Amazon CloudWatch Agent crashes and restarts on Windows

Question

After installing the Amazon CloudWatch Agent on Windows and starting the service, it repeatedly crashes and restarts.

In the Windows Event Log the following events occur with the crash:

Event ID 7031

Error

The Amazon CloudWatch Agent service terminated unexpectedly. It has done this X times.

And:

Event ID 7039

Warning

A service process other than the one launched by the Service Control Manager connected when starting the Amazon CloudWatch Agent service. The Service Control Manager launched process XXX and process XXX connected instead.

In the amazon-cloudwatch-agent.log file the last error is:

ec2tagger: Unable to initialize EC2 Instance Tags : +NoCredentialProviders: no valid providers in chain.

Answer 1

This behaviour can occur if you haven't attached an IAM role to the instance that grants it permission to write metrics to CloudWatch as well as communicate with EC2 and Systems Manager.

Creation of the IAM role can be completed as follows:

1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

2. In the navigation pane on the left, choose Roles, Create role.

3. For Choose the service that will use this role, choose EC2 Allows EC2 instances to call AWS services on your behalf. Choose Next: Permissions.

4. In the list of policies, select the check box next to CloudWatchAgentServerPolicy. Use the search box to find the policy, if necessary.

5. To use SSM to install or configure the CloudWatch agent, select the check box next to AmazonEC2RoleforSSM. Use the search box to find the policy, if necessary. This policy is not necessary if you start and configure the agent only through the command line.

6. Choose Next: Review.

7. Confirm that CloudWatchAgentServerPolicy and optionally AmazonEC2RoleforSSM appear next to Policies. In Role name, type a name for the role, such as CloudWatchAgentServerRole. Optionally give it a description, and choose Create role.

The role is now created.

-- Source: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/create-iam-roles-for-cloudwatch-agent.html

Having created the IAM role you should then attach it to your EC2 instance, either at launch time or by right clicking the instance in EC2 and selecting Instance Settings > Attach/Replace IAM Role.