Cloudwatch

Question 1

Unified Cloudwatch Agent

Answer 1

for granular, custom logs, or OS level logs and other non AWS Service integration, eg, on-premise

Question 2

CLoudtrail Retention

Answer 2

90 days stored by default in events History

Question 3

Cloudtrail Management Operations vs Data Events

Answer 3

API calls on Resources on AWS Account. Interractions with AWS Resources. AKA Control plane operations. eg Create EC2, Create a bucket

Data Events - About resource operations on or in a worker Nodes or in a resource, on events (Streams, lambda calls, etc)

Question 4

Cloudwatch global Trail

Answer 4

listens to every event on that account, while a regional trail will only capture events within that region.

Log events for Global services into us-east-1(Global HQ). Eg, IAM, Route53, CLoudfront, STS

Meanwhile, regional trail only logs events for regions where the event is generated

Global Trail is enabled by default when a new account is created

Question 5

Default Setting for CLoudtrail events

Answer 5

By default, events are stored within Cloudtrail.

Unless a Trail is activated, whereby, storage can then be assigned by user/engineer.

ONLY Management events is enabled by default.

Data events have to be enabled

Question 6

Cloudtrail can store logs in… ?

Answer 6

both cloud watch logs and S3 indefinitel, only S3 charges apply.

Advantage of storing logs in Cloudwatch logs is the ability to apply filters and perform other operations that are otherwise more complex to run with s3

Note:
By default, events are stored within Cloudtrail(as cloud trail History) for 90 days

Unless a Trail is activated, whereby, storage can then be assigned by user/engineer.

Question 7

CLoudtrail Pricing (Management events vs Data Events)

Answer 7

Management Events - Free

Data Events are billed

Question 8

CloudTrail Latency

Answer 8

Not real-time

15 minutes

Question 9

STOP LOGGING

Answer 9

a function on CloudTrail used for stopping/pausing trails. This can be beneficial for minimizing costs associated with generating larger files into s3 that may incur charges

Question 10

Cloudwatch Metric dimensions

Answer 10

• Cloudwatch Metric dimensions are key:value pairs attached to a metric to specify it’s source. This could be instance ID, AMI iD etc

Question 11

CLoudwatch detailed monitoring

Answer 11

• CLoudwatch detailed monitoring enables 1 minute granularity metrics report

Question 12

What is a cloudwatch Metric

Answer 12

• A metric is a collection of related datapoint in a time ordered structure

Question 13

Cloudwatch use case

Answer 13

• Cloudwatch is a public service, it can be used on AWS, On-prem and even other Cloud Platforms

Question 14

Cloudwatch default monitors for ec2

Answer 14

C.N.D

1. CPU
2. Network
3. DISK

Question 15

Cloudwatch Namespace

Answer 15

A Container for storing data/metrics. Like a folder that separates/isolates different metrices.

All AWS Data goes into the NameSpace: AWS/Service. Eg, AWS/Ec2. This namespace is reserved

Question 16

Cloudwatch detailed

Answer 16

Cloudwatch detailed monitoring enables 1 minute granularity metrics report

Question 17

Advantage of storing logs in Cloudwatch

Answer 17

Advantage of storing logs in Cloudwatch logs is the ability to apply filters and perform other operations that are otherwise more complex to run with s3

Question 18

can cloudtrail be applied to monitor AWS Organization ?

Answer 18

Cloudtrail can be applied to monitor an entire AWS Organization for account-wide scope monitoring

Question 19

CLoudtrail latency

Answer 19

CloudTrail is Not real-time

Takes 15 minutes to populate

Question 20

Data events default setting

Answer 20

Data events Trail has to be intentionally enabled, as it is not enabled by default. This is because data events can be very vast/volumnous

Question 21

Cloutrail logs format

Answer 21

Compressed JSON

Question 22

CloudTrail is enabled by default in an AWS account.

Answer 22

True, but only for 90days. And just management trails

Question 23

Cloudtrail is not real time

Answer 23

Cloudtrail is not realtime, It logs once in every 15mins

Question 24

Cloudwatch Insights

Answer 24

CloudWatch Logs Insights enables you to interactively search and analyze your log data in Amazon CloudWatch Logs. You can perform queries to help you more efficiently and effectively respond to operational issues.

Question 25

Cloudwatch On-prem

Answer 25

You can use CloudWatch Agent on-prem or Directly use Cloudwatch API or build Cloudwatch into your Application

Question 26

Cloudwatch use case

Answer 26

Ingestion, Storage, and Management of Metrics
* Public Service - public space endpoints
* AWS Service integration - management plane
* Agent integration .. e.g. EC2 - richer metrics
* On-premises integration via Agent/API (custom metrics)
* Application integration via API/Agent (custom metric)
* View data via console UI, CLI, API, dashboards & anomaly detection
* Alarms … react to metrics, and can be used to notify or perform actions

Question 27

Cloudwatch as aws Public service

Answer 27

Requires services in Private Subnets to connect to Cloudwatch using *Interface Endpoint** or Instances/applications in public subnets using igw to send or receive metrics/data to Cloudwatch

Question 28

Cloudwatch resolution

Answer 28

the time range for which data should be recorded/transmitted.
eg, 1s, 2s, 3s
1sec granularity is considered as High Resolution

Question 29

CLoudwatch logs

Answer 29

Ingestion and management of logging data

Question 30

Cloudwatch Events-Bus

Answer 30

Events Bus is an implicit stream of events that occurs from any supported service within an AWS Account.

Question 31

Cloudwatch Agent Log Group Name

Answer 31

Logstream will be named after the instance ID

Question 32

Cloudwatch Agent Required Permissions

Answer 32

IAM Roles for
1. EC2 Instance Cloudwatch full access
2. SSM Parameter store full Access (For credentials access)

Question 33

Cloudwatch Agent Installation Methods

Answer 33

1. Can be baked into AMI
2. Can be bootstrapped
3. Can be deployed from Cloudformation
4. Using Systems Manager