System and Application Logging on EC2

Question 1

Cloudwatch is for…

Answer 1

Metrics

Question 2

Cloudwatch logs is for…

Answer 2

Logging

Question 3

Can cloudwatch and cloudwatch logs natively capture data inside an instance?

Answer 3

No, Cloudwatch agent is required for OS visible data. It sends data into CW.

Question 4

What do you need for CW to function with EC2 instances?

Answer 4

• CW agent installed
• Extra configuration
• Extra permissions

Question 5

What is the extra configuration needed about?

Answer 5

The CW agent needs to know what information to inject into CW and CW Logs

Question 6

What extra permissions are needed to make CW function correctly with EC2?

Answer 6

The agent also needs some permissions to interact with AWS.
This is done with an IAM role as best practice.
The IAM role has permissions to interact with CW logs.
The IAM role is attached to the instance which provides the instance and anything running on the instance, permissions to manage CW logs.

Question 7

What can you use to store the configuration for the CW agent?

Answer 7

Parameter store

Question 8

There is one log group for each…

Answer 8

individual log file we want to capture

Question 9

There is one log stream for each…

Answer 9

group for each instance performing this logging