CloudWatch

Question 1

What is the default retention for (a) CW Logs, and (b) CW Metrics?

Answer 1

CW Logs: Indefinitely
CW Metrics: Data at 1-minute granularity: Retained for 15 days.
Data at 5-minute granularity: Retained for 63 days.
Data at 1-hour granularity: Retained for 15 months.

Question 2

Main use cases for streaming CW Logs to Elasticsearch?

Answer 2

Store and search logs for application monitoring

Security Info and Event Management (SIEM) of multiple event/application logs
Enterprise-grade search engine (Lucerne library)

Question 3

CW Metrics: DEFAULT vs. CUSTOM (what resolution?)

Answer 3

DEFAULT
Standard Resolution is 1 minute
Except for EC2, where standard is 5 minutes, and DETAILED = 1 minute (extra charge)
CUSTOM
Standard Resolution: 1 minute
High Resolution: 1 second

Question 4

Difference between CW Anomaly Detection and Amazon Lookout for Metrics?

Answer 4

Both use ML to detect anomalies. CW AD is AWS-centric, focused on operational monitoring of AWS resources (CW metrics). Lookout for Metrics can be applied to various business and operational metrics (including external, third-party) across different domains and industries.

Question 5

Two ways to generate CW Custom Metrics

Answer 5

Cloud Watch Agent pushes / enables
generated by API call

Question 6

Do you need a CW Agent to move APPLICATION logs to CW Logs?

Answer 6

On EC2, yes. On Lamba, ECS, Fargate, Beanstalk, no – there is a direct integration

A small set of EC2 METRICS are sent to CW Logs without an AGENT, but no EC2 LOGS are sent without an agent

Question 7

Do you need a CW Agent to move O/S logs to CW Logs?

Answer 7

Yes. Without an agent, both EC2 and on-prem logs will be stored only in /var/logs/messages or /var/log/auth.log. To stream them to CW logs, a CW Agent is needed.