Quick start with the Amazon CloudWatch Observability EKS add-on

Note

We recommend using Amazon Linux 2 nodes for full compatibility when using the Amazon CloudWatch Observability Add-on. When using Amazon Linux 2023 nodes, dataplane and host logs vended by Container Insights will not be available by default due to the change in the system logging mechanism introduced in Amazon Linux 2023. Application logs will continue to work as expected. For more information about Amazon Linux 2023 changes, see the Amazon Linux 2023 User Guide.

You can use the Amazon EKS add-on to install Container Insights with enhanced observability for Amazon EKS. The add-on installs the CloudWatch agent to send infrastructure metrics from the cluster, installs Fluent Bit to send container logs, and also enables CloudWatch Application Signals to send application performance telemetry.

When you use the Amazon EKS add-on version 1.5.0 or later, Container Insights is enabled on both Linux and Windows worker nodes in the cluster. Currently, Application Signals is not supported on Windows in Amazon EKS.

The Amazon EKS add-on is not supported for clusters running Kubernetes instead of Amazon EKS.

For more information about the Amazon CloudWatch Observability EKS add-on, see Install the CloudWatch agent with the Amazon CloudWatch Observability EKS add-on or the Helm chart.

If you use version 3.1.0 or later of the add-on, you can use EKS Pod Identity to grant the required permissions to the add-on. EKS Pod Identity is the recommended option and provides benefits such as least privilege, credential rotation, and auditability. Additionally, using EKS Pod Identity allows you to install the EKS add-on as part of the cluster creation itself.

To install the Amazon CloudWatch Observability EKS add-on

Follow the EKS Pod Identity association steps to create the IAM role and set up the EKS Pod Identity agent.
Attach an IAM policy that grants the required permissions to your role. Replace my-role with the name of your IAM role from the previous step.
```
aws iam attach-role-policy \
 --role-name my-role \
--policy-arn=arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
```

Enter the following command, using with the IAM role you created in the previous step:


aws eks create-addon \
--addon-name amazon-cloudwatch-observability \
--cluster-name my-cluster-name \
--pod-identity-associations serviceAccount=cloudwatch-agent,roleArn=arn:aws:iam::111122223333:role/my-role

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Using Container Insights enhanced observability enabled

Quick Start setup for Container Insights on Amazon EKS and Kubernetes