Logging and Observability

Question 1

CLoud Watch Metrics Standard Granualirty v detailed

Answer 1

By Deafult CloudWatch colelcts standard resolution at 5 mins

Detailed monitoring is every minute.

High Resolution every second.

Question 2

Cloud Watch High Resolution Granualiaty

Answer 2

every second.

Metrics produced by AWS services are standard resolution by default. When you publish a custom metric, you can define it as either standard resolution or high resolution. When you publish a high-resolution metric, CloudWatch stores it with a resolution of 1 second, and you can read and retrieve it with a period of 1 second, 5 seconds, 10 seconds, 30 seconds, or any multiple of 60 seconds

Question 3

CloudWath - if you see menton of Near Real Time, think ……

Answer 3

High Resolution Logs (1 second).

You can publish your own metrics, known as custom metrics, to CloudWatch using the AWS CLI or an API.

every PutMetricData call for a custom metric is charged, so calling PutMetricData more often on a high-resolution metric can lead to higher charges.

Question 4

Whats is XRay Daemon and waht port does it use?

Answer 4

EC2 X-Ray Daemon - The AWS X-Ray daemon is a software application that listens for traffic on UDP port 2000, gathers raw segment data, and relays it to the AWS X-Ray API. The daemon logs could help with figuring out the problem.

Question 5

How can you Analyze S3 Storage patterns to help work out the best storage class ?

Answer 5

S3 Analytics

Question 6

How would you indentify unused IAM roles or ?

Answer 6

Access Advisor feature on IAM console. This is a TAB on user/group/role that shows each service and when it was last accessed

Identifying and removing unused permissions to reduce the attack surface.

Analyzing the necessity of certain permissions granted to users or roles over time.

Maintaining compliance by ensuring users and roles do not have excessive permissions.

Question 7

How would you idenitify policies that enable access outside of your zone?

Answer 7

IAM Access Analyzer

IAM Access Analyzer - AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk.

Question 8

User isnt able to see the Billing and Cost Management options in console

Answer 8

You need to activate IAM user access to the Billing and Cost Management console for all the users who need access - By default, IAM users do not have access to the AWS Billing and Cost Management console. You or your account administrator must grant users access. You can do this by activating IAM user access to the Billing and Cost Management console and attaching an IAM policy to your users. Then, you need to activate IAM user access for IAM policies to take effect. You only need to activate IAM user access once.

Question 9

How do you monitor incoming traffic and latency for your ALB ?

Answer 9

ALB access logs - Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client’s IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and troubleshoot issues. Access logging is an optional feature of Elastic Load Balancing that is disabled by default.

Question 10

How do you get real time guidance and AWS best practices for cost optimization ?

Answer 10

AWS Trusted Advisor - AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices on cost optimization, security, fault tolerance, service limits, and performance improvement.

Question 11

AWS Budget Forecasts have been setup but no alarms have been triggered. what could the cause be.

Answer 11

AWS requires approximately 5 weeks of usage data to generate budget forecasts - AWS requires approximately 5 weeks of usage data to generate budget forecasts. If you set a budget to alert based on a forecasted amount, this budget alert isn’t triggered until you have enough historical usage information.

Question 12

valid SAM Serverless Resource Types.

Answer 12

SAM supports the following resource types:

AWS::Serverless::Api

AWS::Serverless::Application

AWS::Serverless::Function

AWS::Serverless::HttpApi

AWS::Serverless::LayerVersion

AWS::Serverless::SimpleTable

AWS::Serverless::StateMachine

Question 13

Which logs can be used to check if traffic is hitting a subnet ?

Answer 13

VPC Flow Logs

VPC Flow Logs - VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs or Amazon S3

Question 14

Cloud watch monitoring durations

Answer 14

AWS have three levels of monitoring frequency

“standard” the free tier 5 minute metrics
“detailed” the pay for version, 1 minute metrics
“high resolution” anything under 1 minute

Question 15

IAM Access advisor v access analyser

Question 16

Your manager has requested to collect system memory metrics on all EC2 instances using a script.

Answer 16

Use a cron job on the instances that pushes the EC2 RAM statistics as a Custom metric into CloudWatch

Question 18

CLOUD TRAIL

Answer 18

Audii API calls made by Users Services or Console.

Useful to find unahtorised calls or root cause of soemthing due to an API call - WHO did WHAT.

Question 19

CLOUD WATCH

Answer 19

Metrics for Mobitoring
Logs for Stroing Logs
Alarm to send notifications

Question 20

XRAY

Answer 20

Automated Trace Analysis acorss mutliple services VISUALLY.

Trouble shoot bottle necks
Understand Dependencies in MicroService
Check for throttling
Pinpoint Service Issues.
Identify what users are affected.

XRay can work with:
Lambda
EC2
ECS
ELB
API Gateway
On Prem.

XRAY uses Tracing made up of segments that follow all requests.

C

Question 21

Cloudwatch Events (Now called Event Bridge) verses CloudWatch Alarms.

Answer 21

An EVENT triggers when it is created or according to a schedule, but an ALARM needs a threshold reached

CloudWatch Alarms are very limited in what they can target. You can send SNS msg, start/stop EC2 isntances and Scale ASG msgs only.

EventBridge lets you interface to many targets including Lambda and can be used to enable event drive architecture

(Note, Alarms can indirectly trigger Lambda by sending msg to SNS and have Lambda listen for SNS events)

Question 22

If you add a cloud watch filter , can you query on existing data?

Answer 22

Filters do not retroactively filter data. Filters only publish the metric data points for events that happen after the filter was created.

You can search and filter the log data coming into CloudWatch Logs by creating one or more metric filters. Metric filters define the terms and patterns to look for in log data as it is sent to CloudWatch Logs. CloudWatch Logs uses these metric filters to turn log data into numerical CloudWatch metrics that you can graph or set an alarm on.

When you create a metric from a log filter, you can also choose to assign dimensions and a unit to the metric. If you specify a unit, be sure to specify the correct one when you create the filter. Changing the unit for the filter later will have no effect.