AWS Monitoring & Auditing Flashcards
CloudWatch, cloudTrail, & Config
CloudWatch Metric Streams
What are CloudWatch Metric Streams?
Understanding the functionalities and significance of CloudWatch Metric Streams.
AWS service for streaming CloudWatch metrics to other AWS services in real-time.
Answer: CloudWatch Metric Streams is an AWS service that enables the streaming of CloudWatch metrics to other AWS services in real-time. It allows users to capture and send CloudWatch metrics data directly to services like Amazon Kinesis Data Firehose, AWS Lambda, and Amazon Managed Streaming for Apache Kafka (MSK) for further processing and analysis.
Real world Use-Case: Organizations use CloudWatch Metric Streams for various real-time monitoring and analytics applications such as anomaly detection, trend analysis, and operational insights. For example, companies can stream CloudWatch metrics to Amazon Kinesis Data Firehose to analyze application performance metrics or send alerts based on specific thresholds.
Suitable Analogy: Think of CloudWatch Metric Streams as a live data pipeline that continuously flows with real-time metrics, allowing organizations to tap into the pulse of their AWS resources and applications. It’s like having a sensor network that provides instant feedback on the health and performance of your cloud infrastructure.
CloudWatch Metric Streams offers low-latency data delivery and supports customizable filtering and transformation of metrics data before it is streamed to other services. It provides a flexible and scalable solution for building real-time monitoring and analytics workflows.
Facilitates real-time streaming of CloudWatch metrics data to other AWS services, enabling organizations to build responsive monitoring and analytics solutions in AWS environments.
CloudWatch Logs
What is CloudWatch Logs?
Understanding the functionalities and significance of CloudWatch Logs.
AWS service for monitoring, storing, and analyzing log data from AWS resources and applications.
Answer: CloudWatch Logs is an AWS service for monitoring, storing, and analyzing log data from AWS resources and applications. It enables users to collect and centralize log files from various sources, such as Amazon EC2 instances, AWS Lambda functions, and custom applications, providing insights into system and application performance, troubleshooting, and security analysis.
- All logs are encrypted by default.
Real world Use-Case: Organizations use CloudWatch Logs for various logging and monitoring applications such as log aggregation, **real-time analysis, anomaly detection, and compliance auditing. **For example, companies can use CloudWatch Logs to monitor application logs for errors, track user activity, and detect security incidents in real-time.
Suitable Analogy: Think of CloudWatch Logs as a digital diary for your AWS resources and applications, recording events, errors, and activities to help you understand and manage your cloud environment. It’s like having a detailed record of everything that happens in your AWS infrastructure.
CloudWatch Logs offers features such as log group management, log streaming, log filtering, and log retention policies, allowing users to customize their log management and analysis workflows. It provides integrations with other AWS services for seamless monitoring and automation.
Facilitates centralized log management and analysis for AWS resources and applications, enabling organizations to gain insights, troubleshoot issues, and ensure compliance with security and operational requirements in AWS environments.
CloudWatch Agent & CloudWatch Logs Agents
What are CloudWatch Agent and CloudWatch Logs Agents?
Understanding the functionalities and significance of CloudWatch Agent and CloudWatch Logs Agents.
AWS services for collecting and forwarding log and metric data to Amazon CloudWatch.
Answer: CloudWatch Agent and CloudWatch Logs Agents are AWS services designed for collecting and forwarding log and metric data to Amazon CloudWatch. They enable users to monitor and analyze logs and metrics from EC2 instances, on-premises servers, and other sources in near real-time.
Real world Use-Case: Organizations use CloudWatch Agent and CloudWatch Logs Agents for various monitoring and logging applications such as system monitoring, application performance monitoring, security analysis, and compliance auditing. For example, companies can use these agents to collect logs and metrics from their servers, applications, and services, allowing them to gain insights into system health, troubleshoot issues, and optimize performance.
Suitable Analogy: Think of CloudWatch Agent and CloudWatch Logs Agents as dedicated messengers that collect, package, and deliver log and metric data from your servers and applications to Amazon CloudWatch, where it can be analyzed and acted upon. It’s like having reliable couriers that ensure your monitoring data reaches its destination securely and on time.
CloudWatch Agent and CloudWatch Logs Agents offer features such as customizable log and metric collection, log filtering, log rotation, and log forwarding to CloudWatch Logs. They provide integrations with other AWS services for seamless monitoring, alerting, and automation.
Facilitates the collection and forwarding of log and metric data from servers and applications to Amazon CloudWatch, enabling organizations to monitor, analyze, and act upon operational insights in near real-time across their AWS and on-premises environments.
CloudWatch Alarms
What are CloudWatch Alarms?
Understanding the functionalities and significance of CloudWatch Alarms.
AWS service for monitoring and alerting on metric data in Amazon CloudWatch.
Answer: CloudWatch Alarms are a feature of Amazon CloudWatch that enable users to monitor metric data and trigger automated actions based on predefined thresholds or conditions. When a metric exceeds or falls below the specified threshold, CloudWatch Alarms can initiate notifications, such as sending emails or triggering AWS Lambda functions, to alert users about potential issues or events in their AWS environment.
Real world Use-Case: Organizations use CloudWatch Alarms for various monitoring and alerting applications such as infrastructure monitoring, application performance monitoring, cost management, and security monitoring. For example, companies can set up CloudWatch Alarms to notify them when CPU utilization on an EC2 instance exceeds a certain threshold, indicating potential performance issues or resource constraints.
Suitable Analogy: Think of CloudWatch Alarms as vigilant sentinels that stand guard over your AWS resources, watching for signs of trouble and sounding the alarm when conditions warrant attention. It’s like having automated watchdogs that alert you to anomalies or deviations from expected behavior in your cloud environment.
CloudWatch Alarms offer features such as customizable thresholds, multiple notification actions, and integration with other AWS services for automated remediation and response. They provide visibility and control over the health and performance of AWS resources, helping users to proactively manage and optimize their cloud infrastructure.
Enables proactive monitoring and alerting on metric data in Amazon CloudWatch, allowing users to stay informed about the health and performance of their AWS resources and take timely actions to address potential issues or events.
CloudWatch Alarm Targets
What are CloudWatch Alarm Targets?
Understanding the functionalities and significance of CloudWatch Alarm Targets.
AWS feature allowing users to define actions triggered by CloudWatch Alarms.
Answer: CloudWatch Alarm Targets are the actions or resources that CloudWatch Alarms can trigger when a specified condition is met. These targets define the response mechanism when an alarm state changes, such as
- sending notifications,
- Invoking AWS Lambda functions,
- Triggering Auto Scaling policies to automatically adjust resources
based on monitoring metrics.
Real world Use-Case: Organizations use CloudWatch Alarm Targets to define specific actions or responses when certain thresholds or conditions are met or exceeded.
For instance,
- They might configure alarms to notify administrators via Amazon SNS (Simple Notification Service) when system resources reach critical levels or to automatically scale up or down based on demand fluctuations using Auto Scaling policies.
CloudWatch Alarm Targets offer a range of options, including sending notifications via SNS, invoking AWS Lambda functions for automated remediation, or triggering actions on other AWS services like Auto Scaling, allowing for flexible and customized responses to monitoring events.
CloudWatch Alarm Targets provide the means to define and customize the actions triggered by CloudWatch Alarms, enabling organizations to implement effective monitoring, alerting, and automated response mechanisms in their AWS environments.
CloudWatch Alarms - Composite Alarms
What are CloudWatch Composite Alarms?
Understanding the functionalities and significance of CloudWatch Composite Alarms.
Special type of CloudWatch Alarm that aggregates multiple alarms into one.
Answer: CloudWatch Composite Alarms are a special type of CloudWatch Alarm that aggregates multiple alarms into a single alarm. Unlike standard alarms, which monitor individual metrics, composite alarms allow users to create logical combinations of alarms, enabling more sophisticated monitoring and alerting scenarios.
Real world Use-Case: Organizations use CloudWatch Composite Alarms to create higher-level alarms that trigger based on complex conditions involving multiple metrics or resources. For example, they might create composite alarms to monitor the overall health of an application by combining metrics such as CPU utilization, memory usage, and network traffic.
Suitable Analogy: Think of CloudWatch Composite Alarms as master alarms that oversee the collective state of several individual alarms, much like a manager who monitors the performance of multiple team members. They provide a consolidated view of system health and performance, allowing for more efficient monitoring and response.
CloudWatch Composite Alarms offer flexibility in defining alarm conditions, allowing users to set thresholds based on combinations of metric values, logical operators, and time periods. They provide a comprehensive approach to monitoring complex systems and applications in AWS environments.
CloudWatch Composite Alarms provide a powerful mechanism for monitoring and alerting on complex conditions by aggregating multiple alarms into a single entity, enhancing visibility and control over the health and performance of AWS resources and applications.
Amazon EventBridge
What is Amazon EventBridge?
Understanding the functionalities and significance of Amazon EventBridge.
AWS service for event-driven architecture and event routing.
Answer: Amazon EventBridge is an AWS service for event-driven architecture and event routing. It enables developers to build event-driven applications and workflows by simplifying the process of capturing, processing, and routing events from various sources across AWS services and third-party applications.
Real world Use-Case: Organizations use Amazon EventBridge for various event-driven applications such as event-driven microservices, real-time data processing, automation workflows, and serverless architectures. For example, companies can use EventBridge to react to events such as file uploads, database changes, API calls, or application errors, triggering automated responses or workflows.
Suitable Analogy: Think of Amazon EventBridge as a central hub for events in your cloud environment, orchestrating the flow of data and actions between different services and applications, much like a traffic control center managing the flow of vehicles on a busy road network. It ensures that events are routed to the right destinations and processed efficiently.
Amazon EventBridge supports event filtering, transformation, and routing rules, allowing users to define custom event patterns and target actions based on specific criteria. It provides seamless integration with various AWS services and third-party SaaS applications, making it easy to build scalable and flexible event-driven architectures.
Empowers developers to build event-driven applications and workflows by capturing, processing, and routing events from diverse sources across AWS and third-party applications, enabling real-time responsiveness and automation in AWS environments.
AWS CloudTrail
What is AWS CloudTrail?
Understanding the functionalities and significance of AWS CloudTrail.
AWS service for logging and monitoring API activity in AWS environments.
Answer: AWS CloudTrail is an AWS service for logging and monitoring API activity in AWS environments. It captures detailed information about API calls made within AWS services and resources, providing visibility into user activity, resource changes, and system events for security, compliance, and operational monitoring purposes.
Real world Use-Case: Organizations use AWS CloudTrail for various security, compliance, and operational monitoring applications such as auditing, forensic analysis, risk assessment, and incident response. For example, companies can use CloudTrail to track user activity, investigate security incidents, and ensure compliance with regulatory requirements by monitoring changes to their AWS resources.
Suitable Analogy: Think of AWS CloudTrail as a digital surveillance system that records and analyzes every action taken within your AWS environment, much like security cameras monitoring activity in a building. It provides a comprehensive audit trail of API calls and events, helping to identify and mitigate security threats and compliance risks.
AWS CloudTrail offers features such as log file integrity validation, log file encryption, and integration with AWS services such as AWS CloudWatch and AWS S3 for centralized log storage and analysis. It provides a powerful toolset for detecting anomalies, troubleshooting issues, and maintaining accountability in AWS environments.
Facilitates logging and monitoring of API activity in AWS environments, enabling organizations to enhance security, ensure compliance, and gain operational insights by capturing and analyzing detailed audit logs of user and resource interactions within their AWS accounts.
AWS Config (analogy: Audit)
What is AWS Config?
Understanding the functionalities and significance of AWS Config.
AWS service for assessing, auditing, and managing resource configurations in AWS
Answer: AWS Config is an AWS service for assessing, auditing, and managing resource configurations in AWS environments.
- It provides a detailed inventory of AWS resources, along with configuration history, change tracking, and compliance monitoring, enabling users to assess the configuration compliance of their resources against desired configurations and industry standards.
Real world Use-Case: Organizations use AWS Config for various compliance, security, and governance applications such as configuration management, change tracking, security analysis, and policy enforcement. For example, companies can use Config to continuously monitor and audit changes to their AWS resources, detect configuration drift, and enforce security and compliance policies.
Suitable Analogy: Think of AWS Config as a virtual auditor that keeps a watchful eye on your AWS resources, ensuring they adhere to your desired configurations and compliance requirements, much like a diligent inspector overseeing a construction project. It helps maintain consistency and integrity across your AWS environment.
AWS Config provides features such as configuration snapshots, configuration rules, and compliance checks, allowing users to define custom rules and policies for resource configurations. It integrates seamlessly with other AWS services such as AWS CloudTrail and AWS Systems Manager for comprehensive configuration management and governance.
Empowers organizations to maintain configuration consistency, track changes, and enforce compliance policies across their AWS resources by providing continuous monitoring, auditing, and management capabilities in AWS environments.
CloudTrail vs CloudWatch
What are the differences between CloudTrail and CloudWatch?
Understanding the distinctions and functionalities of CloudTrail and CloudWatch.
AWS services for logging and monitoring, each serving distinct purposes in AWS environments.
Answer: CloudTrail and CloudWatch are two AWS services for logging and monitoring, but they serve different purposes and have distinct functionalities within AWS environments.
CloudTrail:
- Purpose: CloudTrail is primarily used for logging API activity within AWS environments.
- Functionality: It captures detailed information about API calls made within AWS services and resources.
- Use-Case: CloudTrail is commonly used for security, compliance, and auditing purposes, providing visibility into user activity, resource changes, and system events.
- Example: Organizations use CloudTrail to track user activity, investigate security incidents, and ensure compliance with regulatory requirements by monitoring changes to their AWS resources.
CloudWatch:
- Purpose: CloudWatch is a monitoring and observability service for AWS resources and applications.
- Functionality: It enables users to monitor metrics, collect logs, set alarms, and create dashboards for real-time operational visibility.
- Use-Case: CloudWatch is used for operational monitoring, troubleshooting, performance optimization, and resource utilization analysis.
- Example: Organizations use CloudWatch to monitor system performance, track application metrics, set alarms for threshold breaches, and analyze log data for operational insights.
while both CloudTrail and CloudWatch are important for monitoring and logging in AWS environments, CloudTrail focuses on capturing API activity for security and auditing purposes, while CloudWatch provides broader monitoring and observability capabilities for AWS resources and applications.
Question
You have made a configuration change and would like to evaluate the impact of it on the perormance of your application. Which AWS service should you use?
1. Amazon CloudWatch
2. AWS CloudTrail
Answer: Amazon CloudWatch
- AWS CloudTrail allows you to log, conitnously monitor and retain account activity related to actions across your AWS infrastructure. It provides the event history of your AWS account activity, audit API calls made throught the AWS management console, AWS SDKs, AWS CLI. You uuse CloudTrail to detect unusual activity in your AWS account.
Question
You have cloudTrail enabled for your AWS account in all AWS regions. Wjat should you use to detect unusual activity in your AWS account ?
CloudTrail Insights
Enhances security monitoring and threat detection capabilities in AWS environments by analyzing CloudTrail logs for unusual activity and potential security threats, enabling organizations to detect and respond to security incidents more effectively.
