Cloudwatch Flashcards
Unified Cloudwatch Agent
for granular, custom logs, or OS level logs and other non AWS Service integration, eg, on-premise
CLoudtrail Retention
90 days stored by default in events History
Cloudtrail Management Operations vs Data Events
API calls on Resources on AWS Account. Interractions with AWS Resources. AKA Control plane operations. eg Create EC2, Create a bucket
Data Events - About resource operations on or in a worker Nodes or in a resource, on events (Streams, lambda calls, etc)
Cloudwatch global Trail
listens to every event on that account, while a regional trail will only capture events within that region.
Log events for Global services into us-east-1(Global HQ). Eg, IAM, Route53, CLoudfront, STS
Meanwhile, regional trail only logs events for regions where the event is generated
Global Trail is enabled by default when a new account is created
Default Setting for CLoudtrail events
By default, events are stored within Cloudtrail.
Unless a Trail is activated, whereby, storage can then be assigned by user/engineer.
ONLY Management events is enabled by default.
Data events have to be enabled
Cloudtrail can store logs in… ?
both cloud watch logs and S3 indefinitel, only S3 charges apply.
Advantage of storing logs in Cloudwatch logs is the ability to apply filters and perform other operations that are otherwise more complex to run with s3
Note:
By default, events are stored within Cloudtrail(as cloud trail History) for 90 days
Unless a Trail is activated, whereby, storage can then be assigned by user/engineer.
CLoudtrail Pricing (Management events vs Data Events)
Management Events - Free
Data Events are billed
CloudTrail Latency
Not real-time
15 minutes
STOP LOGGING
a function on CloudTrail used for stopping/pausing trails. This can be beneficial for minimizing costs associated with generating larger files into s3 that may incur charges
Cloudwatch Metric dimensions
- Cloudwatch Metric dimensions are key:value pairs attached to a metric to specify it’s source. This could be instance ID, AMI iD etc
CLoudwatch detailed monitoring
- CLoudwatch detailed monitoring enables 1 minute granularity metrics report
What is a cloudwatch Metric
- A metric is a collection of related datapoint in a time ordered structure
Cloudwatch use case
- Cloudwatch is a public service, it can be used on AWS, On-prem and even other Cloud Platforms
Cloudwatch default monitors for ec2
C.N.D
- CPU
- Network
- DISK
Cloudwatch Namespace
A Container for storing data/metrics. Like a folder that separates/isolates different metrices.
All AWS Data goes into the NameSpace: AWS/Service. Eg, AWS/Ec2. This namespace is reserved
Cloudwatch detailed
Cloudwatch detailed monitoring enables 1 minute granularity metrics report
Advantage of storing logs in Cloudwatch
Advantage of storing logs in Cloudwatch logs is the ability to apply filters and perform other operations that are otherwise more complex to run with s3
can cloudtrail be applied to monitor AWS Organization ?
Cloudtrail can be applied to monitor an entire AWS Organization for account-wide scope monitoring
CLoudtrail latency
CloudTrail is Not real-time
Takes 15 minutes to populate
Data events default setting
Data events Trail has to be intentionally enabled, as it is not enabled by default. This is because data events can be very vast/volumnous
Cloutrail logs format
Compressed JSON
CloudTrail is enabled by default in an AWS account.
True, but only for 90days. And just management trails
Cloudtrail is not real time
Cloudtrail is not realtime, It logs once in every 15mins
Cloudwatch Insights
CloudWatch Logs Insights enables you to interactively search and analyze your log data in Amazon CloudWatch Logs. You can perform queries to help you more efficiently and effectively respond to operational issues.
Cloudwatch On-prem
You can use CloudWatch Agent on-prem or Directly use Cloudwatch API or build Cloudwatch into your Application
Cloudwatch use case
Ingestion, Storage, and Management of Metrics
* Public Service - public space endpoints
* AWS Service integration - management plane
* Agent integration .. e.g. EC2 - richer metrics
* On-premises integration via Agent/API (custom metrics)
* Application integration via API/Agent (custom metric)
* View data via console UI, CLI, API, dashboards & anomaly detection
* Alarms … react to metrics, and can be used to notify or perform actions
Cloudwatch as aws Public service
Requires services in Private Subnets to connect to Cloudwatch using *Interface Endpoint** or Instances/applications in public subnets using igw to send or receive metrics/data to Cloudwatch
Cloudwatch resolution
the time range for which data should be recorded/transmitted.
eg, 1s, 2s, 3s
1sec granularity is considered as High Resolution
CLoudwatch logs
Ingestion and management of logging data
Cloudwatch Events-Bus
Events Bus is an implicit stream of events that occurs from any supported service within an AWS Account.
Cloudwatch Agent Log Group Name
Logstream will be named after the instance ID
Cloudwatch Agent Required Permissions
IAM Roles for
1. EC2 Instance Cloudwatch full access
2. SSM Parameter store full Access (For credentials access)
Cloudwatch Agent Installation Methods
- Can be baked into AMI
- Can be bootstrapped
- Can be deployed from Cloudformation
- Using Systems Manager