Code360 powered by Coding Ninjas X Code360 powered by Coding Ninjas X
Table of contents
Create a Google Cloud project
Connecting your AWS account to Google Cloud
AWS connector projects
Authorizing AWS applications
Create a service account
Add a service account to a virtual machine (VM) instance
Create an uptime check and an alerting policy
Creating a dashboard and chart
View your logs
Clean up
Frequently asked questions
What is called a cloud?
What is the Cloud Controls Matrix?
What is AWS?
What is troubleshooting?
For what Compute Engines are used?
Last Updated: Mar 27, 2024

Amazon ec2 instance with cloud monitoring

Author Muskan Sharma
0 upvote
Master Python: Predicting weather forecasts
Ashwin Goyal
Product Manager @


In this article you'll learn how to get system metrics from an existing Amazon Elastic Compute Cloud (Amazon EC2) instance and how to examine those metrics in Cloud Monitoring.

Create a Google Cloud project

Follow these steps to build a Google Cloud project:

1. Navigate to the New Project in the console.

Create a New Project

2. Enter quickstart in the Project Name area.

3. Press Create.

Connecting your AWS account to Google Cloud

1. Select Monitoring from the Google Cloud console or press the following button:

Go to Monitoring 

2. To examine or change the metrics scope of a Cloud project, use the project picker in the Google Cloud console.

3. Select Settings from the Monitoring menu panel. Click the Create AWS connector project button on the Settings page.

AWS Accounts

4. Select a project by clicking on the Create a connector project step.

5. Choose New Project from the dialog's options, then finish the new project dialogue.

6. To proceed to the Authorize AWS for Monitoring step, click Next.

7. Making an Amazon IAM role: 

  •  Log into your AWS account in a new window, choose the IAM page, and click Roles.
  • Choose Create Role.
  • Choose a different AWS account.
  • Enter the account ID found on the Google Cloud console's Authorize AWS for Monitoring page in the Account ID text box.
  • Decide on requiring an external ID.
  • Enter the external ID found on the Google Cloud console's Authorize AWS for Monitoring page in the External ID text box.
  • After clearing Require MFA, select Next: Permissions.
  • Enter "ReadOnlyAccess" and click "ReadOnlyAccess" in the permissions search box.
  • Make sure Create role without a permissions boundary is selected in the expanded Set Permission Boundary section.
  • Click Next: Tags.
  • Click Next: Review.
  • Click Create Role after providing the role's name and description.
  • To access the Summary page of the role you established, select it. The Role ARN should be copied to your clipboard.

8. Paste the AWS Role ARN into the Role ARN text box in the Google Cloud console, then click Add AWS Account.    

AWS connector projects

The ID for the AWS connection project may be found in the Monitored accounts pane on the Settings page:

Your AWS account description [YOUR_AWS_ACCOUNT_NUMBER]
  • The account number for your AWS account is represented by 


  • The connector project with the ID [CONNECTOR PROJECT ID] is where you configure permissions for agents and other AWS apps that require access to Google Cloud, as well as where you receive logs and analytics from your AWS account.


If an error message informs you that your AWS account is already being watched, make sure these things are true:

  • An AWS connector project already exists if you've linked your AWS account to Google Cloud. For the same account, you cannot build more than one AWS connector project.
  • View metrics for AWS accounts offers information on how to integrate an existing AWS connector project with a Google Cloud project.
  • Check that when you created your AWS Role, you included the Account ID and External ID for your current metrics scope. Each metrics scope's External ID is distinct from the others.

Authorizing AWS applications

If you want to perform any of the following actions, you must approve AWS applications:

  • Start your Amazon EC2 instances' monitoring or logging agents.
  • Using AWS applications, use any Google Cloud service.

You must grant access to a Google Cloud service account with the appropriate Google Cloud IAM roles in order to permit apps running on AWS to access Google Cloud services.

Several Amazon EC2 instances and apps can be authorized by a single service account in a single AWS account, or you can create numerous service accounts.

Get the tech career you deserve, faster!
Connect with our expert counsellors to understand how to hack your way to success
User rating 4.7/5
1:1 doubt support
95% placement record
Akash Pal
Senior Software Engineer
326% Hike After Job Bootcamp
Himanshu Gusain
Programmer Analyst
32 LPA After Job Bootcamp
After Job

Create a service account

Build a service account.

1. For your connector project, go to the IAM & Admin > Service accounts page:

2. For your AWS account, choose the connector project.

3. You are prompted to register a service account because your connector project probably doesn't have any. Activate a service account by following these steps:

  • To create a service account, click Add.
  • Enter Monitoring agent authorization in the space for the name of the service account.
  • Click on Create and Continue.
  • In the field labeled "Select a role," click Monitoring > Monitoring Metric Writer.
  • Click on add another role.
  • Logging > Logs Writer should be selected when using the Select a role field.
  • Click on Continue.
  • To complete creating the service account, click Done.

4. Create a service key and add it to your new service account:

  • Select Manage keys by clicking on More options.
  • Make sure JSON is selected for the Key type when you choose Add key.

The private-key file for the service account is downloaded to your computer with a name like Downloads/[PROJECT NAME]-[KEY ID].json. Where:

  • Your Google Cloud project's name is represented by [PROJECT NAME].
  • The generated private key is represented by [KEY ID].

Save the path of the credentials file in the CREDS variable on your workstation to make the actions that follow simpler:


Add a service account to a virtual machine (VM) instance

Do the following in order to add a service account:

1. Copy the private-key credentials file from your workstation to your Amazon EC2 instance and save it in a file called temp.json. Enter your AWS credentials and the path to your AWS SSH key pair file key.pem, in the scp command:


2. Move the credentials to /etc/google/auth/application default credentials.json on your Amazon EC2 instance:

sudo mkdir -p $(dirname "$GOOGLE_APPLICATION_CREDENTIALS")

3. Ensure that the agents and other programs that are permitted to access Google Cloud can see the environment variable GOOGLE APPLICATION CREDENTIALS. The default Google Cloud client libraries are capable of understanding the environment variable name.

Create an uptime check and an alerting policy

Follow these steps to create an uptime check:

1. Select Monitoring from the Google Cloud console menu.

Go to Monitoring

2. Click "Uptime checks" in the navigation pane.

3. Create Uptime Check by clicking.

Uptime Check

4. Enter My Uptime Check for the title, then click Next.

5. Target:

  • Make HTTP your protocol of choice.
  • The resource type should be set to an instance.
  • Choose Single in the Applies To field and lamp-1-vm as the instance name.
  • Click Next, leaving every other field's default values unchanged.

6. Response Validation: Click Next and leave these fields' default settings.

7. Warning & Alert: Verify that the toggle with the label Alerting is turned on.

8. Click Test to check the setup for your uptime check.

9. Press Create. The dashboard page for uptime checks appears when the message "Check and alert created" appears after the create action is successful.

Creating a dashboard and chart

1. Select Monitoring from the Google Cloud console menu.

Go to Monitoring

2. Choose Dashboards from the navigation bar and then click Create dashboard.

3. Drag the Line chart widget to the graph area from the widget library.

4. Expand the Resource and Metric menu, type CPU in the filter bar, and then choose a particular resource type and metric from the submenus:

  • Choose a VM instance from the menu of active resources.
  • Select instance from the menu of Active Metric Category options.
  • Choose CPU load from the Active metrics menu (1m).
  • Tap Apply.

View your logs

Logging and monitoring are connected closely.

1. Go to Logging in the console and then choose the AWS connector project.

2. Your AWS logs are available in the Logs Explorer for your AWS connector project. To adjust the focus of the Logs Explorer to view the logs you desire:

Clean up

Please follow these instructions to prevent your Google Cloud account from being charged for the resources used on this page.

1.Take away your Monitoring charts and notifications. Visit Monitoring

  • From Alerting, remove your alerting rule.
  • Remove your alerting uptime check.
  • Your dashboard charts can be deleted.

2. After clicking Settings, choose the Summary tab.

3. Find the AWS account you used for this quickstart in the section labelled AWS Accounts, click More, and then choose Remove from the workspace.

4. Delete the AWS IAM role you made for the quickstart in your Amazon account.

5. Delete your AWS connection project and your Google Cloud project, quickstart, if you created them for this quickstart, in the Google Cloud console. A project can be deleted by selecting it, choosing Settings from the IAM & Admin menu, and then clicking Shut down.

Frequently asked questions

What is called a cloud?

The term "the cloud" describes the software and databases that run on servers that may be accessed via the Internet.

What is the Cloud Controls Matrix?

The Cloud Controls Matrix (CCM) from the Cloud Security Alliance is a tool created expressly to help potential cloud customers and cloud vendors analyze the overall security risk of a cloud provider.

What is AWS?

AWS (Amazon Web Service)  is an online platform that offers scalable and affordable cloud computing solutions.

What is troubleshooting?

A methodical method of problem-solving known as troubleshooting is frequently used to identify and resolve problems with sophisticated machinery, electronics, computers, and software systems.

For what Compute Engines are used?

The Google infrastructure can be used to build and run virtual machines using Compute Engine, a customized compute service.


This blog has extensively discussed Amazon ec2 instance with cloud monitoring. We hope this blog has helped you in enhancing your knowledge about how to examine the Amazon ec2 instance with cloud monitoring. If you want to learn more, check out the excellent content on the Coding Ninjas Website:

Key concepts of cloud logging, Managing the Monitoring Agent, Incidents in Cloud Monitoring, Amazon Hirepro

Check out the Amazon Interview Experience to learn about Amazon’s hiring process.

Refer to our guided paths on the Coding Ninjas Studio platform to learn more about DSA, DBMS, Competitive Programming, Python, Java, JavaScript, etc. 

Refer to the links problemstop 100 SQL problemsresources, and mock tests to enhance your knowledge.

For placement preparations, visit interview experiences and interview bundle.

Thank you

Do upvote our blog to help other ninjas grow. Happy Coding!

Previous article
Using API in Cloud Monitoring
Next article
Monitoring of query language in Cloud Monitoring
Live masterclass