System and Application Logging on EC2 Flashcards
Cloudwatch is for…
Metrics
Cloudwatch logs is for…
Logging
Can cloudwatch and cloudwatch logs natively capture data inside an instance?
No, Cloudwatch agent is required for OS visible data. It sends data into CW.
What do you need for CW to function with EC2 instances?
- CW agent installed
- Extra configuration
- Extra permissions
What is the extra configuration needed about?
The CW agent needs to know what information to inject into CW and CW Logs
What extra permissions are needed to make CW function correctly with EC2?
The agent also needs some permissions to interact with AWS.
This is done with an IAM role as best practice.
The IAM role has permissions to interact with CW logs.
The IAM role is attached to the instance which provides the instance and anything running on the instance, permissions to manage CW logs.
What can you use to store the configuration for the CW agent?
Parameter store
There is one log group for each…
individual log file we want to capture
There is one log stream for each…
group for each instance performing this logging