Module 7 - Monitoring and Scaling

Question 1

What are some options for monitoring on AWS?

Answer 1

CloudTrail
CloudWatch
EventBridge

Question 2

Why do you need to monitor?

Answer 2

Operational Health
Application performance
Resource utilization
Security auditing

Question 3

What is CloudWatch?

Answer 3

A service that provides a near real-time stream of system events. Sends notifications or automatically makes changes to the resources you are monitoring based on rules that you define. Also works for on-prem servers. It’s a metrics repository.

Question 4

What statistic types does CloudWatch offer?

Answer 4

minimum, maximum, sum, average, count, and percentile.

Question 5

What do CloudWatch alarms do?

Answer 5

Alarms can be configured to trigger actions to stop, start, or terminate a service when certain criteria are met.

Question 6

What types of logs are there?

Answer 6

CloudTrail - user activity, API usage. who did what and when

CloudWatch logs - apps, log files from EC2, CloudTrail, Route53.

VPC FLow logs - IP traffic to/from network interfaces in the VPC

Custom

Question 7

What is a log stream?

Answer 7

a sequence of log events that share the same source. Each separate source of logs in CloudWatch Logs makes up a separate log stream.

Question 8

What is a log group?

Answer 8

a group of log streams that share the same retention, monitoring, and access control settings. You can define log groups and specify which streams to put into each group

Question 9

What is a metric filter?

Answer 9

A way to search for and match terms, phrases, or values in your log events. When a metric filter finds one of the terms, phrases, or values in your log events, you can increment the value of a CloudWatch metric

Question 10

Where are CloudTrail logs stored?

Answer 10

S3 bucket.

Question 11

Where can you see the VPC Flow logs?

Answer 11

Amazon EC2 and Amazon VPC consoles.

Logs are stored in S3 bucket or CloudWatch log groups.

Question 12

What triggers do VPC Flow logs offer?

Answer 12

You can create alarms that will fire if certain types of traffic are detected, and metrics to help you to identify trends and patterns

Question 13

What logging is NOT captured in VPC FLow logs?

Answer 13

VPC logging does not include:

• DNS traffic
•DHCP traffic
• Windows license activation traffic
• traffic to and from the instance metadata address
(169.254.169.254)
•Traffic to/from the reserved IP address of the default VPC router

Question 14

What entities can you create a VPC FLow log for?

Answer 14

You can create a flow log for a VPC, a subnet, or an elastic network interface.

If you create a flow log for a subnet or VPC, each network interface in the VPC or subnet is monitored.

Question 15

Where can you publish VPC FLow logs?

Answer 15

You can publish flow log data to a log group in CloudWatch Logs. OR to S3 bucket in log file objects.

You can’t edit the configuration of a log after you create it, you can only delete it.

Question 16

What happens if the same network interface is present in one or more flow logs in the same log group?

Answer 16

it will have one combined log stream

Question 17

How does VPC Flow Logs publish to S3?

Answer 17

In 5 minute intervals. If a file is over 75MB it stops adding logs to the file, publishes to S3, then creates a new file.

Question 18

What does the user creating the flow logs need to have?

Answer 18

They must either own the bucket or have GetBucketPolicy and PutBucketPolicy permissions.

Question 19

What is CloudWatch?

Answer 19

A metrics alarm. Whenever the metric reaches some threshold, an action occurs (EC2 action, autoscaling, or notification to a topic).

Question 20

What are the 3 alarm states?`

Answer 20

• OK: The metric is within the defined threshold.
• ALARM: The metric is outside the defined threshold.
• INSUFFICIENT_DATA: The alarm has started, the metric is not available, or not enough data is available for the metric to determine the alarm state.

Question 21

What is a namespace in CloudWatch?

Answer 21

A container for metrics. You specify the namespace when you create metrics so you keep your applications separate.
Naming convention: AWS/

Question 22

What is a CloudWatch metric?

Answer 22

A metric represents a time-ordered set of data points that are published to CloudWatch. Always associated with a timestamp.

Question 23

What is a dimension in CloudWatch?

Answer 23

A dimension is a name-value pair that uniquely identifies a metric (up to 10 per metric).

Question 24

What are valid time periods in a CloudWatch statistic?

Answer 24

Valid values for a period are 1, 5, 10, 30, or any multiple of 60.

Question 25

What is CloudWatch Events?

Answer 25

A service that delivers a near-real-time stream of system events that describe changes in AWS resources. This is where you set up rules to match events to functions or streams.

Question 26

What things can CloudWatch Events do to respond to changes in resources?

Answer 26

• Send messages to respond to the environment
• Activate functions
• Make changes
• Capture state information

Question 27

What is EventBridge?

Answer 27

A serverless event bus service that extends CloudWatch Events, built on top of it. It reacts to events generated by other AWS services and has additional capabilities. Eventually, it will absorb CloudWatch Events.

Question 28

What are some examples of event sources and targets used by EventBridge?

Answer 28

Sources: AWS services, custom applications, SaaS applications (e.g. Zendesk, Datadog, or PagerDuty)

Targets: Lambda, Amazon SNS, Step Functions

Question 29

What are the advantages of linking your partner event source (like DataDog) to EventBridge? Of EventBridge in general?

Answer 29

Provides a logical connection between the Partner’s system and your AWS account without the need for provisioning and managing cross-account IAM roles or credentials.

You don’t have to write point-to-point integrations. Decouples event publishers from event subscribers.

Serverless so there is nothing to manage.

Question 30

What are the 2 types of Auto Scaling?

What are the features of EC2 Auto Scaling?

Answer 30

AWS Auto Scaling - application scaling for multiple resources such as Amazon EC2, DynamoDB, Aurora, etc.

Amazon EC2 Auto Scaling - helps you ensure that you have the correct number of EC2 instances available to handle the load for your application
• Elasticity & Scalability
• Responds to CloudWatch metrics, health checks
• Can scale based on performance or a schedule

Question 31

What do you need to set up EC2 Auto Scaling?

Answer 31

1) LAUNCH TEMPLATE or Launch Config (smaller version of template, so just stick with templates)
• AMI ID, Instance type, security group, roles

2) Set up ASG (auto-scaling group)
• Define purchase options (spot? on-demand?)
• Define a VPC (always 1), subnets,
• Optional load balancer
• health checks (EC2 & ELB)
• define min/max capacity, desired capacity

3) Set up Auto Scaling policy
• scheduled
• dynamic
• predictive

Question 32

What are the different types of EC2 instances to use with auto-scaling? How do you define those?

Answer 32

Spot - fault-tolerant, flexible, stateless workloads
On-demand - spiky workloads
Reserved - committed, steady usage

Use Amazon EC2 Fleet to define your instances (what % of each type).

Question 33

I have an application that runs on 2 instances with unpredictable traffic patterns. I want CPU utilization to stay around 75%. What scaling strategy should I use?

Answer 33

Dynamic.

Question 34

What service can invoke actions based on data from account resources or third-party management services?

Answer 34

EventBridge.

Question 35

What is a typical use of CloudTrail data?

Answer 35

Store log data as a record of account usage.

Capture root login failures.

Question 36

Do the VPC Flow Logs contain hostnames or IP addresses for source and destination hosts?

Answer 36

IP addresses (IPv4 and IPv6).

Question 37

Can VPC flow logs be tagged?

Answer 37

No.

Question 38

Can you enable flow logs for VPC that are peered with my VPC?

Answer 38

No, unless it is in the same AWS account.

Question 39

What EC2 metrics can CloudWatch monitor?

Answer 39

CPU, NU, DP, DR

CPU utilization
Network utilization
Disk performance
Disk Reads/Writes.

In case you need to monitor the below items, you need to prepare a custom metric using a Perl or other shell script, as there are NO ready to use metrics for:

Memory utilization
Disk swap utilization
Disk space utilization
Page file utilization
Log collection

Question 40

What is a multi-platform CloudWatch agent?

Answer 40

You can use a single agent to collect both system metrics and log files from Amazon EC2 instances and on-premises servers. This agent supports both Windows Server and Linux and enables you to select the metrics to be collected, including sub-resource metrics such as per-CPU core.