Monitoring Flashcards
Differences between the CloudWatch applications? (Logs, Alarms, Events)
Logs: cotains log files, can set alarm and react to changes in AWS resources - can be viewed in real time
Alarms: Monitors a single metric and perfoms actions of it
Events: near real time stream of system events
What is free of charge in monitoring?
3 Dashboards Basic monitoring for EC2 instances Metrics for EBS, ELB and RDS 50 metrics, 10 alarms 1 mio. API requests 5min Refresh Rate
Is CloudWatch inter-regional?
Metrics are only available for one region
Ways to create custom metrics
PutMetricData API
monitoring scripts for Win. / Linux
Applications from the AWS Partner Network
How is the retention for the metrics (outside of Cloudwatch Logs)
1 min for 15 days
5 min for 63 days
1 hr for 455 days
Metrics cannot be deleted - they expire after 15month if no data is incoming
What are the reasons for a system status checks to fail?
Loss of network connectivity
Loss of system power
Software issues of host system
Hardware issues of the host
What are the reasons for instance status failures?
Network configuration issues Incorrect configurations of the OS Exhausted memory Corrupt file system Kernel issues
What is the purpose of CloudWatch Alarms?
Initiate automatic action in response to a predefined condition of a single metric
What are the status of CloudWatch Alarms?
OK
ALARM
INSUFFICIENT_DATA
When are events created?
Change in AWS resource status (for example EC2 instance stopping)
Events sent by CloudTrail, user login e.g.
Issued by a scheduled (cron) basis
What is the Cost Explorer?
Review of the costs of the last 13 month and a forecast of the next 3
It also generates detailed CSV reports
How are inter-regional Trails managed?
All trails are applied to all regions by default, but it is not one trail but a copy to all regions
What can be done with AWS Config?
Create snapshot of current environments
Historical configurations
Notifications then resources change
See relations between resources
What is the maximum number of months of history that AWS Cost Explorer displays?
13 months
What are the basic metrics of EC2?
CPUCreditBalace
CPUUtilization
Network In / Network Out
What are the basic metrics of EBS?
Volume IdleTime
V. ReadBytes / ReadOps
V WriteByte / WriteOps
What are the basic metrics of an ALB?
Active Connections Rejected Connections (Un)HealthyHostCounts Status Codes RequestCounts
What are the basic metrics of RDS?
CPUUtilization
ReadIOPS / WriteIOPS
Free Space
Active DB Connections
What is the definition of a custom metric?
- Anything generated inside the OS
- Coming from outside the resources - as long as it has access to the CloudWatch Service API
- Application Metrics like RAM or Disk Space
What is needed to push custom metrics?
CloudWatch Agent or scripts/SDK
Appropriate IAM access
What action should be taken if an EC2 instance (behind a ASG) is in an alarm state?
Terminate the instance - the auto scaling group will boot another one
What are the EBS Volume Status Checks? (non prov. IOPS)
oka
warning
impared
insufficient-data
What are (some) RDS status checks?
Available Backing Up Creating / Deleting Failed Mainenance Rebooting
Which arichtectural choice improve network performance?
Single AZ
Placement Groups
Enhances Networking
Keeping Traffic in the VPC
What can be performance bottlenecks and how to get notified?
Undersized NAT instances Undersized RDS instances Undersized EC2 instances Old EC2 instance types Underprovisioned EBS volumes Static assets from EC2
The Trusted Advisor report can locate bottlenecks
List Cloud Watch Event Targets
SNS Topics EC2 Instances Lambda functions Kinesis Data Streams ECS tasks System Manager commands AWS Batch jobs CodePipeline for deployments Inspector for assessments
What services have built-in CloudWatch Log support? (Store the logs in CW)
Route53
CloudTrail
Lambda
API Gateway
What are services for CloudWatch Logs Custom Sources?
EC2 Applications
On-Premis Service
Other cloud resources
What are the steps to install the CloudWatch Logs Agent
Single command install
Configure configureation file
Take and push the Metric
What are the options to automate the install of the CloudWatch Logs Agent?
Include in AMI
Include in EC2 user-data
Include in configuration management tool like Ansible or Chef
Via the AWS Systems Manager Agent command
What services log in S3 Buckets
S3
CloudFront
ELB
In what logs can CloudTrail put its logs?
Logs in S3 and CloudWatch Logs
What are the intervals for tracking metrics in Cloudwatch?
5min for basic
1min for details
What are the host level metrics tracked in Cloudwatch?
CPU
Network
Disk
Status Checks
What the general difference between basic and custom metric?
basis: AWS has knowledge
custom: AWS has no knowledge
How long are metrics kept in CLoudWatch Logs?
Indefinitely or a custom duration
What are ELB access logs?
Optional loggin for load balancers. Stores logging information in S3.
Captures IP, latency, requests and Server response.
It can be used for example to trace requests to ec2 instances that have been terminated in the meantime.
What should be monitored for ElastiCache?
CPU Utilization
Evictions
Swap Usage
Concurrent Connections
How to create a CloudWatch dashboard across regions?
Just create it in one region, it will be available in other regions as well (with the data from the region the widget is created from)
What is the purpose of AWS Organizations?
- Manage policies across accounts
- Control access to Services (Using SCPs)
- Account management (Creation and Managing)
- Consolidate Billing
What has precedence: an SCP or IAM policy?
A deny in an SCP will overrule an allow in an IAM Policy
What is the tree structure of AWS Organizations?
Root
Organizational Unit(s)
AWS Accounts
What are Resource Groups?
AWS Service to group resources based on tags.
Those can be used for example to automate / bulk tasks with the AWS System Manager
What are Cost Allocations Tags and how to use them?
You can select the Tags that are relevant for Billing such as Department or Team.
These can be used in the Cost Explorer and Billing/Cost Management Console
What are the three parts of configurations in AWS Config?
Configuration Items: Point in time attributes
Configuration Snapshots: Collection of the Items
Configuration Streams: Stream of Item changes
Is AWS Config inter-regional?
No, every region has its own data
But you can aggregate the resgions/accounts
AWS Config: What are compliance checks and how to use them?
Config can check against a set of rules (about 40), for example, if unrestricted ssh access is allowed somewhere.
The check can be triggered periodically or when a configuration has changed.
To enable AWS config to do these checks it needs a role with read access to the resources and write access to S3 and SNS
Where can you find the Service Health Dashboard?
status.aws.amazon.com
What is the Personal Health Dashboard?
Global Dashboard to indicate how problems in AWS would affect services in the own account
What is needed for metrics to be tracked on On-Premise servers?
SSM agent
CloudWatch agent
What is the AWS FlowLog?
- All VPCs monitored must be in the same account
- Not monitored: Metadata, DHCP, traffic to reserved IPs
- Data logged in CloudWatch (FlowLog needs permission to write)
- Can be streamed to Lambda or ElasticSearch
What are AWS Config Rules?
Checks for (non) compliant settings in services, for example open SSH ports in Security Groups or cloudtrail being enabled
Does AWS Config span multiple regions?
No, they need to be configured separately
or include global services like S3
How are logs from AWS Config stored?
In a S3 bucket (same or different account)
[BUCKET]/[OPTIONAL PREFIX]/AWSlogs/[ID]/config/[REGION]
How to get notified when a AWS Config rule is broken?
Create and subscribe to an SNS topic
What permissions are needed for AWS Config to work?
Config needs a role that has read-only access to the ressources and write access to the S3 bucket
What are the (two) trigger types in AWS Config?
Perioc (duration can be set - per default 24h)
on configuration change
NOTE: some rules cannot be set to on or both of the trigggers
How to install the CloudWatch Logging Agent?
1) Create a role and attach it to the instance
2) Download and install the agent on the instance
3) Configure and start the agent
How can a second account assume a role in another account?
- Create the role in the primary account
- In the secondary account create a policy with the action sts:AssumeRole and link the first role as the Resource
What are S3 Access Logs?
Logs events made for the buckets and its objects.
Not enabled per default.
What is the standard bucket name strucutre for CloudFront Logs?
[bucketname].s3.amazonaws.com/[optionalprefix]/[distributionid]/[YYY-MM-DD-HH].[uniqueid].gz
What are the limitations of VPC Flow Logs?
- You can only see VPC from your own account (if peered)
- Flow logs cannot be edited after creation
Which traffic is not caputed by the Flow Logs?
- DHCP
- Amazon DNS Servers
- Router
- Metadata IPs (169.254.169.254/.123)
- Activation Servers
- Traffic between Network Load Balancer Interface and Endpoint Network Interface
Is the CloudWatch alarm for estimated charges limited to one Region?
No, it says US-East, but is summed up for alle regions
What are Cost Allocation Tags?
Selection of tags that are used for cost reporting.
Needs to be enabled first, then the tags can be selected.
How can Tags be used for security?
Tags can be used in IAM policies to ensure a resource has the needed tag
What are Resource Groups?
A group of resources based on one or many tag (and value) combinations.
Can be used in IAM, since after creation a ARN is present.
Does AWS Config span regions?
No, the settings must be done for every region that config will be used
Inspector: With which service does AWS Inspector work with?
EC2
CloudWatch: What is a composite alarm?
Alarm states of other alarms that you have created. The composite alarm goes into ALARM state only if all conditions of the rule are met.
CloudWatch: What are Periods, Evaluation Periods and Datapoints to Alarm?
Period: Duration that will be checked
Evaluation Period: umber of the most recent periods, or data points, to evaluate
Datapoints to Alarm: number of data points within the Evaluation Periods that must be breaching to cause the alarm to go to the ALARM state
CloudWatch: How can missing data points be handled?
notBreaching – Missing data points are treated as “good” and within the threshold,
breaching – Missing data points are treated as “bad” and breaching the threshold
ignore – The current alarm state is maintained
missing – If all data points in the alarm evaluation range are missing, the alarm transitions to INSUFFICIENT_DATA.
CloudWatch: Anomaly Detection
Mines past metric data and creates a model of expected values.
You can choose whether the alarm is triggered when the metric value is above the band of expected values, below the band, or either above or below the band.
CloudWatch: What is necessary for CW to start, stop, terminate EC2 instances?
To set up a CloudWatch alarm action that can reboot, stop, or terminate an instance, you must use a service-linked IAM role, AWSServiceRoleForCloudWatchEvents.
The AWSServiceRoleForCloudWatchEvents IAM role enables AWS to perform alarm actions on your behalf.
CloudWatch: How to recover an instance using CloudWatch?
When the StatusCheckFailed_System alarm is triggered, and the recover action is initiated, you will be notified by the Amazon SNS topic that you chose when you created the alarm and associated the recover action. During instance recovery, the instance is migrated during an instance reboot, and any data that is in-memory is lost.
The recover action can be used only with StatusCheckFailed_System, not with StatusCheckFailed_Instance.
It is not supported and does not work with instances with Instance Store volumes
CloudWatch: What is a billing alert?
It is possible to set up an alarm in CW, that will sound when a given threshold is reached.
It triggers only when actual billing exceeds the threshold. It doesn’t use projections based on your usage so far in the month.
CloudWatch: Can you use CW cross-account / cross-regional?
Yes, by sharing with single accounts or the entire organisation
CloudWatch: What can be done with the CloudWatch Agent?
- Collect more system-level metrics from Amazon EC2 instances
- Send data from on-premise instances
- Can be installed manually or wir the SSM
CloudWatch: What are High Resolution Custom Metrics?
Allows push push data to the log down to 1 sec - therefore Alarms can be triggered down to 10sec.
Trusted Advisor: What are the four categories that TA helps with?
Cost Optimization
Fault Tolerance
Performance
Security
Trusted Advisor: How are the data refreshed?
Automatically after 24h hours
Manually every 5min for all or selected checks
Trusted Advisor: What are the three types of results of a check?
No action necessary
Investigation recommended
Action recommended
Inspector: What is the purpose of the AWS Inspector?
For EC2 Instances
Helps to identifiy security vulnerbilities based in hundreds of best pracitices
For it to work an agent has to be installed on the instance
What is needed to get metrics from an ELB?
Nothing, AWS will automatically send metrics from an ELB
What are ELB access logs?
Optional feature (disabled per default)
Will list:
- IP address
- Latency
- Request path
- Server response codes
What is Request Tracing?
For requests coming to the ELB, AWS adds the X-Amzn-Trace-Id to the header, which can be used to analyze the traffic from the client to the system.
Needs the ALB (not NLB or Classic LB)
If an instance has the tag name MyInstance and the tag Name AlsoMyInstance, which one will be shown the the Name column of the overview page?
AlsoMyInstance
Tags are case sensitive and the overview page listens to “Name”
What are the two types of Resource Groups?
Tag based
CloudFormation stack based
How to use Tags in the Cost Explorer?
(if organized in an Organisational Unit -> log in as root)
Select the Tags
Activate the Tags
Use Tag in the Explorer
Which service does Systems Manager integrate with to give you visibility of the overall health of your AWS infrastructure?
CloudWatch
By default, how frequently are ELB metrics published to CloudWatch?
If there are requests flowing through the load balancer, Elastic Load Balancing measures and sends its metrics in 60-second intervals. If there are no requests flowing through the load balancer or no data for a metric, the metric is not reported.
CloudTrail: How long are the trails stored by default and where?
In a non visible S3 Bucket fpr 7 days.
If longer duration is needed an own bucket can be selected
CloudTrail: What are digest files?
Hash value that verifies the integrity of the logs.
Flow Log: What are the attributes in a log entry?
version account-id interface-id srcaddr dstaddr srcport dstport protocol packets bytes start end action log-status
First Source, then Destination (both for port and IP)
Flow Log: Where can you send/save the data to?
Cloud Watch Logs
S3
You would like to run a Lambda function at the same time every night. How could this be done?
Schedule an event in CloudWatch to trigger the function
What is the use-case for AWS X-Ray?
X-Ray can be used for adding code tracing support for both monolithic application code (e.g. a large Django monolithic project) and serverless (Lambda function) code.
Is it possible to use CloudWatch metrics to trigger auto-scaling based on SQS queue size?
yes
https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-using-sqs-queue.html
What is Request Tracing?
Used by the load balancer, Request Tracing can be used to track HTTP requests from clients to targets.
Tracked with the X-Amzn-Trace-Id parameter in the header.
CloudWatch Events:
What is the “target” and what services can be used?
The target is the action that is taken place when the event occurs, such as: calling a lambda function, sending an E-Mail with SNS deploying Code or activate a command in SSM
What can be the destinations for a VPC Flow Log?
S3 or CloudWatch Log Group
What are “units”?
Every metric has a unit, per default it is “none”
What is Aggregation?
When there are multiple data points published at the same timestamp, namespace / dimension AWS aggregates them for better visibility.
Only available for detailed monitoring and not across regions
How to get the status of all instances (cli)
aws ec2 describe-instance-status
CloudWatch: How to allow a user to only access certain EC2 instances to monitor
This is not possible
What are the (three) conditions, when an alarm is triggered?
- Reached a particular value
- stays over a threshold for a consecutive times
- stays on a consistent value multiple periods
What happens for Auto Scaling Groups / SNS when an alarm is triggered?
ASG: Will fire the event every time until the alarm is gone
SNS: Will only fire once
ElastiCache: What should be done if CPUUtilization is high?
Memcached: implement larger instance type or add more nodes
Redis: Add read replicas
ElastiCache: What should be done if the SwapUsage goes over 50mb?
Memached: Increase ConnectionOverhead
Redis: no recommendations atm
ElastiCache: What should be done if data is evicted?
Memcached: Scale up cluster or add nodes
Redis: Scale up cluster
ELB: What is the metric to track (un)healthy hosts?
HealthyHostCount
ELB: What are the SpilloverCount and the SurgeQueueLength?
SpilloverCount: Dropped requests because the surge queue is full
SurgeQueueLength: Count of requests that can wait to be handled
CloudWatch Events: When are events created? (four)
- AWS resource changed (instance stopped e.g.)
- Events from CloudTrail (failed login attempt)
- Code from applications that should be processed in CW Events
- On a scheduled basis
CloudWatch Events: What can be done to have a recurring Event-Check done?
Set up a scheduled (cron like) event
CloudWatch Logs: What is a Log Group?
Stream of data from multiple resources, such as a group of EC2 instances
CloudWatch Logs: What is the Retention Policy?
How long events are kept in the logs.
From 1 day to 10years (option to keep them always)
What service can monitor costs and how to alert the customer?
Costs can be monitored with CloudsWatch in a billing alert, which can send a notification when the usage exceeds the limit.
Billing alerts can be created in the AWS Billing and Cost Management console
How to encrypt CloudTrail log files?
By default they are encrypted
Config: How to set up a custom rule?
The check will be created in AWS Config and will run as a custom Lambda function on change or in periodic intervals.
CloudWatch Events: What are the three components?
Events, Rules and Targets
What command can you type into the Amazon CLI to retrieve the Amazon EC2 instance namespace?
aws cloudwatch list-metrics –namespace AWS/EC2.
CloudWatch: How can you access Amazon CloudWatch? (four)
Amazon CloudWatch Console
AWS CLI
CloudWatch API
AWS SDK
CloudWatch: How many Alarms can you have in a region?
5000
CloudWatch: What are:
- Data Point
- Data Points to Alarm
- Evaluation Points
- Evaluation interval
Data Points: Metric to be checked
DP to Alarm: How many checks in on interval should be failed in order to raise the alarm (3 e.g)
Evaluation Point: How often should be checked (1min e.g.)
Evaluation interval: How long in total should be checked? (5min e.g.)
CloudWatch: What is a namespace in Amazon CloudWatch?
A logical grouping of Amazon CloudWatch metrics
CloudWatch: What are the supported Linux Distributions for the CLoudwatch Agent?
Amazon Linux
Ubuntu
Red Hat
Debian
CloudWatch: What (two) types of logs can be send from a Windows Server?
IIS Logs
System Logs
CloudWatch: How to install the CW Agent on a Windows 2016 Server?
Via the Systems Manager
The EC2 Config Service does not exist anymore.
CloudWatch: How is data encrypted?
Log data is encrypted in transit and at rest within Amazon CloudWatch. This requires
no special configuration on the part of a system administrator
Is there a way to create reports with billing data
by usage, or the cost per individual log group?
Yes, using “detailed billing”
How many tags can you have in an Amazon CloudWatch log group?
50
CloudWatch: How would you enable / disable Amazon CloudWatch detailed monitoring via the AWS CLI?
aws ec2 monitor-instances –instance-ids
aws ec2 unmonitor-instances –instance-ids
CloudWatch: How to get the total number of metrics tracked in a span of time?
SampleCount can give you the total number of metrics that are being used in a
statistical calculation. This can be helpful if you are trying to determine sample size
CloudWatch: Which two steps are necessary to be able to aggregate statistics across multiple instances?
- Enable detailed monitoring.
- Choose the Amazon EC2 namespace and select Across All Instances.
How to get alerted when the use of resources goes out of AWS Free Tier?
Set up an AWS Free Tier alert in AWS Budgets
Where should you create an alarm for a failed Amazon EC2 status check failure?
Amazon EC2 Console
Amazon EC2 Console: For what metrics can you use High - Resolution metrics?
Custom Metrics (not pre-built metrics)
CloudTrail: How to automatically push the calls to new regions? (two)
- Select Yes to apply to all regions in the trail configuration page.
- In the CLI, you set the parameter IsMultiRegionTrail to True.
CloudTrail: Your boss wants you to create two separate trails in Amazon CloudWatch, one for
management and one for data.
Is this possible?
Yes, you can create two separate trails and separate management activity from data
activity.
Config: What are the periodic steps you can set up?
You can set periodic rules to run every 1, 3, 6, 12, or 24 hours
. Which account is used in AWS Organizations to create an organization, invite new AWS
accounts, and remove AWS accounts?
master
How can you get access to all of the checks within AWS Trusted Advisor?
Upgrade to Business-level support or
Upgrade to Enterprise-level support.
Trusted Advisor continuously alerts on one of your resources.
Ensure that AWS Trusted Advisor no longer alerts on that resource. How can you
accomplish this?
Add an exclusion for reporting the resource at the resource level.
Inspector: What type of software can be checked by inspector?
Amazon Inspector can only find applications installed by the operating system’s
package manager. It can’t find applications installed by automation software like Chef,
Puppet. or Ansible
Inspector: What are the two report types?
Findings Report
Full Report
What is the purpose of AWS GuardDuty?
Amazon GuardDuty allows you to monitor for threats by analyzing AWS CloudTrail
events, VPC Flow Logs, and DNS logs
Which AWS services classifies data in S3 and catalogs the normal behaviors from users
who are accessing that data?
Amazon Macie
Guard Duty: How long are findings stored?
90 days
With which tool can you query logs using regex?
Amazon CloudWatch Logs Insights
Which tool allows to display metric charts on a website or third party tool?
Amazon CloudWatch snapshot graphs
What ist needed for the Run Command in AWS Systems Manager?
Open Ports / Remote Access?
Open Ports
What ist needed for the Session Manager AWS Systems Manager?
Open Ports / Remote Access?
Session Manager within AWS Systems Manager allows remote console sessions via an
interactive web browser with no need to open inbound ports or use bastion hosts to access
your systems
What are the editions for QuickSight and how are they billed?
- Pay-per-session
- Enterprise and Standard
The Enterprise
Edition will support Active Directory groups from AWS Directory Service.
The Standard
edition allows you to invite IAM users, or users directly with an email address.
What is a benefit provided by Amazon Macie?
Visibility into the locations where you store data
You want to use CloudWatch to find the average CPU utilization for an instance over
a 30-minute period. The metric is updated every 5 minutes. Which statistic and period
should you use?
The Average statistic with a 30-minute period
