CloudWatch, CloutTrail & Config

Question 1

What does a cloudwatch metric belong to?

What is a cloudwatch metric dimension and how many dimensions can a metric have?

What is the default time period for metrics? How can you lower it?

Is the EC2 instance memory metric pushed by default?

Answer 1

A name space.

An attribute of a metric. Up to 10. Ex instanceId, instanceType

5 min. By enabling detailed monitoring for a cost. This will lower it to 1 min.

No, it is a custom metric.

Question 2

How can you define your own metrics to send to CloudWatch?

What are some custom metrics you might want to push

How do you send these metrics?

What are the resolutions on a metric?

What’s the difference between a high resolution metric and a detailed metric/

Answer 2

By defining a custom metric?

Memory usage, disk usage

By calling the PutMetricData API

Standard (every on minute), or high resolution (every 1, 5 10 or 30 seconds - with a cost)

High resolution is for custom metrics. Detailed metrics are for OOTB metrics.

Question 3

If you want to visualize metrics from different regions, how can you do that?

How can you add additional information to a dashboard?

Answer 3

Create a dashboard.

By adding a widget.

Question 4

What are the 2 component of log storage architecture?

How do you define when to delete logs in cloud watch?

How can you tail cloudwatch logs?

What is something you should check if your logs aren’t being correctly sent to CloudWatch

How can logs be encrypted?

Answer 4

Log groups: Arbitrary name, usually representing an application
Log stream: instances within application/log files/containers.

By defining a log expiration policy

By using the AWS CLI

The IAM permissions

With KMS

Question 5

What is the cloudwatch logs unified agent?

Answer 5

The newer version of the cloudwatch logs agent which allows you to send system level metrics to cloudwatch, and it can be configured via the SSM parameter store.

This can be used to monitor free disk space.

Question 6

What are the 3 cloudwatch alarm targets?

What is the EC2 recovery action type?

Answer 6

Stop, Terminate, Reboot EC2
Trigger auto-scaling action
Send notification to SNS

A recovered instance is identical to the original instance, including the instance ID, private IP addresses, Elastic IP addresses, and all instance metadata.

Question 7

What is cloud watch events?

Answer 7

Event pattern to intercept events from AWS services (Sources). Ex EC2 instance start, S3, CodeBuild failure.. Can also automatically schedule events to occur. These events are then passed to a target via a JSON payload. Targets can be:
Lambda, Batch, EC@ Task, SQS, SNS, Kinesis Data Streams,, Step functions, CodePipeline, CodeBuild, SSM, EC@ Actions

Question 8

What is cloudwatch event bridge.

What is the cloudwatch event bridge schema registry?

Answer 8

It is similar to cloudwatch events, but it allows you to send events from external sources like SaaS platforms. You can also create custom event buses for your own applications.

The schema registry can infer the schema (Ex OpenAPI) of events and store them in a registry to make it easier for you to generate source code from.

Question 9

What are the 3 types of events you can see in cloud trail?

Answer 9

Management events - When someone modifies a resource on your account. They can be separated into read and write events.

Data events - Ex someone adds a file to a bucket. Not logged by default. Can be separated into read and write events. Can also log lambda function executions

Insights

Question 10

What is AWS insights?

Answer 10

It will analize the behavior in your account to determine what is normal. I can then let you know if it detects unusual behavior.

Question 11

How long are CloudTrail events stored?

How can you enable it for longer?

Answer 11

90 days.

By pushing the logs to S3, then using Athena to query them.

Question 12

What is AWS Config?

What happens when a resource goes out of compliance?

Answer 12

Helps with Auditing and recording compliance of your AWS resources
Helps record configurations and changes over time
It also helps you set compliance standards for your applications. Ex don’t use expired KMS keys, only use a specific type of disk.

It is logged in config and an non-compliance event is raise.

Question 13

How can your system auto recover when a config rule goes out of compliance?

Answer 13

You can create an Systems manager (SSM) Automation document (Auto remediation action). This can revoke the action or trigger a call to a lambda function that does whatever you want

Question 14

Other than the event bridge, where else can you send events?

Answer 14

SNS