Monitoring

Question 1

Cloud Watch

Answer 1

used to monitor AWS services EC2, ELB, and S3’monitor your environment by configuring and viewing CloudWatch metrics.

Question 2

CloudWatch Metrics

Answer 2

EC2 per-instance metrics:
--CPUUtilization
--CPUCreditUsage
S3 Metrics:
--NumberOfObjects
--BucketSizeBytes
ELB Metrics:
--RequestCount
--UnhealthyHostCount

Question 3

Detailed vs. Basic level monitoring

Answer 3

Basic: data is available automatically in 5-minute periods at no charge
Detailed: data is available in 1-minute periods.

Question 4

CloudWatch Alarms

Answer 4

can be created to trigger alerts( or other actions in your AWS accounts, such as an SNS topic), based on threshold you set on CloudWatch metrics.

Question 5

Auto Scaling

Answer 5

heavily utilizes Cloudwatch – relying on threshold and alarms to trigger the addition(or removal) of instances from an auto scaling group.

Question 6

CloudWatch EC2 Monitoring

Answer 6

System Status Checks;(things out of our control)

Instance Status Checks(things we do control)

Question 7

System Status Checks

Answer 7

Loss of network connectivity;
loss of system power;
software issues on the physical host
hardware issues on the physical host
How to solveL generally stopping and restarting the instance will fix the issue. This causing the instance to launch on a different physical hardware device.

Question 8

Instance status checks

Answer 8

Failed system status checks
Misconfigured networking or startup configuration
exhausted memory
corrupted file system
incompatible kernel

How to solve: a reboot, or solving the file system configuration issue.

Question 9

By default, Cloudwatch will automatically monitor metrics that can be viewed at the host level(not the software level)

Answer 9

CPUUtiliztion
Network in/out
CPUCreditBalance
CPU Credit Usage

Question 10

OS level metrics that required a third party script(perl) to be installed(provided by AWS)

Answer 10

Memory utilization, memory used, and memory available.
DIsk Swap Utilization
Disk Space utilization,
disk space used,
disk space avaiable.

Question 11

Cloud Trail

Answer 11

API logging service that logs ALL API calls made to AWS
logs are placed into a designated S3 bucket – highly available by default.
logs help when addressing security concerns, by allowing you to view what actions users on your AWS account have performed.
can log ever single action taken in your account.

Question 12

VPC Flow Log

Answer 12

allow you to collect information about the IP traffic going to and from network interfaces in your VPC.
data is stored in a log group in cloudwatch
can be created on a specific VPC, Subnet or Network interface
include all network interfaces in that VPC or subnet.
each network interface will have its own unique log stream.
you can set the log to capture in “real-time”. the capture window is about 10 minutes, the data is published.
consist of network traffic for a specific 5-tuple.

Question 13

5-tuple

Answer 13

is a set of 5 different values that comprise a TCP/IP connection.

1. source IP address
2. source port number
3. destination IP address
4. destination port number
5. Protocol

Question 14

Benefits of VPC flow logs

Answer 14

troubleshoot why certain traffic is not reaching an EC2 instance
added security layer by allowing you to monitor that traffic that reaches your EC2 instances.

Question 15

Limitations of VPC flow logs

Answer 15

Traffics not captured by VPC Flow logs:

1. traffic between an EC2 instance and an Amazon DNS Server
2. Traffic generated by request for instance metadata
3. DHCP traffic.