Logging and Observability Flashcards
CLoud Watch Metrics Standard Granualirty v detailed
By Deafult CloudWatch colelcts standard resolution at 5 mins
Detailed monitoring is every minute.
High Resolution every second.
Cloud Watch High Resolution Granualiaty
every second.
Metrics produced by AWS services are standard resolution by default. When you publish a custom metric, you can define it as either standard resolution or high resolution. When you publish a high-resolution metric, CloudWatch stores it with a resolution of 1 second, and you can read and retrieve it with a period of 1 second, 5 seconds, 10 seconds, 30 seconds, or any multiple of 60 seconds
CloudWath - if you see menton of Near Real Time, think ……
High Resolution Logs (1 second).
You can publish your own metrics, known as custom metrics, to CloudWatch using the AWS CLI or an API.
every PutMetricData call for a custom metric is charged, so calling PutMetricData more often on a high-resolution metric can lead to higher charges.
Whats is XRay Daemon and waht port does it use?
EC2 X-Ray Daemon - The AWS X-Ray daemon is a software application that listens for traffic on UDP port 2000, gathers raw segment data, and relays it to the AWS X-Ray API. The daemon logs could help with figuring out the problem.
How can you Analyze S3 Storage patterns to help work out the best storage class ?
S3 Analytics
How would you indentify unused IAM roles or ?
Access Advisor feature on IAM console. This is a TAB on user/group/role that shows each service and when it was last accessed
Identifying and removing unused permissions to reduce the attack surface.
Analyzing the necessity of certain permissions granted to users or roles over time.
Maintaining compliance by ensuring users and roles do not have excessive permissions.
How would you idenitify policies that enable access outside of your zone?
IAM Access Analyzer
IAM Access Analyzer - AWS IAM Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk.
User isnt able to see the Billing and Cost Management options in console
You need to activate IAM user access to the Billing and Cost Management console for all the users who need access - By default, IAM users do not have access to the AWS Billing and Cost Management console. You or your account administrator must grant users access. You can do this by activating IAM user access to the Billing and Cost Management console and attaching an IAM policy to your users. Then, you need to activate IAM user access for IAM policies to take effect. You only need to activate IAM user access once.
How do you monitor incoming traffic and latency for your ALB ?
ALB access logs - Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client’s IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and troubleshoot issues. Access logging is an optional feature of Elastic Load Balancing that is disabled by default.
How do you get real time guidance and AWS best practices for cost optimization ?
AWS Trusted Advisor - AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices on cost optimization, security, fault tolerance, service limits, and performance improvement.
AWS Budget Forecasts have been setup but no alarms have been triggered. what could the cause be.
AWS requires approximately 5 weeks of usage data to generate budget forecasts - AWS requires approximately 5 weeks of usage data to generate budget forecasts. If you set a budget to alert based on a forecasted amount, this budget alert isn’t triggered until you have enough historical usage information.
valid SAM Serverless Resource Types.
SAM supports the following resource types:
AWS::Serverless::Api
AWS::Serverless::Application
AWS::Serverless::Function
AWS::Serverless::HttpApi
AWS::Serverless::LayerVersion
AWS::Serverless::SimpleTable
AWS::Serverless::StateMachine
Which logs can be used to check if traffic is hitting a subnet ?
VPC Flow Logs
VPC Flow Logs - VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs or Amazon S3
Cloud watch monitoring durations
AWS have three levels of monitoring frequency
“standard” the free tier 5 minute metrics
“detailed” the pay for version, 1 minute metrics
“high resolution” anything under 1 minute
IAM Access advisor v access analyser