Monitoring, cloudwatch, cloudtrail Flashcards
Cloudwatch metrics
- belong to namespace
- dimension is an attribute of a metric (instance id, environment, etc)
- timestamped (basic monitoring - every 5 minutes)
- detailed monitoring - once every minute
- can push custom metrics (ec2 instance ram)
- metrics data points can be pushed two weeks in the past and two hours in the future
Cloudwatch logs
- log groups - arbitrary name represents an app
- log retention policy defined at this level
- log stream - instance within an app / log files / containers
- filter expressions
- by default - they never expire
- metric filters
- used to trigger alarms
- count occurrences of ‘error’ in your logs then send to sns topic
- alarm targets
- create auto scaling action
- send notification to SNS
- stop, terminate, etc. the ec2 instance
- ec2 instance recovery - same private, public, elastic ip, metadata, placement group
- NOT retroactive
- used to trigger alarms
- ec2 machine sends no logs to CW by default
- need to setup IAM role and cloudwatch log agen
Cloudwatch events (now event bridge)
- intercept events like ec2 instance start, s3, any api call with cloudtrail integration
- schedule or cron (create an event every 4 hours)
- json event can be passed to other services
Cloudwatch alarms
- if stat is at certain level for given time, execute action on resource
- terminate instance when cpu is at 95% for 5 minutes, etc.
- If you set an alarm on a high-resolution metric, you can specify a high-resolution alarm with a period of 10 seconds or 30 seconds, or you can set a regular alarm with a period of any multiple of 60 seconds.
Cloudwatch event bridge
- default event bus - evolution of cloudwatch events
- partner event bus - datadog, auth0, etc.
- advanced features
- archive events
- replay archived events
- schema registry - EB analyzes events and infers the schema. schemas can be versioned
- can aggregate all events within an organization from various event buses to a single aws account or region (use PutEvents API with resource-based policy)
- create rules based on events from specific event bus
Xray
- troubleshooting performance and errors
- tracings = segments + subsegments
- annotations - key value pairs used to index traces and use with filters
- metadata - key value pairs NOT indexed, not used for searching
- enabling x-ray
- your applicatino code must import the aws x-ray sdk
- install x-ray daemon or enable x-ray aws integration
- little packet interceptor
- some aws service already run the x-ray service daemon like lambda
- each application must have the IAM rights to write data to x-ray
- for elastic beanstalk, add xray: enabled in the .ebextensions file at the root of the app
Cloudtrail
- monitoring of internal api calls
- audit changes of aws resources by users
- stored by 90 days by default, can log to s3 and use athena to analyze if you want them for longer
Cloudwatch high resolution metrics can be enabled for..?
Custom Metrics. When you publish a Custom Metric, you can define it as either standard resolution or high resolution. You can read and retrieve High- Resolution Custom Metrics at 1 second, 5 seconds, 10 seconds, 30 seconds, or any multiple of 60 seconds.
Enable detailed cloudwatch monitoring if..
you would like their Standard CloudWatch Metrics to be collected every 1 minute (additional cost). standard cloudwatch monitoring = once every 5 mintues
Is memory a default cloudwatch metric?
No. Use PutMetricData API call to send custom metrics
A high resolution cloudwatch alarm can be triggered..
with a period of 10 seconds or 30 seconds, or you can set a regular alarm with a period of any multiple of 60 seconds.
Cloudwatch logs never expire t/f?
True
AWS Systems Manager
unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks such as running commands, managing patches, and configuring servers across AWS Cloud as well as on-premises infrastructure
high resolution custom metric
can send at an interval as little as 1 sec
exporting cloudwatch logs to S3
Cloudwatch logs can be exported to s3.
exporting to KMS encrypted bucket is not supported (but AES encryption is)
you can export logs from multiple log groups or time ranges to the same bucket
