AWS CloudWatch, X-Ray and CloudTrail

Question 1

Whats the usage of AWS CloudWatch?

Answer 1

• Metrics: Collect and track key metrics
• Logs: Collect, monitor, analyze and store log files
• Events: Send notifications when certain events happen in your AWS
• Alarms: React in real-time to metrics / events

Question 2

Whats the usage of AWS X-Ray?

Answer 2

• Troubleshooting application performance and errors
• Distributed tracing of microservices

Question 3

Whats the usage of AWS CloudTrail?

Answer 3

• Internal monitoring of API calls being made
• Audit changes to AWS Resources by your users

Question 4

Whats a CW Metric?

Answer 4

• Metric is a variable to monitor (CPUUtilization, NetworkIn…)
• Metrics belong to namespaces
• Dimension is an attribute of a metric (instance id, environment, etc…).
• Up to 30 dimensions per metric
• Metrics have timestamps

Question 5

What is EC2 Detailed monitoring?

Answer 5

• EC2 instance metrics have metrics “every 5 minutes”
• With detailed monitoring (for a cost), you get data “every 1 minute”
• Use detailed monitoring if you want to scale faster for your ASG!

Question 6

Does EC2 Memory usage pushed by default to CW?

Answer 6

Nope

Question 7

Whats CW Custom Metrics?

Answer 7

Possibility to define and send your own custom metrics to CloudWatch.
* Use API call PutMetricData
* Ability to use dimensions (attributes) to segment metrics
* Metric resolution (StorageResolution API parameter – two possible value):
– Standard: 1 minute (60 seconds)
– High Resolution: 1/5/10/30 second(s) – Higher cost

Question 8

Whats the time range where you can push CW Custom metrics?

Answer 8

Custom metrics can be pushed two weeks in the past and two hours in the future.

Question 9

What are CW Logs?

Answer 9

• Log groups: arbitrary name, usually representing an application
• Log stream: instances within application / log files / containers
• Can define log expiration policies (never expire, 30 days, etc.

Question 10

Where can you send CW Logs?

Answer 10

• Amazon S3 (exports)
• Kinesis Data Streams
• Kinesis Data Firehose
• AWS Lambda
• OpenSearch

Question 11

What are the sources of the CW Logs?

Answer 11

• SDK, CW Logs Agent, CW Unified Agent
• Elastic Beanstalk: collection of logs from applications
• ECS: collection from containers
• AWS Lambda: collection from function logs
• VPC Flow Logs: VPC specific logs
• API Gateway
• CloudTrail based on filter
• Route53: Log DNS queries

Question 12

What is CW Metric Filter and Insights?

Answer 12

• CloudWatch Logs can use filter expressions
• Metric filters can be used to trigger CloudWatch alarms
• CloudWatch Logs Insights can be used to query logs and add queries to CloudWatch Dashboards

Question 13

What is CW Metric Filter and Insights?

Answer 13

• CloudWatch Logs can use filter expressions
• Metric filters can be used to trigger CloudWatch alarms
• CloudWatch Logs Insights can be used to query logs and add queries to CloudWatch Dashboards

Question 14

How much time does it take to export CW Logs to S3?

Answer 14

It can take up to 12 hours.

Question 15

What is the API call to export CW logs to s3?

Answer 15

CreateExportTask

Question 16

What is CW Logs Subscription?

Answer 16

You can register real time handlers. It can send to:
* Lambda
* Kinesis Data Firehose
* Kinesis Data Stream

Question 17

How to aggregate Multi-Account / Multi Region logs?

Answer 17

With subscription filters directiong to one Kinesis Data Stream.

Question 18

Are CW logs sent by EC2 instances?

Answer 18

No, you need to run CW agent to push the log files. Make sure to use the correct IAM permissions

Question 19

What is CW Logs Agent?

Answer 19

Old agent version, can only push logs to CW Logs

Question 20

What is CW Unified Agent?

Answer 20

The newer agent version:
* Collect additional system-level metrics
* Collect logs to send to CW Logs
* Centralized confi using SSM Parameter Store

Question 21

What are the CW Unified Agent metrics?

Answer 21

• CPU (active, guest, idle, system, user, steal)
• Disk metrics (free, used, total), Disk IO (writes, reads, bytes, iops)
• RAM (free, inactive, used, total, cached)
• Netstat (number of TCP and UDP connections, net packets, bytes)
• Processes (total, dead, bloqued, idle, running, sleep)
• Swap Space (free, used, used %)

Question 22

What CW Logs Metric Filter?

Answer 22

• Filter CW Logs by expression
• Filters do not retroactively filter data. Its publish the metric data after it was created

Question 23

What is CW Alarm?

Answer 23

• Alarms are used to trigger notifications for any metric
• Various options (sampling, %, max, min, etc…)

Question 24

What are the CW Alarm states?

Answer 24

• OK
• INSUFFICIENT_DATA
• ALARM

Question 25

What can be the target of CW Alarm?

Answer 25

• Amazon EC2
• EC2 Auto Scaling
• Amazon SNS

Stop, Terminate or Recover EC2 instance.
Trigger auto scaling action
Send noti to SNS

Question 26

What are CW Compiste Alarms?

Answer 26

• Composite Alarms are monitoring the states of multiple other alarms
• AND and OR conditions
• Helpful to reduce “alarm noise” by creating complex composite alarms

Question 27

How to test CW Alarms and Notifications by CLI?

Answer 27

aws cloudwatch set-alarm-state –alarm-name “myalarm” –state-value
ALARM –state-reason “testing purposes”