AWS CloudWatch

Question 1

What is an AWS CloudWatch Metric?

Answer 1

Is a time-ordered set of data points

Question 2

I have a custom application, can I publish a custom Metric to CloudWatch?

Answer 2

Yes, you can use the CLI or API.

Question 3

How long is data available in a Matric?

Answer 3

15 months before it is overwritten

Question 4

Can you send historical matric data to cloud watch?

Answer 4

Yes, you can send up to 2 weeks of historical data.

Question 5

If you do not provide a time stamp for a matric data point what will happen?

Answer 5

Cloud watch will add a timestamp based on DateTime received.

Question 6

What happens to data points less than 60 seconds?

Answer 6

They are available for 3hrs after this they are aggregated for long-term storage as a Statistic.

Question 7

What happens to data points of equal to 60 seconds?

Answer 7

They are available for 15 days and then aggregated for long-term storage.

Question 8

What is a CloudWatch dimension?

Answer 8

Is a key-value pair that identifies the matric, you can have up to 10 dimensions on a Metric.

Question 9

How many dimensions can I have?

Answer 9

Up to 10.

Question 10

What is a cloud watch namespace?

Answer 10

A namespace is a container for matric’s.

Question 11

Are cloudwatch namespaces isolated from each other?

Answer 11

Yes, AWS/EC2 is seperate from AWS/VPC

Question 12

Can i have 11 dimentions for a matric?

Answer 12

No there is a limit of up to 10.

Question 13

What is a namespace used for?

Answer 13

It holds one or more matric from a common source such as AWS/S3 or AWS/EC2.

Question 14

What is a statistic?

Answer 14

Statistics are the metric data points aggrigations over a time period. This happens to data that is of high resolution, below 60 seconds after 3hrs data is aggregated into a statistic.

Question 15

What will a stastic look like?

Answer 15

Minium, Maxum, Sum, Average, SampleCount

Question 16

Has a stat a unit of measure and what is it used for?

Answer 16

A stat unit of measure temms the data wnat is is, for example seconds, bytes, count, present.

Question 17

What is a CloudWatch metric statistic period?

Answer 17

It is the period of time the statistic represents.

Question 18

Are cloud watch metric stat period defined in seconds?

Answer 18

Yes periods are defiend in seconds, 360 is six minutes.

Question 19

Are aggrigated cloud watch metric stat be available when now using detailed monitoring?

Answer 19

No dfatiled stats are only available when using detailed monitoring.

Question 20

Can a CloudWatch metric statistic aggregate across regions?

Answer 20

No, data for the statistic comes from the region the statistic is being produced in.

Question 21

CloudWatch has a number of different functions, what are they?

Answer 21

Collect process, store and graphic metric from AWS systems. Also collect, process and store log files, dashboards, alarms and events.

Question 22

Cathy recently joined Concerto, she been set up on the corporate AWS account with no access to any AWS resources, Cathy needs read-only access to CloudWacth, how can I do this?

Answer 22

Create an inline policy for Cathy with read-only privileges to CloudWatch or add Cathy to an existing IAM group with read-only privileges.

Question 23

What will this IAM policy do with regard to AWSCloudWatch, { “Version”: “2012-10-17”, “Statement”:[{ “Effect”:”Allow”, “Action”:[“cloudwatch:GetMetricStatistics”,”cloudwatch:ListMetrics”], “Resource”:”*”, “Condition”:{ “Bool”:{ “aws:SecureTransport”:”true” } } } ] }

Answer 23

The policy is a resource-based policy and will allow (cloudwatch:GetMetricStatisticsdata and cloudwatch:ListMetrics) to be called only if SSL is true.

Question 24

What are the supported notification services for AWSCloudWatch?

Answer 24

SNS

Question 25

With regard to CloudWatch logs, what is cloud watch logs main purpose?

Answer 25

Enables you to store log information sent from EC2 agents or through the API

Question 26

How can I count the number of log events arriving at cloudwatch logs?

Answer 26

You can use a cloudwatch metric filter and sets it a pattern and matric name, this will send metric to cloudwatch metric.

Question 27

If I wanted to log information from the OS in an EC2 instance, is it possible and what do I need to do?

Answer 27

Yes, it is possible, you have to add an agent to the EC2 instance and set up a log group and log stream.

Question 28

I just installed a CloudWatch log agent on an EC2 instance, configured to send data through VPC IG and internet to CloudWatch, I also set up a log group and log stream, I am not getting data logs to AWS CloudWatch logs, what could be causing this?

Answer 28

The security group rules or ACL could be blocking,

Question 29

On my VPC I need to be alerted when a connection is attempted from an external IP coming in from the internet, how could I do this?

Answer 29

You could use VPC flow logs and send the flow log data to cloudwatch logs, create a metric filter to send output to cloudwatch metrics, also create a CloudWatch alarm.

Question 30

I have a log file, is it possible to upload this file to a cloudwatch stream?

Answer 30

Yes, you can use the cloudwatch logs API to upload this file into the log stream. PutLogEvents

Question 31

Using CLI, how can I get a list of the logs in a log group?

Answer 31

aws logs filter-log-events –log-group-name CloudTrail/DefaultLogGroup

Question 32

I need to analyze flow logs in AWS Kinesis, how can I do this?

Answer 32

I can configure AWS VPC FlowLogs to be sent to a CloudWatch log stream in a log group, I can subscribe to this stream and have the data delivered to AWS aws kinesis to be analyzed. PutSubscriptionFilter

Question 33

When I use PutSubscriptionFilter in relation to AWS CloudWatch logs, what am I doing?

Answer 33

You are subscribing to the log stream so you can receive the incoming events as the arrive into the log stream.

Question 34

With regard to AWS log stream’s, what are the subscriptions endpoints I can use with PutSubscriptionFilte?

Answer 34

An Amazon Kinesis stream belonging to the same account as the subscription filter, for same-account delivery. A logical destination that belongs to a different account, for cross-account delivery. An Amazon Kinesis Firehose delivery stream that belongs to the same account as the subscription filter, for same-account delivery. An AWS Lambda function that belongs to the same account as the subscription filter, for same-account delivery.

Question 35

With regard to AWS cloudwatch logs, how long can I retain the data for?

Answer 35

For ever

Question 36

What is the default length of time I can retain data in cloudwatch logs

Answer 36

The default length is for ever

Question 37

I need to conserve on cost’s in relation to my cloud, i see cloudwatch logs is using quite an amouint of dat and it is growing year on year, i do not nee do keep data over a year, what cna I do usiong AWS functionality?

Answer 37

You can set the retention policy. PutRetentionPolicy ebables you to set the number of days you data is retained and available.

Question 38

What is a Matric filter in Cloudwatch logs?

Answer 38

A matric filter enables you to create a pattern that will be matched on incoming log events and will add to a custom Cloudwatch metric.

Question 39

How can I count the number of 404 code coming to my EC2 instance using only AWS services or features?

Answer 39

Can you set up VPC from logs with data sent to cloudwatch log group, set up a metric filter to add to a custom cloudwatch metric.

Question 40

Where are flow logs sent to, a log group or a log stream?

Answer 40

Flow logs are sent to a log group?

Question 41

Can I send flow logs to another destination?

Answer 41

Yes you can send to an S3 buckst

Question 42

When sending logs to Cloudwatch log group, do you need IAM permissions?

Answer 42

Yes, you need an IAM role with permissions to publish to Cloudwatch or S3. This role will be assumed by VPC FlowLOgs service.

Question 43

On VPC flow logs can I filter on the recorded traffic?

Answer 43

Yes, you can choose to record all, accept or reject traffic.

Question 44

Will the flow logs have traffic to Amazon DNS servers?

Answer 44

No

Question 45

Will the low logs have Windows licence activation traffic present?

Answer 45

No

Question 46

Will DHCP requests be present in the flow logs?

Answer 46

No

Question 47

How often will flowlogs send data to a Cloudwatch log group?

Answer 47

About every 10min.

Question 48

What information will flow logs have?

Answer 48

The ENI (Network interface), Accepted or Rejected, src and dest address, src and dest port, protocol, num packets transferred during capture window, windows start time, windows end time, action, log-status (if all capturing was ok).

Question 49

Can I Tag a log group?

Answer 49

No

Question 50

Can I Tag a Cloud|Watch log stream?

Answer 50

No.

Question 51

What is a Cloudwatch metric namespace?

Answer 51

Namespace is a container for Metrics, for example, the AWS/EC2 namespace contains all the metrics for EC2 instances.

Question 52

What types of metrics are available for S3?

Answer 52

Storage and request.

Question 53

How often are s3 storage metrics reported?

Answer 53

Once per day.

Question 54

What intervals are S3 storage matric reported on?

Answer 54

about every 1 min, but only once a day.

Question 56

What is a Clouswatch metric statistic used for?

Answer 56

It is used as an ag

gregation for matric data. An example is data points less then

Question 57

For CloudWatch Metrics for S3, what is the metric for getting the size of the bucket?

Answer 57

BucketSizeBytes

Question 58

For CloudWatch Metrics for S3, what is the metric for getting the number of objects?

Answer 58

NumberofObjects.

Question 59

With regard to CloudWatch Metrics and S3, is BucketSizeBytes and NumberOfObjects a BucketMetric or a Request metric?

Answer 59

A bucket Metric.

Question 60

With regard to CloudWatch Metrics and S3 how can I get Metric values with regard to the S3 requests?

Answer 60

S3 has a list of Metrics available where you can get Metrics for AllRequets, GetRequetss, PutRequets, DeleteRequetss,

Question 61

What CLI command would I used to get S3 Metric information?

Answer 61

aws cloudwatch get-metric-statistics

Question 62

With regard to CloudWatch Metrics, what is a dimension and what is it used for?

Answer 62

A dimension is a set of key-value pairs on a Metric that are used to give the metric extra information that can be used to filter. An example is an S3 Metric has a dimension called StorageType that holds the storage type infolike GLACIER, STANDARD, you know from this that matric is of type X.

Question 63

How can we search and filter the published Cloudwatch log and turn results into numerical Cloudwatch Metrics?

Answer 63

Using Cloudwatch Metric filters, with these filters we can use a pattern syntax to find things like 400 responses and turn this into a Metric data point.

Question 64

When we create a Cloudwatch filter what are the inputs?

Answer 64

filter pattern, name, namespace, metric value, default value.

Question 65

How can I share my log data with another account?

Answer 65

Subscriptions: It is possible to share your log data with another account, the important thing here is data can only be shared with an account with Knesis, Kenisi is the only supported endpoint Cloudwatch supports.

Question 66

I want to share my log data with a Kenisis log aggregator in another account, what do I need to do?

Answer 66

1. aws kinesis create-stream
2. aws logs put-subscription-filter 3.

Question 67

What is cCloudWatch Log Subscription Filter used for?

Answer 67

It establishes a subscription on a log group and filters using a filter-pattern the traffic and delivers this traffic to another account-kinesis ARN destination.

Question 68

I need to share my logs with another account with a lambda expression, can I use CloudWatch Logs subscriptions?

Answer 68

No, currently the only supported delivery resource in another account is Kenesis

Question 69

Is it possible to share my CloudWatch logs with Lambda?

Answer 69

Yes, I can share my logs with Lambda using a SunscriptionFilter, this will start to deliver my logs to the Lambda resource as a stream.

Question 70

What is a ClouWatch Logs Subscription filter?

Answer 70

This is a filter that when created enables you to subscribe to a CloudWatch logs log group and have the data streamed to an endpoint, supported endpoints are,

1. Lambda in the same account
2. Kinesis in the same account
3. Kinesis in a separate account
4. ElasticSerch (ES) in same account

Question 71

In a CloudWatch logs subscription, what is the filter pattern used for?

Answer 71

This is used to filter only the logs info you want and this log data will be streamed to the destination.

Question 72

What be AWS service logs published directly S3?

Answer 72

VPC Flow Logs.

Question 73

I need to get a quick dump of a current AWS CloudWatch log group, how can I do this?

Answer 73

You can use the AWS CloudWatch create-export-task in the CLI to export the data to an S3 bucket.

Question 74

I need to secure the data in the AWS CloudWatch log group, how can I do this?

Answer 74

You can use AWS logs associate-kms-key with the AWS CloudWatch logs log group, dat from the point on will be encrypted.

Question 75

Can I tag an AWS CloudWatch log stream?

Answer 75

Yes

Question 76

How can I measure the number of events into CloudWatch logs?

Answer 76

CloudWatch logs send metrics to CloudWatch, like,

• IncomingLogsEvents,
• ForwaredBytes
• IncomingBytes

Question 77

What should I be considered when centralizing logging?

Answer 77

Retention, how long, some orgs need as long as 5years, this would mean that we need to look at s3, lifecycles and glacier.

Automate the install of the shipping agent on instances, for auto-scaled instances.

Ensure solution supports hybrid (AWS, Azure, on-prem)

Question 78

For centralized logging what services can I use?

Answer 78

AWS S3 and glacier, for storage and archive

AWS CloudWatch for capture and basic analytics

AWS ElasticSearch

Kinesis Firehose

Question 79

How can dimensions can I have on a CloudWatch metric?

Answer 79

10

Question 80

For log management what, what should I be doing for all the logs in the system?

Answer 80

We should be centrally managing the log files in one place, where we can deal with security and each of searching.

Question 81

What does this policy do?

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “VisualEditor0”,
“Effect”: “Allow”,
“Action”: [
“logs:ListTagsLogGroup”,
“logs:DescribeLogGroups”,
“logs:DescribeLogStreams”,
“logs:DescribeSubscriptionFilters”,
“logs:StartQuery”,
“logs:GetLogEvents”,
“logs:DescribeMetricFilters”,
“logs:FilterLogEvents”,
“logs:GetLogGroupFields”
],
“Resource”: [
“arn:aws:logs:*:*:log-group:kt-test-lfg”,
“arn:aws:logs:*:*:log-group:*:*:*”
]
},
{
“Sid”: “VisualEditor1”,
“Effect”: “Allow”,
“Action”: [
“logs:DescribeQueries”,
“logs:DescribeExportTasks”,
“logs:GetLogRecord”,
“logs:GetQueryResults”,
“logs:StopQuery”,
“logs:TestMetricFilter”,
“logs:DescribeResourcePolicies”,
“logs:GetLogDelivery”,
“logs:DescribeDestinations”,
“logs:ListLogDeliveries”
],
“Resource”: “*”
}
]
}

Answer 81

Enables you to view only a specific log stream.

Question 82

How can we push the logs to form a Linux instance to a log group?

Answer 82

Install the agent on agent and point at a log group.

Question 83

I want to reach out to another accounts cloudwatch and get access to the logs, how cna I do this?

Answer 83

Create a subscription filter and point at the other account kenisis

Question 84

I need to monitor an instance operating system, how can I do this?

Answer 84

You can install the cloud whatch agent on the instance and have it post data to cloudwatch.

Question 85

I need to monitor the memory of an instance, how can I do this?

Answer 85

Install the cloudwatch agent on the instance and post the data to cloudwatch.

Question 86

Do I need to collect the logs from an instances operating system, how cna I do this?

Answer 86

I can install the cloud watch agent on the instance and post the log data to cloud watch logs.

Question 87

What does the cloudwatch agent allow you to collect?

Answer 87

Operating system metrics and logs.

Question 88

What are the different product features in CloudWatch?

Answer 88

• CloudWatch Metrics
• Cloud Watch Logs
• CloudWatch Events
• CloudWatch Alarm

Question 89

What is a CloudWatch NameSpace?

Answer 89

It is a group of metrics for a service like EC2.

Question 90

What is a log stream?

Answer 90

It belongs to a log group and is a set of log messages

Question 91

Where do we get logs form in CloudWatch messages?

Answer 91

• CloudWatch Log Agent
• RDS.

Question 92

What are cloudwatch logs insights?

Answer 92

This is a tool (web portal) inside CloudWatch logs that enables you to run queries.

Question 93

What is a CloudWatch Metric filter used for?

Answer 93

The uses pattern matching in the CloudWatch Logs to generate a metric that is pushed into CloudWatch metrics. You will give it a metric namespace and metric name.

Question 94

What is a CloudWatch event?

Answer 94

CloudWatch events enable you to select a service in AWS to receive events form, service name, event type. Like Ec2 instance state change. You will also select a target lambda function to respond to the event.

Question 95

What is cloudwatch?

Answer 95

It is a suite of products related to monitoring, like,

• CloudWatch Metrics (Performance info)
• CloudWatch Logs (Log info)
• Alarms
• Events
• ServiceLense
• Synthetics
• Contributer Insights

Question 96

What is a log stream?

Answer 96

A log stream is a sequence of log events that share the same source. Each separate source of logs into CloudWatch Logs makes up a separate log stream.

Question 97

What is a log group?

Answer 97

A log group is a group of log streams that share the same retention, monitoring, and access control settings.

Question 98

I wnat to analyze my CloudWatch logs in near real-time, how cna I do this?

Answer 98

You can use subscriptions to get access to a real-time feed of log events from CloudWatch Logs and have it delivered to other services such as a Amazon Kinesis stream, Amazon Kinesis Data Firehose stream, or AWS Lambda.

Question 99

If I am publishing metrics into CloudWatch metrics at a rate of less then 60sec, how long are they available for?

Answer 99

• 3hrs
• After thet 3Hrs they are aggregated

Question 100

If I am publishing metrics into CloudWatch metrics at a rate of every 60sec, how long are they available for?

Answer 100

• 15 days
• After this period thet are aggregated

Question 101

If I am publishing metrics into CloudWatch metrics at a rate of 300sec, how long are they available for?

Answer 101

• 63 days
• After which they are aggrigated

Question 102

If I am publishing metrics into CloudWatch metrics at a rate of 1hr, how long are they available for?

Answer 102

• 15 months
• After which thye are aggregated

Question 103

What is a CloudWatch data point?

Answer 103

It is a point in time and consist of,

• Timestamp
• Unit

Min

• Max
• Average

Question 104

What is a dimension?

Answer 104

It is a set of up to 10 key, value pares in a metric.

Question 105

Is it possible to publish your own custom metric into a costume namespace?

Answer 105

Yes 100%, you can publish custom namespaces and metrics through the API, CLI, ect.

Question 106

Why user wnat to be able to check one a day and see the S3 usage cost, how can do this?

Answer 106

You can create a dashboard, add a widget for the S3 usage cost.

Question 107

I wnat to have a message sent to me when the 10G of storage is used in S3 and alos have the fact that this occurred saved to DynamoDB, how cna I do this?

Answer 107

Use CoudWatch alarms select S3 metric and set a threshold of 10GiB, create and select an SNS topic and have email subscriber of the topic to send an email, alos have lambda be a subscriber of this topic and have lambda save to the DynamoDB.

Question 108

I need to monitor a metric value and have it alarm when it goes over a threshold, but this metric value is complex in at present we get lots offals positives because the values fluctuate during the week but over the month they are stable, what change could I make to improve on this?

Answer 108

You could switch the alarm to anomaly detection.

Question 109

I wnat alarms with statistical and machine learning algorithms, is this possible in AWS, explain?

Answer 109

Yes 100%, you can have cloudwatch alarms with statistical and machine learning algorithms.

Question 110

How does statistical and machine learning work for ClodWatch alarms?

Answer 110

These algorithms continuously analyze metrics of systems and applications, determine normal baselines, and surface anomalies with minimal user intervention.

Question 111

How many weeks of data dose Cloudwatch alarm anomaly detection use?

Answer 111

2weeks

Question 112

I wnat to ensure that when a Cloudwatch alarm triggers that it will only trigger when the data points have been above for a period, how cna I do this?

Answer 112

You cna set the alarm only triggers when above day for 5 periods (period is a say 2 data points, you can select the number of data points)

Question 113

I think I had an alarm today at 1 PM, but not 100% sure, it is possible to check?

Answer 113

Yes 100% alarms when triggered are saved to the Aloudwact alarm history and you view in the Portal.

Question 114

I know Cloudwatch alarms can trigger on SNS, can the CW alarm trigger on lambda direct without using SNS?

Answer 114

Yes each alarm has actions you can select and use, each action you can have triggers on lambda, SNS

Question 115

I have a load balancer and I wnat to have an email sent what the latency goes over 200ms, how can I do this?

Answer 115

Create a cloud watch alarm and have it trigger SNS.

Question 116

I wnat to have every service in AWS trigger on at least one monitored value and send an email when above a threshold, how can I do this?

Answer 116

Most all services in AWS have metrics and you can create an alarm on these metric value and have SNS messages send to a whole host of supported subscribers.

Question 117

How can I have autoscaling increase or decrease based on a metric?

Answer 117

Cloudwatch alarms support action and one of the actions available is the ability to increase or decrease an autoscaling group.

Question 118

What actions can I take on a CloudWatch alarm?

Answer 118

• SAN
• Autoscaling group
• ECS

– EC2

Question 119

I wnat to have an email sent to me when the EC2 CPU Idle % goes over 60%, how cna I easily do this?

Answer 119

Add cloudwatch agent to the EC2 and have it send metrics to CloudWatch, create a CW Alarm and have it triggered on the 60%, create SNS topic and have it trigger on the alarm, subscribe to the SNS topic.

Question 120

I have a datacenter with 1000 servers and I wnat to monitor there CPU and Memory, create Alarms and take automated actions, how can I do this?

Answer 120

• Install cloudwatch agent on the servers
• Use Cloudwatch metrics to capture CPU and Memory
• Create CloudWatch alarms to trigger actions like automation
• Use SSM for automated action or Lambda.

Question 121

I have 100s of millions of raspberry pi sensors all around the world, I need to be able to easily monitor the level on a dashboard and alos set thresholds and send an email when threshold are triggered, I also need dashboards, how can I do this?

Answer 121

You can use CloudWact, write the Rasberry Pi code to send matrics via CloudWatch API to CW. Use CW dashboard to display and graph. Use CW alarms to trigger an SNS and sent emails.

Question 122

Is it possible to have Alarms trigger events in cloud watch?

Answer 122

Yes, 100%, very important feature as events enable you to perform may the tasks.

Question 123

For cloudwatch is there one or two agents for cloud watch logs and cloudwatch metrics?

Answer 123

Two separate agents.

Question 124

What is a log group?

Answer 124

It is a group of log streams thet shares the same retention, monitoring and access control.

Question 125

Is retention set on the log group or log stream?

Answer 125

Log group and is applied to all the streams in the log group, keep in mind the retention is the time the log stream will be retained.

Question 126

What is a log stream?

Answer 126

It is a sequence of log events and a log event is like ‘1/1/2020 Error EC2 instance X has an issue with C: drive’

Question 127

Where can I store my CloudTrail logs?

Answer 127

You can store them in S3, but you also have the option to have them sent and stored in ClouWatch Logs?

Question 128

Are cloudwatch events near realtime?

Answer 128

Yes, cloudwatch events are near real-time.

Question 129

What are the concepts of the cloudwatch event?

Answer 129

• Events
• Rules
• Targets

Question 130

How does cloud watch events work?

Answer 130

It receives operational events form AWS services and allows you to create rules and define targets.

Question 131

When using cloudwatch events can I have multiple events targets or only one?

Answer 131

multiple, just select add.

Question 132

What types of event buses can you have?

Answer 132

AWS Default

SAAS Provider

Custom

Question 133

What is the default AWS EventBus used for?

Answer 133

It is used when you create CloudWatch events, it is the bus thet receives standard AWS events like EC2 stopping.

Question 134

What is a custom event bus?

Answer 134

Can receive events from your custom applications and service