CloudTrail, CloudWatch, and AWS Config Flashcards
What is CloudTrail?
Logs each API action and non-API action (e.g. logging into management console) against your AWS resources.
What is CloudWatch?
- Collects performance matrics
- Collects log files
- Provides alarms/notification/action
What is AWS Config?
AWS Config tracks how your AWS resources are configured and how they change over time.
What are event types in CloudTrail?
- Management Event (e.g. launch EC2)
- Data Event (e.g. S3, Lambda)
What is Event History in CloudTrail?
By default, CloudTrail logs 90 days of management events and stores them in a viewable, searchable, and downloadable database called the Event History.
Is CloudTrail Event History region specific?
Yes, CloudTrail creates a separate event history for each region containing only the activities that occurred in that region.
What are the use cases of Trails in CloudTrail?
- Keep more than 90 days of event history
- Customize the event types to log (e.g. including S3 downloads/uploads data events)
Where is Trail’s log file stored?
S3
What is the format of Trail’s log file?
JSON
What is number of Trails that you can create in a single region?
5
How to make sure CloudTrail logs are not hacked?
Enable Log File Integrity Validation.
Do all AWS resources automatically send metrics to CloudWatch?
Yes.
How does CloudWatch organize metrics?
By namespace (e.g. AWS/EC2). Custom namespace can be created for custom metrics.
How often does AWS resource send metrics to CloudWatch?
For basic monitoring, it’s 5 minutes.
For detailed monitoring, it’s every minute.
With basic monitoring, EC2 collects metrics every minute but sends only the five‐minute average to CloudWatch.
For example, between 13:00 and 13:05, an EC2 instance has the following CPUUtilization metric values measured in percent: 25, 50, 75, 80, and 10. The average CPUUtilization over the five‐minute interval is 48. Therefore, EC2 sends the CPUUtilization metric to CloudWatch with a timestamp of 13:00 and a value of 48.
What is regular-resolution metric?
The metrics generated by AWS services have a timestamp resolution of no less than one minute.
Custom metric supports high-resolution metric by calling CloudWatch API.
Can you delete metrics in CloudWatch?
No, metrics expire automatically, and when a metric expires depends on its resolution.
How does CloudWatch organize log files?
- Log Stream
- Log Group
CloudWatch Logs stores log events from the same source in a log stream.
CloudWatch organizes log streams into log groups.
What is CloudWatch metric?
CloudWatch metrics are numeric values extracted from CloudWatch log streams by metric filter. (e.g. counting the number of 404 errors from Apache logs)
Metric filters apply to entire log group.
What is CloudWatch agent?
CloudWatch agent is a command-line-based program that collects logs from EC2 instances or on-premise servers.
This agent can also collect metrics that are not natively produced by EC2, such as memory utilization. Metrics generated by agent are custom metrics stored under custom namespaces.
Why send CloudTrail logs to CloudWatch log stream?
Doing so allows you search and extract metrics from your trail logs.
What are the possible actions of a CloudWatch Alarm?
- Select an SNS topic
- Auto scaling actions
- EC2 actions
- System Manager actions
What are possible alarm states of a CloudWatch Alarm?
- ALARM
- OK
- INSUFFICIENT_DATA
What are Data Points to Alarm and Evaluation Periods?
Suppose you want to trigger an alarm if the data points to monitor cross the threshold for three out of five data points.
You would set the data point to 3 and the evaluation period to 5.
What is the difference between CloudWatch Alarm and EventBridge?
EventBridge (formerly known as CloudWatch Events) monitors for and takes an action either based on specific events or on a schedule.
EventBridge differs from CloudWatch Alarms in that EventBridge takes some action based on specific events, not metric values.