
First create an IAM user with programmatic access and attach below mentioned policy:
- CloudWatchAgentAdminPolicy
- AmazonSSMManagedInstanceCore
Now, create credentials file as per below image:

Now download and install Amazon Cloudwatch agent from the below link:
https://s3.amazonaws.com/amazoncloudwatch-agent/windows/amd64/latest/amazon-cloudwatch-agent.msi
Update the common-config.toml file:
- File is located at C:\ProgramData\Amazon\AmazonCloudWatchAgent
- Open file in any editor and change the credentials file as you see below.
- Here I created credentials file on desktop.

Now, configure aws cli from the cmd:
- If you don’t have aws cli in windows then download and install from the below link:
https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-windows.html
- Now in cmd enter aws configure command and enter access key and secret key which you created earlier.
Now, In AWS console create IAM role:
- In IAM console click create role.
- Then click on EC2.

- Click on next and add permission below mentioned.
- CloudWatchAgentServerPolicy
- AmazonSSMManagedInstanceCore
- AmazonSSMDirectoryServiceAccess
- click on next and name to the role ‘ SSMInstanceProfile ‘.
- create role.
Now, create EC2 instance and attach the the above mention role.
Note: Please give the name to the instance in Tag like “Name: cloud-watch”
Now create hybrid activation using following command run this command in cmd:
aws ssm create-activation –default-instance-name cloud-watch –iam-role SSMInstanceProfile –registration-limit 5 –region us-east-1
You will see below output:

Now, Install SSM Agent for a Hybrid Environment (Windows)
Open Powershell in Administrator mode and enter following command:
- $code = “
activation-code
” - $id = “
activation-id
” - $region = “
region
” - $dir = $env:TEMP + “\ssm”
- New-Item -ItemType directory -Path $dir -Force
- cd $dir
- (New-Object System.Net.WebClient).DownloadFile(“https://amazon-ssm-$region.s3.amazonaws.com/latest/windows_amd64/AmazonSSMAgentSetup.exe”, $dir + “\AmazonSSMAgentSetup.exe”)
- Start-Process .\AmazonSSMAgentSetup.exe -ArgumentList @(“/q”, “/log”, “install.log”, “CODE=$code”, “ID=$id”, “REGION=$region”) -Wait
- Get-Content ($env:ProgramData + “\Amazon\SSM\InstanceData\registration”)
- Get-Service -Name “AmazonSSMAgent”

Now, In powershell configure the config-wizard script:
change the path to the C:\Program Files\Amazon\AmazonCloudWatchAgent> and run
.\amazon-cloudwatch-agent-config-wizard.exe
Give the input of generated questions
Starting the CloudWatch Agent
To use SSM Agent to start the CloudWatch agent on an on-premises server
- Open the Systems Manager console at https://console.aws.amazon.com/systems-manager/.
- In the navigation pane, choose Run Command.-or-If the AWS Systems Manager home page opens, scroll down and choose Explore Run Command.
- Choose Run command.
- In the Command document list, select the button next to AmazonCloudWatch-ManageAgent.
- In the Targets area, select the instance where you installed the agent.
- In the Action list, choose configure.
- In the Mode list, choose onPremise.
- In the Optional Configuration Location box, enter the name of the agent configuration file that you created with the wizard and stored in the Parameter Store. (you get this from the parameter store in aws system manager parameter store)
- Choose Run.
After successfully run this command you can see the metrics in Cloudwatch console.
OUTPUT:
