AWS Monitoring & Audit: Cloud Watch, CloudTrail & Config

Question 1

CloudWatch Metrics

Answer 1

• Metric is a variable to monitor (CPUUTilization, NetworkIN…)
• Dimensions is an attribute of a metric
• Can create CloudWatch Custom Metric (for the RAM for example)

Question 2

CloudWatch Logs

Answer 2

• Log groups: arbitrary name, usually representing and application.
• Log stream: instances within application / log files / containers

Question 3

Cloud WatchLogs can send logs to:

Answer 3

• Amazon S3
• Kinesis Data Streams
• Kinesis Data Firehouse
• AWS Lambda
• OpenSearch

Question 4

CloudWatch Logs - Sources:

Answer 4

• SDK, CloudWatch Logs Agent, CloudWatch Unified Agent
• Elastic Beanstalk: collection of logs from application
• ECS: collection of containers
• AWS Lambda: collection from function logs
• VPC Flow Logs: VPC specific logs
• API Gateway
• CloudTrail based on filter
• Route53: Log DNS queries

Question 5

CloudWatch Logs for EC2

Answer 5

• Need to install CloudWatch agent.
• Make sure IAM permission are set.

Question 6

Difference between CloudWatch Log & CloudWatch Unified Agent

Answer 6

CloudWatch Log
* Old version of the agent
* Can only send to CloudWatch Logs
CloudWatch Unified Agent
* Collect additional system-level metrics such as RAM, processes, etc.
* Collect logs to send CloudWatch Logs

Question 7

Cloud Watch Unified Agent - Metrics

Answer 7

• Collect directly on youy Linux server / EC2 instance
• CPU
• Disk metrics
• RAM
• Netstat
• Processes
• Swam Space

Question 8

CloudWatch Alarms - Composite Alarms

Answer 8

• Are on a single metric
• Composite Alarms are monitoring the states of multiple other alarms
• And and OR conditions

Question 9

Amazon EventBridge

Answer 9

• Schedule: Cron Jobs (schedule scripts)
• Event Pattern: Event rules to react to a service doing something
• Trigger Lambda functions, send SQS/SNS messages

Question 10

Amazon EventBridge - Schema Registry

Answer 10

• EventBridge can analyze the events in your bus and infer the schema
• The Schema Registry allow you to generate code for your application, that will know in advance how data is structured in the event bus
• Schema can be versioned

Question 11

CloudWatch Container Insight

Answer 11

• Collect, aggregate, summarize metrics and logs from containers
• Available for containers on:
  
  • Amazon Elastic Container Service (Amazon ECS)
  • Amazon Elastic Kubernetes Service (Amazon EKS)
  • Kubernetes platform on EC2
  • Fargate (ECS, EKS)

Question 12

CloudWatch Contributor Insights

Answer 12

• Analyze logs data an create time series that display contributor data.
  See metrics about the top-N contributores
  The total number of unique contributos, and their usage.

Question 13

CloudWatch Container Insight

Answer 13

• ECS, EKS, Kubernetes on EC2, Fargate, need agent for Kubernetes
• Metrics and Logs

Question 14

CloudWatch Lambda Insights

Answer 14

• Detailed metrics to throubleshoot serverless applications

Question 15

CloudWatch Contributors Insight

Answer 15

• Find “Top-N” Contributors throught CloudWatch Logs

Question 16

AWS CloudTrail

Answer 16

• Provide governance, compliand and audit for your AWS Account
• GEt an history of events/API calls made within your AWS Account by:
  Console
  SDK
  CLI
  AWS Services