20. Monitoring (CloudWatch, X-Ray, CloudTrail)

Question 1

What does distributed tracing provided by X-Ray help with?

Answer 1

Distributed tracing helps pinpoint where failures occur and what causes POOR PERFORMANCE.

This is especially useful for applications built using a microservices architecture.

Question 2

X-Ray receives data from services as _______ .

Answer 2

Segments

Question 3

X-Ray groups segments that have a common request into _______ .

Answer 3

Traces

Question 4

X-Ray processes traces to generate a _______ that provides a visual representation of your app.

Answer 4

Service Graph

Question 5

Where would you look to identify bottlenecks or latency spikes in your application?

Answer 5

X-Ray Service Graph

Question 6

True or False: By default, the X-Ray SDK records every request made.

Answer 6

False.

By default, the X-Ray SDK records the first request each second, and 5% of any additional requests (you can modify this).

Question 7

In X-Ray, how do you narrow down specific paths or users?

Answer 7

Filter Expressions

Question 8

What is an X-Ray annotation?

Answer 8

Annotations are aggregated at the trace level and can be added to any segment/subsegment.

Annotations are key/value pairs that are INDEXED for use with filter expressions.

Question 9

What is an X-Ray metadata?

Answer 9

Metadata are aggregated at the trace level and can be added to any segment/subsegment.

Metadata are key-value pairs that are NOT indexed. The values can be of any type, including objects and lists.

Question 10

When should you use X-Ray annotations?

Answer 10

Use annotations to record data that you want to use to group traces in the console, or when calling the GetTraceSummaries API.

Question 11

When should you use X-Ray metadata?

Answer 11

Use metadata to record data you want to store in the trace but don’t need to use for searching traces.

Question 12

What languages does X-Ray support?

Answer 12

1. ASP.NET
2. Go
3. Java
4. NodeJS
5. PHP
6. Python
7. Ruby

Question 13

What is the X-Ray tracing header?

Answer 13

X-Amzn-Trace-Id

It identifies a trace which is passed along to downstream services

Question 14

How can you utilize Groups in X-Ray?

Answer 14

Groups allow you to save FilterExpressions so you can quickly filter traces

Question 15

What is the X-Ray throttling error code?

Answer 15

429 Too Many Requests

Question 16

What are the X-Ray Fault error codes?

Answer 16

Faults are 500/5xx errors

Errors are 400/4xx errors

Question 17

How do you enable AWS X-Ray?

Answer 17

1. Your code (Java, Python, Go, Node.js, .NET) must import the AWS X-Ray SDK
2. Install the X-Ray daemon or enable X-Ray AWS Integration

Question 18

What is X-Ray?

Answer 18

• Automated Trace Analysis & Central Service Map Visualization
• Latency, errors, and fault analysis
• Request tracking across distributed systems
• provides an end-to-end view of requests as they travel through your application, and shows a map of your application’s underlying components

Question 19

What is CloudTrail?

Answer 19

• Audit API calls made by users, services, AWS console
• Useful to detect unauthorized calls or root cause of changes
• a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.

Question 20

What is CloudWatch?

Answer 20

• CloudWatch Metrics over time for monitoring
• CloudWatch Logs for storing application logs
• CloudWatch Alarms to send notifications in case of unexpected metrics
• provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health

Question 21

What should you check if X-Ray is not working on EC2?

Answer 21

ensure EC2 IAM Role has proper permissions

2. ensure EC2 instance is running X-Ray Daemon

Question 22

What should you check if X-Ray is not working on Lambda?

Answer 22

1. ensure it has an IAM execution role with proper policy (AWSX-RayWriteOnlyAccess)
2. ensure that X-Ray is imported in the code

Question 23

What is the CloudWatch Logs API to associate a KMS key if the log group already exists?

Answer 23

associate-kms-key

Question 24

What is the CloudWatch Logs API to associate a KMS key if the log group doesn’t exist?

Answer 24

create-log-group

Question 25

If a resource is deleted in AWS, where should you look first?

Answer 25

CloudTrail

Question 26

What is a CloudWatch Metric?

Answer 26

Metric is a variable to monitor (CPUUtilization, NetworkIn, etc)

Question 27

What is a CloudWatch Dimension?

Answer 27

Dimension is an attribute of a metric (instance id, environment, etc)

Question 28

What is the default CloudWatch EC2 instance metric time?

Answer 28

EC2 instance metrics have metrics every 5 minutes by default

Question 29

How often can you receive metrics with CloudWatch detailed monitoring (for a cost)?

Answer 29

With detailed monitoring, you get data every 1 minute

Question 30

Encryption of CloudWatch logs using KMS is at what level?

Answer 30

Encryption of logs using KMS is at the Group Level

Question 31

How do you send CloudWatch logs from your EC2?

Answer 31

By default, no longs from your EC2 machine will go to CloudWatch.

You need to run a CloudWatch agent on EC2 to push the log files you want. Make sure IAM permissions are correct

Question 32

What do you use to collect additional system-level metrics?

Answer 32

CloudWatch Unified Agent

upgrade from CloudWatch Logs Agent