Integrated AWS cloudwatch and AWS SNS

Author: git-user-9

.github/workflows/deploy.yml

@@ -3,7 +3,7 @@ name: EC2 Deploy
 on:
   push:
     branches:
-      - devops/a4
+      - devops/a5
     tags:
       - deploy-dev
       - deploy-prod
@@ -107,11 +107,11 @@ jobs:
     - name: Validate App Health
       run: |
         echo -e "\n📦 Full Response from App:\n"
-        curl -s http://${{ env.INSTANCE_IP }}:80 || echo "❌ Failed to get response"
+        curl -s http://${{ env.INSTANCE_IP }}:80/hello || echo "❌ Failed to get response"
         echo -e "\n"
-        echo "Checking app health at http://${{ env.INSTANCE_IP }}:80"
+        echo "Checking app health at http://${{ env.INSTANCE_IP }}:80/hello"
         for i in {1..10}; do
-          STATUS=$(curl -o /dev/null -s -w "%{http_code}" http://${{ env.INSTANCE_IP }}:80)
+          STATUS=$(curl -o /dev/null -s -w "%{http_code}" http://${{ env.INSTANCE_IP }}:80/hello)
           if [[ "$STATUS" == "200" ]]; then
             echo "✅ App is healthy (HTTP 200)"
             exit 0
@@ -123,6 +123,26 @@ jobs:
         echo "❌ App failed health check"
         exit 1
 
+
+      # Inject ERROR/EXCEPTION into App Log
+    - name: Inject ERROR/EXCEPTION into App Log via SSH
+      run: |
+
+        echo "🔐 Injecting fake error/exception logs into /var/log/my-app.log on App EC2"
+
+        for attempt in {1..5}; do
+          ssh -o StrictHostKeyChecking=no ubuntu@${INSTANCE_IP} "echo '✅ SSH to App EC2 successful'" && break
+          echo "⏳ App EC2 not ready for SSH (attempt $attempt)..."
+          sleep 15
+        done
+
+        ssh -o StrictHostKeyChecking=no ubuntu@${INSTANCE_IP} <<EOF
+          echo "Error: Simulated failure on \$(date)" >> /var/log/my-app.log
+          echo "Exception: Simulated exception on \$(date)" >> /var/log/my-app.log
+        EOF
+
+        echo "✅ Injected fake error/exception logs into /var/log/my-app.log"
+
     # Provision Verifier EC2
     - name: Terraform Apply Verifier EC2
       working-directory: ${{ env.TF_WORKING_DIR }}

scripts/deploy.sh

@@ -31,11 +31,11 @@ sleep 200
 RAW_INSTANCE_IP=$(terraform output -raw instance_public_ip)
 
 echo -e "\n"
-echo "[+] Testing app on http://$RAW_INSTANCE_IP:80"
+echo "[+] Testing app on http://$RAW_INSTANCE_IP:80/hello"
 echo -e "\n"
 
 echo -e "\n"
-curl "http://$RAW_INSTANCE_IP:80"
+curl "http://$RAW_INSTANCE_IP:80/hello"
 echo -e "\n"
 echo -e "\n"
 
@@ -46,7 +46,7 @@ terraform apply -var-file="$CONFIG_FILE" -target=aws_instance.log_verifier -auto
 VERIFIER_IP=$(terraform output -raw verifier_instance_public_ip)
 
 
-echo "Verified Public IP: $VERIFIER_IP"
+echo "Verifier instance Public IP: $VERIFIER_IP"
 
 
 # #To verify and pull logs from ec2 to local.
@@ -65,8 +65,8 @@ curl "http://$RAW_INSTANCE_IP:80"
 echo -e "\n"
 echo -e "\n"
 
-echo "Terraform destroy will run after 2 minutes..."
+echo "Terraform destroy will run after 10 minutes..."
 echo "You can press ctrl+c and do it earlier as well"
-sleep 120
+sleep 600
 
 terraform destroy -var-file="$CONFIG_FILE" -auto-approve

scripts/dev_script.sh

@@ -23,12 +23,56 @@ git clone ${repo_url} app
 cd app
 mvn clean package
 
+# To fix permission issues
+sudo touch /var/log/my-app.log
+sudo chown ubuntu:ubuntu /var/log/my-app.log
+
+
 # Run the Java app
 nohup java -jar target/*.jar --server.port=80 > /var/log/my-app.log 2>&1 &
 
 # Wait for app to run
 sleep 5
 
+
+
+# ------------------------------------------------------------------------------
+# Install and Configure CloudWatch Agent (Ubuntu)
+# ------------------------------------------------------------------------------
+# sudo apt-get update
+# sudo apt-get install collectd -y
+
+# echo "Downloading CloudWatch Agent .deb..."
+# wget https://amazoncloudwatch-agent.s3.amazonaws.com/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb -O /tmp/amazon-cloudwatch-agent.deb
+
+# echo "Installing CloudWatch Agent..."
+# sudo dpkg -i /tmp/amazon-cloudwatch-agent.deb
+
+echo 'export PATH=$PATH:/opt/aws/amazon-cloudwatch-agent/bin' >> ~/.bashrc
+source ~/.bashrc
+
+
+echo "Writing CloudWatch Agent config..."
+cat << 'EOF' > /opt/aws/amazon-cloudwatch-agent/bin/config.json
+${cw_agent_config_json}
+EOF
+
+echo "Starting CloudWatch Agent..."
+sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl \
+  -a fetch-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json
+
+# Wait a bit to ensure CW agent starts
+sleep 10
+
+# Inject test log entry for monitoring validation
+echo "Error: Simulated a fake error failure on $(date)" >> /var/log/my-app.log
+echo "Exception: Simulated a fake exception for testing on $(date)" >> /var/log/my-app.log
+echo "Injected one fake Error and Exception into /var/log/my-app.log"
+
+echo "Something went wrong - ERROR" >> /var/log/my-app.log
+echo "NullPointerException occurred" >> /var/log/my-app.log
+
+
 # Upload Logs to S3
 sudo aws s3 cp /var/log/cloud-init.log s3://${s3_bucket_name}/dev/system/
 sudo aws s3 cp /var/log/my-app.log s3://${s3_bucket_name}/dev/app/

scripts/prod_script.sh

@@ -1,5 +1,6 @@
 #!/bin/bash
 
+
 # Update system and install dependencies
 # apt-get update -y
 # apt-get install -y unzip git openjdk-21-jdk maven
@@ -22,15 +23,59 @@ git clone ${repo_url} app
 cd app
 mvn clean package
 
+# To fix permission issues
+sudo touch /var/log/my-app.log
+sudo chown ubuntu:ubuntu /var/log/my-app.log
+
+
 # Run the Java app
 nohup java -jar target/*.jar --server.port=80 > /var/log/my-app.log 2>&1 &
 
-# Wait for the app to start
+# Wait for app to run
 sleep 5
 
+
+
+# ------------------------------------------------------------------------------
+# Install and Configure CloudWatch Agent (Ubuntu)
+# ------------------------------------------------------------------------------
+# sudo apt-get update
+# sudo apt-get install collectd -y
+
+# echo "Downloading CloudWatch Agent .deb..."
+# wget https://amazoncloudwatch-agent.s3.amazonaws.com/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb -O /tmp/amazon-cloudwatch-agent.deb
+
+# echo "Installing CloudWatch Agent..."
+# sudo dpkg -i /tmp/amazon-cloudwatch-agent.deb
+
+echo 'export PATH=$PATH:/opt/aws/amazon-cloudwatch-agent/bin' >> ~/.bashrc
+source ~/.bashrc
+
+
+echo "Writing CloudWatch Agent config..."
+cat << 'EOF' > /opt/aws/amazon-cloudwatch-agent/bin/config.json
+${cw_agent_config_json}
+EOF
+
+echo "Starting CloudWatch Agent..."
+sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl \
+  -a fetch-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json
+
+# Wait a bit to ensure CW agent starts
+sleep 10
+
+# Inject test log entry for monitoring validation
+echo "Error: Simulated a fake error failure on $(date)" >> /var/log/my-app.log
+echo "Exception: Simulated a fake exception for testing on $(date)" >> /var/log/my-app.log
+echo "Injected one fake Error and Exception into /var/log/my-app.log"
+
+echo "Something went wrong - ERROR" >> /var/log/my-app.log
+echo "NullPointerException occurred" >> /var/log/my-app.log
+
+
 # Upload Logs to S3
-aws s3 cp /var/log/cloud-init.log s3://${s3_bucket_name}/prod/system/
-aws s3 cp /var/log/my-app.log s3://${s3_bucket_name}/prod/app/
+sudo aws s3 cp /var/log/cloud-init.log s3://${s3_bucket_name}/prod/system/
+sudo aws s3 cp /var/log/my-app.log s3://${s3_bucket_name}/prod/app/
 
 # Shutdown after timeout
 sudo shutdown -h +${shutdown_minutes}

terraform/cloudwatch-configs/dev_cw_agent_config.json

@@ -0,0 +1,17 @@
+{
+    "logs": {
+        "logs_collected": {
+            "files": {
+                "collect_list": [
+                    {
+                        "file_path": "/var/log/my-app.log",
+                        "log_group_name": "/aws/ec2/dev-app-logs",
+                        "log_stream_name": "{instance_id}",
+                        "timestamp_format": "%Y-%m-%d %H:%M:%S",
+                        "timezone": "Local"
+                    }
+                ]
+            }
+        }
+    }
+}

terraform/cloudwatch-configs/prod_cw_agent_config.json

@@ -0,0 +1,17 @@
+{
+    "logs": {
+        "logs_collected": {
+            "files": {
+                "collect_list": [
+                    {
+                        "file_path": "/var/log/my-app.log",
+                        "log_group_name": "/aws/ec2/prod-app-logs",
+                        "log_stream_name": "{instance_id}",
+                        "timestamp_format": "%Y-%m-%d %H:%M:%S",
+                        "timezone": "Local"
+                    }
+                ]
+            }
+        }
+    }
+}

terraform/cloudwatch.tf

@@ -0,0 +1,82 @@
+# ----------------------------------
+# 1. CloudWatch Log Group
+# ----------------------------------
+resource "aws_cloudwatch_log_group" "app_log_group" {
+  name              = "/aws/ec2/${var.stage}-app-logs"
+  retention_in_days = 7
+}
+
+# ----------------------------------
+# 2. SNS Topic and Email Subscription
+# ----------------------------------
+resource "aws_sns_topic" "log_alert_topic" {
+  name = "log-alert-topic"
+}
+
+resource "aws_sns_topic_subscription" "log_alert_email_subscription" {
+  topic_arn = aws_sns_topic.log_alert_topic.arn
+  protocol  = "email"
+  endpoint  = var.alert_email  
+}
+
+# ----------------------------------
+# 3. Log Metric Filter for ERROR
+# ----------------------------------
+resource "aws_cloudwatch_log_metric_filter" "error_filter" {
+  name           = "app-log-error-filter"
+  log_group_name = aws_cloudwatch_log_group.app_log_group.name
+  pattern        = "Error"
+
+  metric_transformation {
+    name      = "AppLogErrorCount"
+    namespace = "AppLogMetrics"
+    value     = "1"
+  }
+}
+
+# ----------------------------------
+# 4. Log Metric Filter for Exception
+# ----------------------------------
+resource "aws_cloudwatch_log_metric_filter" "exception_filter" {
+  name           = "app-log-exception-filter"
+  log_group_name = aws_cloudwatch_log_group.app_log_group.name
+  pattern        = "Exception"
+
+  metric_transformation {
+    name      = "AppLogExceptionCount"
+    namespace = "AppLogMetrics"
+    value     = "1"
+  }
+}
+
+# ----------------------------------
+# 5. CloudWatch Alarm for ERROR
+# ----------------------------------
+resource "aws_cloudwatch_metric_alarm" "error_alarm" {
+  alarm_name          = "${var.stage}-app-log-error-alarm"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 1
+  period              = 60
+  threshold           = 1
+  statistic           = "Sum"
+  metric_name         = aws_cloudwatch_log_metric_filter.error_filter.metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.error_filter.metric_transformation[0].namespace
+  alarm_description   = "Triggered when ERROR appears in application logs"
+  alarm_actions       = [aws_sns_topic.log_alert_topic.arn]
+}
+
+# ----------------------------------
+# 6. CloudWatch Alarm for Exception
+# ----------------------------------
+resource "aws_cloudwatch_metric_alarm" "exception_alarm" {
+  alarm_name          = "${var.stage}-app-log-exception-alarm"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 1
+  period              = 60
+  threshold           = 1
+  statistic           = "Sum"
+  metric_name         = aws_cloudwatch_log_metric_filter.exception_filter.metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.exception_filter.metric_transformation[0].namespace
+  alarm_description   = "Triggered when Exception is logged in application logs"
+  alarm_actions       = [aws_sns_topic.log_alert_topic.arn]
+}

terraform/dev_config.tfvars

@@ -2,8 +2,9 @@ instance_type = "t2.micro"
 key_name      = "ssh-key-ec2" #change this to your key-pair name
 # ami_id            = "ami-0f918f7e67a3323f0"
 stage             = "dev"
-shutdown_minutes  = 30
+shutdown_minutes  = 40
 s3_bucket_name    = "techeazy-logs-unique123ss" # Change this!
 aws_region        = "ap-south-1"
-repo_url          = "https://github.com/techeazy-consulting/techeazy-devops"
-verifier_lifetime = 25
+# repo_url          = "https://github.com/techeazy-consulting/techeazy-devops"
+verifier_lifetime = 40
+alert_email       = "akhilc0101@outlook.com"

terraform/ec2.tf

@@ -44,6 +44,7 @@ resource "aws_instance" "app" {
     aws_region       = var.aws_region
     repo_url         = var.repo_url
     shutdown_minutes = var.shutdown_minutes
+    cw_agent_config_json  = file("${path.module}/cloudwatch-configs/${var.stage}_cw_agent_config.json")
   })
 
   tags = {

terraform/iam.tf

@@ -94,3 +94,9 @@ resource "aws_iam_instance_profile" "ec2_instance_profile_b" {
   name = "${var.stage}_writeonly_instance_profile"
   role = aws_iam_role.role_b_uploader.name
 }
+
+resource "aws_iam_role_policy_attachment" "cloudwatch_logs_attach" {
+  role       = aws_iam_role.role_b_uploader.name
+  policy_arn = "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"
+}
+