CloudWatch

Question 1

How would you view EC2 memory usage as a metric?

Answer 1

Push the metric from inside the instance as a custom metric (not pushed by default).

Question 2

How do you create a custom metric, and what resolutions can you have?

Answer 2

Use the API call PutMetricData with StorageResolution param
- Standard resolution: 1 minute
- High resolution: 1/5/10/30 second(s), higher cost

Question 3

Can you insert your metric data points at any time?

Answer 3

No, but you can insert metric data points up to two weeks in the past, and two hours in the future (make sure to configure your EC2 instance time correctly).

Question 4

What do you need to do to allow your EC2 machine to push logs to CloudWatch?

Answer 4

Run CloudWatch Logs/Unified Agent on that EC2 instance.

Question 5

What is the difference between CloudWatch Logs Agent and CloudWatch Unified Agent?

Answer 5

Logs:
- Can only send to CloudWatch Logs
Unified:
- Collect addition system-level metrics such as RAM, processes, etc.
- Send logs to CloudWatch logs
- Centralized configuration using SSM Parameter Store

Question 6

How can you easily test a CloudWatch alarm?

Answer 6

Use the CLI to set the alarm state to ALARM.

Question 7

Give a high level description of CloudWatch Synthetics Canary.

Answer 7

Allows you to use a configurable script that monitors your APIs, URLs, Websites etc.
- Checks availability and latency of endpoints, and can store load time data and screenshots of the UI

Question 8

How do EventBridge and the Schema Registry work together?

Answer 8

EventBridge can analyze the events in your bus and infer the schema
- Allows you to generate code for your application that will know in advance how data is structured in the event bus.

Question 9

What is the difference between EventBridge and CloudWatch Events?

Answer 9

Same underlying service infrastructure (API and endpoint), but EventBridge allows:
- Extension to add event buses for custom applications and third-party SaaS apps
- Schema Registry

Question 10

Describe a use case for a multi region resource policy on an event bus?

Answer 10

Aggregate all events from your AWS organization into a single AWS account or region (e.g., into a ‘central event bus’)

Question 11

How do you enable AWS X-Ray on an instance?

Answer 11

Install the xray daemon - works as a low level UDP packet interceptor
- Each application must also have th eIAM rights to write data to xray.

Question 12

How do you enable AWS X-Ray on Lambda?

Answer 12

• Ensure it has an IAM execution role with proper policy (AWSX-RAYWriteOnlyAccess)
• Ensure xray is imported in the code
• Enable Lambda xray Active Tracing

Question 13

What is the difference between annotations and metadata in XRay?

Answer 13

Annotations - Key Value pairs used to index traces and use with filters
Metadata - Key Value pairs, not indexed, not used for searching

Question 14

What rules can you specify for XRay sampling?

Answer 14

The reservoir and rate:
Reservoir - by default, one request per second is recorded each second as long as the service is serving requests
Rate - by default, 5 percent is the rate at which additional requests beyond the reservoir size are sampled

Question 15

Why are the GetSamplingRules and other sampling requests found within the Write API?

Answer 15

The X-Ray daemon will poll for these rules and write them to the instance

Question 16

What Write action permissions does a resource need to use XRay?

Answer 16

• PutTraceSegments (to upload the segments)
• PutTelemetryRecords (to upload telemetry)
• GetSamplingRules/Targets/StatisticSummaries (to update the local sampling rules on the instance)

Question 17

What does the BatchGetTraces request do?

Answer 17

Retrieves a list of traces specified by ID. Each trace is a collection of segment documents that originates from a single request.

Question 18

What does the GetTraceSummaries do?

Answer 18

Retrieves IDs and annotations for traces available for a specified time frame using an optional filter. To get the full traces, use BatchGetTraces.

Question 19

What does the GetTraceGraph do?

Answer 19

Retrieves a service graph for one or more specific trace IDs

Question 20

How do you enable XRay daemon in Beanstalk?

Answer 20

Setting the XRayEnabled property to true in the .ebextenstions/xray-daemon.config file (must also make sure the instance profile has the correct IAM permissions, and that your code is instrumented with the XRay SDK)

Question 21

What are the common patterns for setting up XRay in ECS and Fargate?

Answer 21

• XRay Container as a Daemon: One XRay container per EC2 instance
• XRay Container as a ‘Side Car’: One XRay container per Application container
  Fargate only allows the side car pattern.

Question 22

How would you set up the task definition for XRay in an EC2 instance?

Answer 22

• Set up a port mapping for a containerPort with protocol UDP
• Add an environment variable called AWS_XRAY_DAEMON_ADDRESS with the value “xray-daemon:{port_number}”
• Add a link for xray-daemon

Question 23

What does CloudTrail provide?

Answer 23

A history of events / API calls made within your AWS account by the console, SDK, CLI or AWS services

Question 24

What are Management events?

Answer 24

Operations that are performed on resources in your AWS account

Question 25

What are Data Events?

Answer 25

High volume operations such as S3 object-level activity (e.g., Get, Delete, PutObject) or Lambda function execution activity (Invoke)

Question 26

What are CloudTrail Insights?

Answer 26

Events that indicate unusual activity in your account
- inaccurate resource provisioning
- hitting service limits
- bursts of AWS IAM actions
- gaps in periodic maintenance activity

Question 27

How does CloudTrail Insights work?

Answer 27

Analyzes normal management events to create a baseline
- From there, continously analyses write events to detect unusual patterns

Question 28

How long are events stored in CloudTrail, and how can you increase this?

Answer 28

Stored for 90 days, but can log them to S3 and use Athena to analyse these.

Question 29

Describe the difference between CloudTrail, CloudWatch and XRay.

Answer 29

CloudTrail - Audit API calls to detect unauthorized calls or root cuase of changes.
CloudWatch - Metrics over time for monitoring, logs for application log, alarms for notifications on unexpected metrics.
XRay - Automated Trace Analysis, Latency/Errors/Fault analysis, request tracking across distributed systems.