Monitoring and Audit: CloudWatch, CloudTrail and Config

Question 1

What is a namespace in relation to CloudWatch?

Answer 1

The group of metrics associated with a service

Question 2

What is a dimension as it relates to CloudWatch metrics?

Answer 2

An attribute of a metric such as a specific instance ID

Question 3

What is one option if the metrics provided by AWS don’t suit your needs?

Answer 3

You can create custom metrics

Question 4

How would you delete CloudWatch Logs after a period of time?

Answer 4

Set an expiration policy

Question 5

Are CloudWatch Logs encrypted by default?

Answer 5

Yes

Question 6

What is CloudWatch Logs Live Tail?

Answer 6

A service that allows you to see the logs in real time as they are processed

Question 7

What is the service used to query logs within CloudWatch Logs?

Answer 7

CloudWatch Logs Insights

Question 8

What is the CloudWatch Agent?

Answer 8

A piece of software to run on-premises or on your cloud deployments that collects metrics and logs to push to CloudWatch Logs

Question 9

What service would be used to trigger notifications from a metric in the AWS Cloud?

Answer 9

CloudWatch Alarms

Question 10

What are composite alarms in CloudWatch Alarms?

Answer 10

Alarms that can monitor the states of multiple other alarms, e.g. CPU utilisation AND RAM utilisation are both high

Question 11

What are the two main trigger types for EventBridge?

Answer 11

Scheduled and event pattern

Question 12

What is a default event bus? What is a partner event bus?

Answer 12

The default event bus is EventBridge, simply the route through which events travel.
The partner event bus is an alternative to EventBridge within AWS that can process events originating outside of AWS.

Question 13

Why would one archive an event from EventBridge?

Answer 13

To replay it and test for debugging

Question 14

What is the schema registry in EventBridge and why is it useful?

Answer 14

The schema registry is the ability of EventBridge to be able to comprehend the schema of an event bus which then enables you to create code in your application expecting that schema

Question 15

What are contributor insights in CloudWatch insights? Why is this useful?

Answer 15

Insights as they relate to the heaviest network users.
Check if they are good or bad actors, find out what or who is impacting system performance, cater to these people more effectively

Question 16

Do CloudWatch application insights work with all technologies on ECS?

Answer 16

No, it is select technologies on EC2 only - nothing on ECS

Question 17

What is the default storage length for CloudTrail Events? What can be done to extend this?

Answer 17

90 days, to extend should be sent to S3

Question 18

What type of CloudTrail events are stored by default in a trail?

Answer 18

Management events

Question 19

What type of events are not stored by default in CloudTrail as they are done in high volumes?

Answer 19

Data events

Question 20

Is CloudTrail regional or multi-regional by default?

Answer 20

Multi-regional

Question 21

What is AWS Config?

Answer 21

A service that tracks the configurations of your AWS services and how these have changed over time

Question 22

Does Config say who has changed the resource configurations?

Answer 22

No - this is the job of CloudTrail

Question 23

Is Config global?

Answer 23

No - it works per-region

Question 24

What is a Config rule?

Answer 24

A query that is periodically activated, e.g. are all my EC2 instances of type T2.micro?

Question 25

Do Config rules stop events from taking place/people from disobeying them?

Answer 25

No - they just check if something is happening, as opposed to actually changing things

Question 26

How can one try to automatically rectify non-compliant resources in Config?

Answer 26

Trigger remediation actions with AWS-Managed Automation Documents or custom automation documents