AWS Monitoring and Audit

Question 1

What does CloudWatch do?

Answer 1

CloudWatch provides metrics for almost every service in AWS

Question 2

What is a metric?

Answer 2

• Metric is a variable to monitor (i.e. CPU Utilization, Memory etc.)
• Metrics have timestamps

Question 3

What do metrics belong to?

Answer 3

namespaces

Question 4

What is a dimension? (CloudWatch)

Answer 4

Dimension is an attribute of a metric (instance id, environment. etc.)

Question 5

What is the default interval for CloudWatch metrics for EC2 instances?

Answer 5

• every 5 minutes.
• Can enable detailed monitoring (extra $) for data every 1 minute

Question 6

Can custom metrics be defined on CloudWatch?

Answer 6

Yes

Question 7

What is the default metric resolution in CloudWatch (services other then EC2)?

Answer 7

• 1 minute
• Can do high resolution u to 1 second (more $)

Question 8

If you want to capture metric data more frequently then the default setting, what can you do?

Answer 8

Enable High Resolution (up to 1 second) - higher cost

Question 9

What is the API call to set Metric Data?

Answer 9

PutMetricData

Question 10

What do you do if you see throttle errors in CloudWatch?

Answer 10

This can happen if your sending too much data into CoudWatch to quickly. Use exponential backoff to resolve.

Question 11

What needs to be in place in order to send CloudWatch logs?

Answer 11

Make sure IAM permissions are correct

Question 12

Explain CloudWatch Logs for EC2. What service is necessary for this process?

Answer 12

• By default, no logs from your EC2 machine will go to CloudWatch.
• You need to run a CloudWatch Agent on EC2 to push the log files you want.
• Make sure IAM permissions are correct.

Question 13

If you wanted to acheive additional system-level metrics that provided more granular detail, what service would you use?

Answer 13

CloudWatch Unified Agent

Question 14

What are the three main monitoring services in AWS?

Answer 14

• Cloudwatch
• Xray
• CloudTrail

Question 15

What are the four main components of CloudWatch?

Answer 15

• Metrics: Collect and track key metrics
• Logs: Collect, monitor, analyze and store log files
• Events: Send notifications when certain events happen in your AWS
• Alarms: React in real-time to metrics / events

Question 16

What is AWS EventBridge?

Answer 16

• EventBridge is the next evolution of CloudWatch Events.
• It builds upon and extends CloudWatch Events.
• It uses the same service API and endpoint, and the same underlying service infrastructure.
• EventBridge allows extension to add event buses for your custom applications and your third-party SaaS apps.
• Event Bridge has the Schema Registry capability

Question 17

What is AWS Xray?

Answer 17

• AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture
• A visual monitoring service
• Allows tracing (follows a request)

Question 18

What is Tracing (Xray)?

Answer 18

• An end to endway of following a request.
• Can trace every request or just a percentage

Question 19

How is Xray enabled?

Answer 19

• Your code must import the AWS X-Ray SDK
• Install the X-Ray daemon or enable X-Ray AWS integration
• Each application must have the IAM rights to write data to Xray.

Question 20

Your Xray application works locally, but it fails on your EC2 machine. Why?

Answer 20

Most likely answer:

• On your machine, you’re running the Xray daemon, but the daemon is not running on your EC2 and therefore Xray does not see your calls.
• Another possible reason is the EC2 instance does not have the proper IAM permissions.

Question 21

What are Segments in Xray?

Answer 21

Segments provide the resources name, details about the request, and details about the work done.

Question 22

How should Xray be integrated in with AWS Lambda?

Answer 22

• Ensure that your lambda function has an IAM execution role with proper policy (AWSX-RayWriteOnlyAccess)
• Ensure that X-Ray is imported in the code
• Xray integration is enabled on AWS lambda

Question 23

Does AWS X-Ray send trace data directly to AWS X-Ray?

Answer 23

No. The X-Ray SDK sends the trace data to a daemon, which collects segments for multiple requests and uploads them in batches to AWS X-Ray.

Question 24

How can AWS X-Ray be integrated in with AWS BeanStalk?

Answer 24

Enable the daemon within the .ebextensions/xray-daemon.config file

Question 25

How do you run Xray with ECS?

Answer 25

• Set containerPort to 2000
• Set protocal for portMapping to ‘udp’
• Set an environment variable for the xray daemon address
  
  • value maps to port 2000 (above). This is how the application knows where the xray daemon is.
• link to xray daemon container to app container

Question 26

What are subsegments in Xray?

Answer 26

Subsegments provide more granular timing information and details about downsteam calls that your app made to fulfill the original request.

Question 27

What is a service graph (xray)?

Answer 27

A flow chart visualization of average response for micro-services and to visually pinpoint failure(s).

Question 28

What is AWS CloudTrail?

Answer 28

• a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.
• Continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.

Question 29

If a resource gets deleted in AWS, which service should you use first to help pinpoint what happened?

Answer 29

CloudTrail

Question 30

What are the 3 possible alarm states for CloudWatch Alarms?

Answer 30

• OK
• INSUFFICENT_DATA
• ALARM

Question 31

CloudTrail vs. CloudWatch vs. Xray

Answer 31

CloudTrail

• Audit API calls made by users / services / AWS console
• Useful to detect unauthorized calls or root cause of changes

CloudWatch

• CloudWatch Metrics over time for monitoring
• CloudWatch Logs for storing application log
• CloudWatch Alarms to send notifications in case of unexpected metrics

X-Ray

• Automated Trace Analysis & Central Service Map Visualization
• Latency, Errors and Fault analysis
• Request tracking across distributed systems

Question 32

We’d like to have CloudWatch Metrics for EC2 at a 1 minute rate. What should we do?

Answer 32

Enable Detailed Monitoring

Question 33

What period of time can be set to trigger an alarm for a high resolution meteric?

Answer 33

10 sec or 30 sec only

Question 34

What is the architecture of CloudWatch Logs?

Answer 34

• Logs have log groups which have an arbitrary name, usually representing an application and
• Log groups have log streams that are instances with the application / log files / containers

Question 35

Do CloudWatch logs have an expiration?

Answer 35

Only if one is applied. Expirations are defind by expiration policies (never expire, 30 days etc)

Question 36

How are CloudWatch Logs secured?

Answer 36

Logs can be encrypted at the group level using KMS at rest.

Question 37

You would like to index your XRay traces in order to search and filter through them efficiently. What should you use?

Answer 37

Use annotations

Question 38

What are the 5 Xray Write APIs?

Answer 38

• PutTraceSegments
• PutTelemetryRecords
• GetSamplingRules
• GetSamplingTargets
• GetSamplingStatistciSummaries

Question 39

Xray Write API: PutTraceSegments

Answer 39

Uploads segment documents to AWS Xray

Question 40

Xray Write API: PutTelemetryRecords

Answer 40

• Used by AWS X=Ray daemon to upload telemetry.
• Uploads information on how many segments were recieved, rejected, and the number of backend connection errors.
• Helps with metrics

Question 41

Xray Write API: GetSamplingRules

Answer 41

• Retrieves all sampling rules
• Even though this is a “GET “ request it is included in the Xray Write API because sampling rules are changed in the console, all xray daemons are automatically updated (written to) to know when to send data into xray

also applies to GetSamplingTargets and GetSamplingStatisticSummaries