Monitoring and Audit: CloudWatch, CloudTrail and Config Flashcards
What is a namespace in relation to CloudWatch?
The group of metrics associated with a service
What is a dimension as it relates to CloudWatch metrics?
An attribute of a metric such as a specific instance ID
What is one option if the metrics provided by AWS don’t suit your needs?
You can create custom metrics
How would you delete CloudWatch Logs after a period of time?
Set an expiration policy
Are CloudWatch Logs encrypted by default?
Yes
What is CloudWatch Logs Live Tail?
A service that allows you to see the logs in real time as they are processed
What is the service used to query logs within CloudWatch Logs?
CloudWatch Logs Insights
What is the CloudWatch Agent?
A piece of software to run on-premises or on your cloud deployments that collects metrics and logs to push to CloudWatch Logs
What service would be used to trigger notifications from a metric in the AWS Cloud?
CloudWatch Alarms
What are composite alarms in CloudWatch Alarms?
Alarms that can monitor the states of multiple other alarms, e.g. CPU utilisation AND RAM utilisation are both high
What are the two main trigger types for EventBridge?
Scheduled and event pattern
What is a default event bus? What is a partner event bus?
The default event bus is EventBridge, simply the route through which events travel.
The partner event bus is an alternative to EventBridge within AWS that can process events originating outside of AWS.
Why would one archive an event from EventBridge?
To replay it and test for debugging
What is the schema registry in EventBridge and why is it useful?
The schema registry is the ability of EventBridge to be able to comprehend the schema of an event bus which then enables you to create code in your application expecting that schema
What are contributor insights in CloudWatch insights? Why is this useful?
Insights as they relate to the heaviest network users.
Check if they are good or bad actors, find out what or who is impacting system performance, cater to these people more effectively
Do CloudWatch application insights work with all technologies on ECS?
No, it is select technologies on EC2 only - nothing on ECS
What is the default storage length for CloudTrail Events? What can be done to extend this?
90 days, to extend should be sent to S3
What type of CloudTrail events are stored by default in a trail?
Management events
What type of events are not stored by default in CloudTrail as they are done in high volumes?
Data events
Is CloudTrail regional or multi-regional by default?
Multi-regional
What is AWS Config?
A service that tracks the configurations of your AWS services and how these have changed over time
Does Config say who has changed the resource configurations?
No - this is the job of CloudTrail
Is Config global?
No - it works per-region
What is a Config rule?
A query that is periodically activated, e.g. are all my EC2 instances of type T2.micro?
Do Config rules stop events from taking place/people from disobeying them?
No - they just check if something is happening, as opposed to actually changing things
How can one try to automatically rectify non-compliant resources in Config?
Trigger remediation actions with AWS-Managed Automation Documents or custom automation documents
What are CloudWatch application Insights?
CloudWatch Application Insights is an AWS service that automatically monitors applications and resources, providing automated problem detection and troubleshooting recommendations
What is a CloudTrail management event?
A record of an API action or operation that modifies AWS resources or account settings
