CloudWatch
What is CloudWatch
- Amazon CloudWatch is a monitoring service to monitor your AWS resources, as well as the applications that you run on AWS. CloudWatch monitors performance. - At the moment you have to be in the US East (N Virginia) region to displays all billing data and alarms. - CloudWatch can monitor: - Compute - EC2 Instances - Autoscaling Groups - Elastic Load Balancers - Route53 Health Checks - Storage & Content Delivery - EBS Volumes - Storage Gateways - CloudFront - CloudWatch with EC2 will monitor events every 5 minutes by default. - You can have 1 minute intervals by turning on detailed monitoring. - What can I do with CloudWatch: - Dashboards - Create your own Dashboards to see what is happening with your AWS environment (can be global aswell as regional). - Alarms - Set alarms to notify you when certain thresholds are hit - Events - Deliver a near real-time stream of system events that describe changes in AWS resources. - Logs - Helps you to aggregate, monitor, and store logs.
CloudWatch & EC2
- Host Level Metrics consist of: - CPU - Network - Disk - Status Check CloudWatch has available Amazon EC2 Metrics for you to use for monitoring CPU utilization, Network utilization, Disk performance, and Disk Reads/Writes. In case that you need to monitor the below items, you need to prepare a custom metric using a Perl or other shell script, as there are no ready to use metrics for these: Memory utilization Disk swap utilization Disk space utilization Page file utilization Log collection There is a multi-platform CloudWatch agent which can be installed on both Linux and Windows-based instances. You can use a single agent to collect both system metrics and log files from Amazon EC2 instances and on-premises servers. This agent supports both Windows Server and Linux and enables you to select the metrics to be collected, including sub-resource metrics such as per-CPU core. It is recommended that you use the new agent instead of the older monitoring scripts to collect metrics and logs.
AWS CloudTrail
- AWS CloudTrail increases the visibility into your user and resource activity by recording AWS Management Console actions and API calls.
- You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred.
An event in CloudTrail is the record of an activity in an AWS account. This activity can be an action taken by a user, role, or service that is monitorable by CloudTrail.
CloudTrail events provide a history of both API and non-API account activity made through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.
There are two types of events that can be logged in CloudTrail: management events and data events.
By default, trails log management events, but not data events.
A trail can be applied to all regions or a single region. As a best practice, create a trail that applies to all regions in the AWS partition in which you are working.
This is the default setting when you create a trail in the CloudTrail console.
For most services, events are recorded in the region where the action occurred. For global services such as AWS Identity and Access Management (IAM), AWS STS, Amazon CloudFront, and Route 53, events are delivered to any trail that includes global services, and are logged as occurring in US East (N. Virginia) Region.
If a company requires a secure and durable logging solution that will track all of the activities of all AWS resources on all regions, CloudTrail can be used for this case with multi-region trail enabled, however, it will only cover the activities of the regional services (EC2, S3, RDS etc.) and not for global services such as IAM, CloudFront, AWS WAF, and Route 53.
In order to satisfy the requirement, you have to add the --include-global-service-events parameter in your AWS CLI command.
Exam Tips
CloudWatch monitors performance in the AWS platform. CloudTrail monitors API calls in the AWS platform (auditing).