	- wget

	runcmd:
	- wget -nv https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
	- dpkg -i -E ./amazon-cloudwatch-agent.deb
	- rm -f ./amazon-cloudwatch-agent.deb
	- /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/var/tmp/logs.json
	- rm -f /var/tmp/logs.json

	power_state:
	mode: reboot
	message: Cloud init complete, Rebooting to ensure latest kernel is installed.
	timeout: 900
	condition: true