CloudWatch, CloudTrail, AWS Config

Question 1

In CloudWatch, __________ is a variable to monitor (CPUUtilization, NetworkIn…)

Answer 1

Metric

Question 2

In CloudWatch, __________ is an attribute of a metric (instance id, environment, etc…).

Answer 2

Dimension

Question 3

Up to ______ dimensions per metric

Answer 3

30

Question 4

Metrics have __________

Answer 4

timestamps

Question 5

Can you define CloudWatch Log expiration policies?

Answer 5

YES
(never expire, 1 day to 10 years…)

Question 6

CloudWatch Logs can send logs to:

Answer 6

• Amazon S3 (exports)
• Kinesis Data Streams
• Kinesis Data Firehose
• AWS Lambda
• OpenSearch

Question 7

Are CloudWatch logs encrypted by default?

Answer 7

YES

Question 8

For CloudWatch logs, can you setup KMS-based encryption with your own keys

Answer 8

YEs

Question 9

• SDK, CloudWatch Logs Agent, CloudWatch Unified Agent
• Elastic Beanstalk: collection of logs from application
• ECS: collection from containers
• AWS Lambda: collection from function logs
• VPC Flow Logs:VPC specific logs
• API Gateway
• CloudTrail based on filter
• Route53: Log DNS queries

Answer 9

CloudWatch Logs - Sources

Question 10

How long can log data take to become available for export?

Answer 10

12 hours

Question 10

• Search and analyze log data stored in CloudWatch Logs
• Example: find a specific IP inside a log, count occurrences of “ERROR” in your logs…
• Provides a purpose-built query language
  
  • Automatically discovers fields from AWS services and JSON log
    events
  • Fetch desired event fields, filter based on conditions, calculate
    aggregate statistics, sort events, limit number of events…
  • Can save queries and add them to CloudWatch Dashboards
• Can query multiple Log Groups in different AWS accounts
• It’s a query engine, not a real-time engine

Answer 10

CloudWatch Logs Insights

Question 11

CloudWatch Logs S3 export is ________ near-real time or real-time

Answer 11

NOT

Question 12

• Get a real-time log events from CloudWatch Logs for processing and analysis

Answer 12

CloudWatch Logs Subscriptions

Question 13

Where can CloudWatch Logs Subscriptions Send to?

Answer 13

Kinesis Data Streams
Kinesis Data Firehose
Lambda

Question 14

filter which CloudWatch logs are events delivered to your destination

Answer 14

Subscription Filter

Question 15

Metrics exists only in the_________ in which they are created.

Answer 15

region

Question 16

Metrics ___________ be deleted, but they automatically expire after __________ if no new data is published to them.

Answer 16

cannot
15 months

Question 17

Each metric data point must be marked with a ________

Answer 17

timestamp

Question 18

The timestamp for a metric can be up to ________ in the past and up to _________ into the future.

Answer 18

two weeks
two hours

Question 19

If you do not provide a timestamp, CloudWatch creates a timestamp for you based on ______________

Answer 19

the time the data point was received

Question 20

By ___________, several services provide _______ metrics for resources. You can also enable _______________, or _____________

Answer 20

default
free
detailed monitoring
publish your own application metrics.

Question 21

Enables you to query multiple CloudWatch metrics and use math expressions to create new time series based on these metrics.

Answer 21

Metric math

Question 22

For EC2 metric: CloudWatch does not collect ____________ and ____________ metrics right from the get go. You need to install ___________ in your instances first to retrieve these metrics.

Answer 22

memory utilization
disk space usage
CloudWatch Agent

Question 23

a name/value pair that uniquely identifies a metric.

Answer 23

Dimensions

Question 24

a custom metric can be classified as standard or high

Answer 24

Resolution

Question 25

2 types of CloudWatch Resolutions

Answer 25

Standard Resolution
High Resolution

Question 26

• Data with a granularity of one minute.
• Default metrics produced by AWS services.

Answer 26

Standard Resolution

Question 27

• Data with a granularity of one second.
• Provides more insight into your application’s sub-minute activity.

Answer 27

High Resolution

Question 28

metric data aggregations over specified periods of time.

Answer 28

Statistics

Question 29

A ________ is the length of time associated with a specific CloudWatch statistic. The default value is ________ seconds.

Answer 29

period
60

Question 30

Each statistic has a ____________.

Answer 30

unit of measure

Question 31

Metric data points that specify a unit of measure are aggregated _______.

Answer 31

separately

Question 32

You can specify a unit when you create a custom metric. If you do not specify a unit, CloudWatch uses __________ as the unit.

Answer 32

None

Question 33

CloudWatch aggregates statistics according to ________ that you specify when retrieving statistics.

Answer 33

the period length

Question 34

For large datasets, you can insert a pre-aggregated dataset called a ___________.

Answer 34

statistic set

Question 35

6 CloudWatch Statics

Answer 35

Minimum
Maximum
Sum
Average
SampleCount
pNN.NN

Question 36

The lowest value observed during the specified period. You can use this value to determine low volumes of activity for your application.

Answer 36

Minimum

Question 37

The highest value observed during the specified period. You can use this value to determine high volumes of activity for your application.

Answer 37

Maximum

Question 38

All values submitted for the matching metric added together. Useful for determining the total volume of a metric.

Answer 38

Sum

Question 39

The value of Sum / SampleCount during the specified period. By comparing this statistic with the Minimum and Maximum, you can determine the full scope of a metric and how close the average use is to the Minimum and Maximum. This comparison helps you to know when to increase or decrease your resources as needed.

Answer 39

Average

Question 40

The count (number) of data points used for the statistical calculation.

Answer 40

SampleCount

Question 41

The value of the specified percentile. You can specify any percentile, using up to two decimal places (for example, p95.45). Percentile statistics are not available for metrics that include any negative values.

Answer 41

pNN.NN

Question 42

indicates the relative standing of a value in a dataset. They help you get a better understanding of the distribution of your metric data.

Answer 42

Percentiles

Question 43

watches a single metric over a specified time period, and performs one or more specified actions, based on the value of the metric relative to a threshold over time.

Answer 43

Alarms

Question 44

You can create an alarm for monitoring …….

Answer 44

CPU usage
load balancer latency
for managing instances
billing alarms.

Question 45

When an alarm is on a dashboard, it turns ______ when it is in the ALARM state.

Answer 45

red

Question 46

2 Alarm States

Answer 46

OK
Alarm
Insufficient_Data

Question 47

The metric or expression is within the defined threshold.

Answer 47

OK

Question 48

The metric or expression is outside of the defined threshold.

Answer 48

Alarm

Question 49

The alarm has just started, the metric is not available, or not enough data is available for the metric to determine the alarm state.

Answer 49

Insufficient_Data

Question 50

You can also monitor your estimated ________ by using Amazon CloudWatch Alarms.

Answer 50

AWS charges

Question 51

When you create an alarm, you specify three settings (3)

Answer 51

Period
Evaluation Period
Datapoints to Alarm

Question 52

is the length of time to evaluate the metric or expression to create each individual data point for an alarm. It is expressed in seconds.

Answer 52

Period

Question 53

is the number of the most recent periods, or data points, to evaluate when determining alarm state.

Answer 53

Evaluation Period

Question 54

is the number of data points within the evaluation period that must be breaching to cause the alarm to go to the ALARM state. The breaching data points do not have to be consecutive, they just must all be within the last number of data points equal to Evaluation Period.

Answer 54

Datapoints to Alarm

Question 55

For each alarm, you can specify CloudWatch to treat missing data points as any of the following …….. (4)

Answer 55

missing
notBreaching
breaching
ignore

Question 56

the alarm does not consider missing data points when evaluating whether to change state (default)

Answer 56

missing

Question 57

missing data points are treated as being within the threshold

Answer 57

notBreaching

Question 58

missing data points are treated as breaching the threshold

Answer 58

breaching

Question 59

the current alarm state is maintained

Answer 59

ignore

Question 60

Customizable home pages in the CloudWatch console that you can use to monitor your resources in a single view, even those spread across different regions.

Answer 60

CloudWatch Dashboard

Question 61

There is _______ on the number of CloudWatch dashboards you can create.

Answer 61

no limit

Question 62

All dashboards are ________ not region-specific.

Answer 62

Global

Question 63

Can you can your CloudWatch Dashboards with users who do not have direct access to your AWS account

Answer 63

YES

Question 64

• Share a single dashboard and designate specific email addresses and passwords of the people who can view the dashboard.
• Share a single dashboard publicly, so that anyone who has the link can view the dashboard.
• Share all the CloudWatch dashboards in your account and specify a third-party SSO provider for dashboard access. All users who are members of this SSO provider’s list can access the dashboards in the account. To enable this, you integrate the SSO provider with Amazon Cognito.

Answer 64

Ways to share your CloudWatch Dashboard

Question 65

By default, will logs from your EC2 machine will go to CloudWatch

Answer 65

NO

Question 66

What do you need to run on EC2 to push the log files you want?

Answer 66

CloudWatch agent

Question 67

Can CloudWatch log agent can be setup on-premises???

Answer 67

YES

Question 68

2 types of CloudWatch Agents?

Answer 68

CloudWatch Logs Agent
CloudWatch Unified Agent

Question 69

• Old version of the agent
• Can only send to CloudWatch Logs

Answer 69

CloudWatch Logs Agent

Question 70

• Collect additional system-level metrics such as RAM, processes, etc…
• Collect logs to send to CloudWatch Logs
• Centralized configuration using SSM Parameter Store

Answer 70

CloudWatch Unified Agent

Question 71

Collected directly on your Linux server / EC2 instance

Answer 71

CloudWatch Unified Agent

Question 72

CloudWatch Unified Agent – Metrics (6)

Answer 72

• CPU (active, guest, idle, system, user, steal)
• Disk metrics (free, used, total), Disk IO (writes, reads, bytes, iops)
• RAM (free, inactive, used, total, cached)
• Netstat (number of TCP and UDP connections, net packets, bytes)
• Processes (total, dead, bloqued, idle, running, sleep)
• Swap Space (free, used, used %)

Question 73

3 CloudWatch Alarm Targets

Answer 73

• Stop,Terminate, Reboot, or Recover an EC2 Instance
• Trigger Auto Scaling Action
• Send notification to SNS (from which you can do pretty much anything)

Question 74

CloudWatch Alarms are on a ________ metric

Answer 74

single

Question 75

Composite Alarms are monitoring the states of _____________ alarms

Answer 75

multiple other

Question 76

Can alarms be created based on CloudWatch Logs Metrics Filters

Answer 76

YES

Question 77

Deliver near real-time stream of system events that describe changes in AWS resources.

Answer 77

Amazon EventBridge

Question 78

Events respond to these operational changes and take corrective action as necessary, by sending messages to respond to the environment, activating functions, making changes, and capturing state information.

Answer 78

Amazon EventBridge

Question 79

2 concepts of Amazon EventBridge

Answer 79

Events
Targets
Rules

Question 80

Amazon EventBridge - indicates a change in your AWS environment.

Answer 80

Events

Question 81

Amazon EventBridge – processes events.

Answer 81

Targets

Question 82

Amazon EventBridge – matches incoming events and routes them to targets for processing.

Answer 82

Rules

Question 83

Extends the capabilities of CloudWatch Events by enabling customers to connect data from their own apps and third-party SaaS apps, making it easier to connect applications.

Answer 83

Amazon EventBridge

Question 84

Schedule: Cron jobs (scheduled scripts)
Event Pattern: Event rules to react to a service doing something
Trigger Lambda functions, send SQS/SNS messages…

Answer 84

Amazon EventBridge (formerly CloudWatch Events)

Question 85

Allows you to generate code for your application, that will know in advance how data is structured in the event bus

Answer 85

Schema Registry

Question 86

• Collect, aggregate, summarize metrics and logs
  from containers
• Available for containers on…
  
  • Amazon Elastic Container Service (Amazon ECS)
  • Amazon Elastic Kubernetes Services (Amazon EKS)
  • Kubernetes platforms on EC2
  • Fargate (both for ECS and EKS)
• In Amazon EKS and Kubernetes, it is using a containerized version of the CloudWatch Agent to discover containers

Answer 86

CloudWatch Container Insights

Question 87

• Monitoring and troubleshooting solution for serverless applications running on AWS Lambda
• Collects, aggregates, and summarizes system-level metrics including CPU time, memory, disk, and network
• Collects, aggregates, and summarizes diagnostic information such as cold starts and Lambda worker shutdowns
• it is provided as a Lambda Layer

Answer 87

CloudWatch Lambda Insights

Question 88

• Analyze log data and create time series that display contributor data.
  
  • See metrics about the top-N contributors
  • The total number of unique contributors, and their usage.
• This helps you find top talkers and understand who or what is impacting system performance.
• Works for any AWS-generated logs (VPC, DNS, etc..)
• For example, you can find bad hosts, identify the heaviest network users, or find the URLs that generate the most errors.
• You can build your rules from scratch, or you can also use sample rules that AWS has created – leverages your CloudWatch Logs
• CloudWatch also provides built-in rules that you can use to analyze metrics from other AWS services.

Answer 88

CloudWatch Contributor Insights

Question 89

• Provides automated dashboards that show potential problems with monitored applications, to help isolate ongoing issues
• Your applications run on Amazon EC2 Instances with select technologies only (Java, .NET, Microsoft IIS Web Server, databases…)
• And you can use other AWS resources such as Amazon EBS, RDS, ELB, ASG, Lambda, SQS, DynamoDB, S3 bucket, ECS, EKS, SNS, API Gateway…
• Powered by SageMaker
• Enhanced visibility into your application health to reduce the time it will take
  you to troubleshoot and repair your applications
• Findings and alerts are sent to Amazon EventBridge and SSM OpsCenter

Answer 89

CloudWatch Application Insights

Question 90

• ECS, EKS, Kubernetes on EC2, Fargate, needs agent for Kubernetes
• Metrics and logs

Answer 90

CloudWatch Container Insights

Question 91

Detailed metrics to troubleshoot serverless applications

Answer 91

CloudWatch Lambda Insights

Question 92

Find “Top-N” Contributors through CloudWatch Logs

Answer 92

CloudWatch Contributors Insights

Question 93

Automatic dashboard to troubleshoot your application and related AWS services

Answer 93

CloudWatch Application Insights

Question 94

• Provides governance, compliance and audit for your AWS Account
• Is enabled by default!
• Get an history of events / API calls made within your AWS Account by:
  
  • Console
  • SDK
  • CLI
  • AWS Services
• Can put logs into CloudWatch Logs or S3
• It can be applied to All Regions (default) or a single Region.
• If a resource is deleted in AWS, investigate this first!

Answer 94

AWS CloudTrail

Question 95

• Operations that are performed on resources in your AWS account
• Examples:
  
  • Configuring security (IAM AttachRolePolicy)
  • Configuring rules for routing data (Amazon EC2 CreateSubnet)
  • Setting up logging (AWS CloudTrail CreateTrail)
• By default, trails are configured to log management events.
• Can separate Read Events (that don’t modify resources) from Write Events (that may modify resources)

Answer 95

CloudTrail - Management Events

Question 96

• By default, data events are not logged (because high volume operations)
• Amazon S3 object-level activity (ex: GetObject, DeleteObject, PutObject): can separate Read and Write Events
• AWS Lambda function execution activity (the Invoke API)

Answer 96

Data Events

Question 97

Enable this to detect unusual activity in your account:
* inaccurate resource provisioning
* hitting service limits
* Bursts of AWS IAM actions
* Gaps in periodic maintenance activity

Answer 97

CloudTrail Insights

Question 98

analyzes normal management events to create a baseline

Answer 98

CloudTrail Insights

Question 99

Continuously analyzes write events to detect unusual patterns
* Anomalies appear in the CloudTrail console
* Event is sent to Amazon S3
* An EventBridge event is generated (for automation needs)

Answer 99

CloudTrail Insights

Question 100

are stored for _________ in CloudTrail

Answer 100

90 days

Question 101

To keep CloudTrail Events beyond this period, log them to ________ and use ___________

Answer 101

S3
Athena

Question 102

• Helps with auditing and recording compliance of your AWS resources
• Helps record configurations and changes over time

Answer 102

AWS Config

Question 103

Questions that can be solved by AWS Config:

Answer 103

• Is there unrestricted SSH access to my security groups?
• Do my buckets have any public access?
• How has my ALB configuration changed over time?

Question 104

AWS Config is a ________ service

Answer 104

per-region

Question 105

Can AWS Config be aggregated across regions and accounts?????

Answer 105

YES

Question 106

• Performance monitoring (metrics, CPU, network, etc…) & dashboards
• Events & Alerting
• Log Aggregation & Analysis

Answer 106

CloudWatch

Question 107

• Record API calls made within your Account by everyone
• Can define trails for specific resources
• Global Service

Answer 107

CloudTrail

Question 108

• Record configuration changes
• Evaluate resources against compliance rules
• Get timeline of changes and compliance

Answer 108

Config

Question 109

For an Elastic Load Balancer -
* Monitoring Incoming connections metric
* Visualize error codes as % over time
* Make a dashboard to get an idea of your load balancer performance

Answer 109

Cloudwatch

Question 110

For an Elastic Load Balancer-
* Track security group rules for the Load Balancer
* Track configuration changes for the Load Balancer
* Ensure an SSL certificate is always assigned to the Load Balancer (compliance)

Answer 110

Config

Question 111

For an Elastic Load Balancer -
* Track who made any changes to the Load Balancer with API calls

Answer 111

CloudTrail