Cannot install AWS CloudWatch Logs Agent


When you install the (legacy) AWS CloudWatch Logs agent using the Amazon documentation, the Agent installation crashes with an error.


Step 2 of 5: Downloading the latest CloudWatch Logs agent bits ... Traceback (most recent call last):
  File "./", line 1352, in <module>
  File "./", line 1348, in main
  File "./", line 892, in setup_artifacts
  File "./", line 541, in install_awslogs_cli
  File "./", line 751, in setup_virtualenv
    raise BadRCError("Bad rc (%s) for cmd '%s': %s" % (p.returncode, "cmd", stdout + stderr))
__main__.BadRCError: Bad rc (100) for cmd 'cmd': Already using interpreter /bin/python
New python executable in /var/awslogs/bin/python
ERROR: The executable /var/awslogs/bin/python could not be run: [Errno 13] Permission denied


STIG mandates that the /var filesystem not allow executables (noexec), but the AWS log agent installs by default to /var/awslogs.  Therefore, the agent is unable to run any of its programs.


The best way to fix this is to modify the AWS Logs installation script and have it install the agent to /usr/awslogs instead.  We recommend creating a symbolic link to /var/awslogs in the event that anyone that expects it to be there goes looking for it.

$ sed -i 's@/var/aw@/usr/aw@g'
$ sudo ln -s /usr/awslogs /var/awslogs
$ sudo python ./ --region XXXXX
Launching interactive setup of CloudWatch Logs agent ... downloading AgentDependencies.tar.gz with urllib ......
Step 1 of 5: Installing pip ...DONE
Step 2 of 5: Downloading the latest CloudWatch Logs agent bits ... DONE
Step 3 of 5: Configuring AWS CLI ... 
AWS Access Key ID [None]: 
AWS Secret Access Key [None]: 
Default region name [us-east-1]: 
Default output format [None]: 
Step 4 of 5: Configuring the CloudWatch Logs Agent ... 
Path of log file to upload [/var/log/messages]: 
Destination Log Group name [/var/log/messages]: 
Choose Log Stream name:
  1. Use EC2 instance id.
  2. Use hostname.
  3. Custom.
Enter choice [1]: 
Choose Log Event timestamp format:
  1. %b %d %H:%M:%S    (Dec 31 23:59:59)
  2. %d/%b/%Y:%H:%M:%S (10/Oct/2000:13:55:36)
  3. %Y-%m-%d %H:%M:%S (2008-09-08 11:52:54)
  4. Custom
Enter choice [1]: 
Choose initial position of upload:
  1. From start of file.
  2. From end of file.
Enter choice [1]: 
More log files to configure? [Y]: n
Step 5 of 5: Setting up agent as a daemon ...DONE

- Configuration file successfully saved at: /usr/awslogs/etc/awslogs.conf
- You can begin accessing new log events after a few moments at
- You can use 'sudo service awslogs start|stop|status|restart' to control the daemon.
- To see diagnostic information for the CloudWatch Logs Agent, see /var/log/awslogs.log
- You can rerun interactive setup using 'sudo python ./ --region us-east-1 --only-generate-config'


Did this solve your problem?