CloudWatch, CloudTrail, AWS Config Flashcards by David Dugas

In CloudWatch, __________ is a variable to monitor (CPUUtilization, NetworkIn…)

Metric

How well did you know this?

Not at all

Perfectly

In CloudWatch, __________ is an attribute of a metric (instance id, environment, etc…).

Dimension

How well did you know this?

Not at all

Perfectly

Up to ______ dimensions per metric

How well did you know this?

Not at all

Perfectly

Metrics have __________

timestamps

How well did you know this?

Not at all

Perfectly

Can you define CloudWatch Log expiration policies?

YES
(never expire, 1 day to 10 years…)

How well did you know this?

Not at all

Perfectly

CloudWatch Logs can send logs to:

Amazon S3 (exports)
Kinesis Data Streams
Kinesis Data Firehose
AWS Lambda
OpenSearch

How well did you know this?

Not at all

Perfectly

Are CloudWatch logs encrypted by default?

YES

How well did you know this?

Not at all

Perfectly

For CloudWatch logs, can you setup KMS-based encryption with your own keys

YEs

How well did you know this?

Not at all

Perfectly

SDK, CloudWatch Logs Agent, CloudWatch Unified Agent
Elastic Beanstalk: collection of logs from application
ECS: collection from containers
AWS Lambda: collection from function logs
VPC Flow Logs:VPC specific logs
API Gateway
CloudTrail based on filter
Route53: Log DNS queries

CloudWatch Logs - Sources

How well did you know this?

Not at all

Perfectly

How long can log data take to become available for export?

12 hours

How well did you know this?

Not at all

Perfectly

Search and analyze log data stored in CloudWatch Logs
Example: find a specific IP inside a log, count occurrences of “ERROR” in your logs…
Provides a purpose-built query language
- Automatically discovers fields from AWS services and JSON log
  events
- Fetch desired event fields, filter based on conditions, calculate
  aggregate statistics, sort events, limit number of events…
- Can save queries and add them to CloudWatch Dashboards
Can query multiple Log Groups in different AWS accounts
It’s a query engine, not a real-time engine

CloudWatch Logs Insights

How well did you know this?

Not at all

Perfectly

CloudWatch Logs S3 export is ________ near-real time or real-time

NOT

How well did you know this?

Not at all

Perfectly

Get a real-time log events from CloudWatch Logs for processing and analysis

CloudWatch Logs Subscriptions

How well did you know this?

Not at all

Perfectly

Where can CloudWatch Logs Subscriptions Send to?

Kinesis Data Streams
Kinesis Data Firehose
Lambda

How well did you know this?

Not at all

Perfectly

filter which CloudWatch logs are events delivered to your destination

Subscription Filter

How well did you know this?

Not at all

Perfectly

Metrics exists only in the_________ in which they are created.

region

How well did you know this?

Not at all

Perfectly

Metrics ___________ be deleted, but they automatically expire after __________ if no new data is published to them.

cannot
15 months

How well did you know this?

Not at all

Perfectly

Each metric data point must be marked with a ________

timestamp

How well did you know this?

Not at all

Perfectly

The timestamp for a metric can be up to ________ in the past and up to _________ into the future.

two weeks
two hours

How well did you know this?

Not at all

Perfectly

If you do not provide a timestamp, CloudWatch creates a timestamp for you based on ______________

the time the data point was received

How well did you know this?

Not at all

Perfectly

By ___________, several services provide _______ metrics for resources. You can also enable _______________, or _____________

default
free
detailed monitoring
publish your own application metrics.

How well did you know this?

Not at all

Perfectly

Enables you to query multiple CloudWatch metrics and use math expressions to create new time series based on these metrics.

Metric math

How well did you know this?

Not at all

Perfectly

For EC2 metric: CloudWatch does not collect ____________ and ____________ metrics right from the get go. You need to install ___________ in your instances first to retrieve these metrics.

memory utilization
disk space usage
CloudWatch Agent

How well did you know this?

Not at all

Perfectly

a name/value pair that uniquely identifies a metric.

Dimensions

How well did you know this?

Not at all

Perfectly

a custom metric can be classified as standard or high

Resolution

2 types of CloudWatch Resolutions

Standard Resolution High Resolution

- Data with a granularity of one minute. - Default metrics produced by AWS services.

Standard Resolution

- Data with a granularity of one second. - Provides more insight into your application’s sub-minute activity.

High Resolution

metric data aggregations over specified periods of time.

Statistics

A ________ is the length of time associated with a specific CloudWatch statistic. The default value is ________ seconds.

period 60

Each statistic has a ____________.

unit of measure

Metric data points that specify a unit of measure are aggregated _______.

separately

You can specify a unit when you create a custom metric. If you do not specify a unit, CloudWatch uses __________ as the unit.

None

CloudWatch aggregates statistics according to ________ that you specify when retrieving statistics.

the period length

For large datasets, you can insert a pre-aggregated dataset called a ___________.

statistic set

6 CloudWatch Statics

Minimum Maximum Sum Average SampleCount pNN.NN

The lowest value observed during the specified period. You can use this value to determine low volumes of activity for your application.

Minimum

The highest value observed during the specified period. You can use this value to determine high volumes of activity for your application.

Maximum

All values submitted for the matching metric added together. Useful for determining the total volume of a metric.

Sum

The value of Sum / SampleCount during the specified period. By comparing this statistic with the Minimum and Maximum, you can determine the full scope of a metric and how close the average use is to the Minimum and Maximum. This comparison helps you to know when to increase or decrease your resources as needed.

Average

The count (number) of data points used for the statistical calculation.

SampleCount

The value of the specified percentile. You can specify any percentile, using up to two decimal places (for example, p95.45). Percentile statistics are not available for metrics that include any negative values.

pNN.NN

indicates the relative standing of a value in a dataset. They help you get a better understanding of the distribution of your metric data.

Percentiles

watches a single metric over a specified time period, and performs one or more specified actions, based on the value of the metric relative to a threshold over time.

Alarms

You can create an alarm for monitoring .......

CPU usage load balancer latency for managing instances billing alarms.

When an alarm is on a dashboard, it turns ______ when it is in the ALARM state.

red

2 Alarm States

OK Alarm Insufficient_Data

The metric or expression is within the defined threshold.

The metric or expression is outside of the defined threshold.

Alarm

The alarm has just started, the metric is not available, or not enough data is available for the metric to determine the alarm state.

Insufficient_Data

You can also monitor your estimated ________ by using Amazon CloudWatch Alarms.

AWS charges

When you create an alarm, you specify three settings (3)

Period Evaluation Period Datapoints to Alarm

is the length of time to evaluate the metric or expression to create each individual data point for an alarm. It is expressed in seconds.

Period

is the number of the most recent periods, or data points, to evaluate when determining alarm state.

Evaluation Period

is the number of data points within the evaluation period that must be breaching to cause the alarm to go to the ALARM state. The breaching data points do not have to be consecutive, they just must all be within the last number of data points equal to Evaluation Period.

Datapoints to Alarm

For each alarm, you can specify CloudWatch to treat missing data points as any of the following ........ (4)

missing notBreaching breaching ignore

the alarm does not consider missing data points when evaluating whether to change state (default)

missing

missing data points are treated as being within the threshold

notBreaching

missing data points are treated as breaching the threshold

breaching

the current alarm state is maintained

ignore

Customizable home pages in the CloudWatch console that you can use to monitor your resources in a single view, even those spread across different regions.

CloudWatch Dashboard

There is _______ on the number of CloudWatch dashboards you can create.

no limit

All dashboards are ________ not region-specific.

Global

Can you can your CloudWatch Dashboards with users who do not have direct access to your AWS account

YES

- Share a single dashboard and designate specific email addresses and passwords of the people who can view the dashboard. - Share a single dashboard publicly, so that anyone who has the link can view the dashboard. - Share all the CloudWatch dashboards in your account and specify a third-party SSO provider for dashboard access. All users who are members of this SSO provider’s list can access the dashboards in the account. To enable this, you integrate the SSO provider with Amazon Cognito.

Ways to share your CloudWatch Dashboard

By default, will logs from your EC2 machine will go to CloudWatch

What do you need to run on EC2 to push the log files you want?

CloudWatch agent

Can CloudWatch log agent can be setup on-premises???

YES

2 types of CloudWatch Agents?

CloudWatch Logs Agent CloudWatch Unified Agent

* Old version of the agent * Can only send to CloudWatch Logs

CloudWatch Logs Agent

* Collect additional system-level metrics such as RAM, processes, etc... * Collect logs to send to CloudWatch Logs * Centralized configuration using SSM Parameter Store

CloudWatch Unified Agent

Collected directly on your Linux server / EC2 instance

CloudWatch Unified Agent

CloudWatch Unified Agent – Metrics (6)

* CPU (active, guest, idle, system, user, steal) * Disk metrics (free, used, total), Disk IO (writes, reads, bytes, iops) * RAM (free, inactive, used, total, cached) * Netstat (number of TCP and UDP connections, net packets, bytes) * Processes (total, dead, bloqued, idle, running, sleep) * Swap Space (free, used, used %)

3 CloudWatch Alarm Targets

* Stop,Terminate, Reboot, or Recover an EC2 Instance * Trigger Auto Scaling Action * Send notification to SNS (from which you can do pretty much anything)

CloudWatch Alarms are on a ________ metric

single

Composite Alarms are monitoring the states of _____________ alarms

multiple other

Can alarms be created based on CloudWatch Logs Metrics Filters

YES

Deliver near real-time stream of system events that describe changes in AWS resources.

Amazon EventBridge

Events respond to these operational changes and take corrective action as necessary, by sending messages to respond to the environment, activating functions, making changes, and capturing state information.

Amazon EventBridge

2 concepts of Amazon EventBridge

Events Targets Rules

Amazon EventBridge - indicates a change in your AWS environment.

Events

Amazon EventBridge – processes events.

Targets

Amazon EventBridge – matches incoming events and routes them to targets for processing.

Rules

Extends the capabilities of CloudWatch Events by enabling customers to connect data from their own apps and third-party SaaS apps, making it easier to connect applications.

Amazon EventBridge

Schedule: Cron jobs (scheduled scripts) Event Pattern: Event rules to react to a service doing something Trigger Lambda functions, send SQS/SNS messages...

Amazon EventBridge (formerly CloudWatch Events)

Allows you to generate code for your application, that will know in advance how data is structured in the event bus

Schema Registry

* Collect, aggregate, summarize metrics and logs from containers * Available for containers on... * Amazon Elastic Container Service (Amazon ECS) * Amazon Elastic Kubernetes Services (Amazon EKS) * Kubernetes platforms on EC2 * Fargate (both for ECS and EKS) * In Amazon EKS and Kubernetes, it is using a containerized version of the CloudWatch Agent to discover containers

CloudWatch Container Insights

* Monitoring and troubleshooting solution for serverless applications running on AWS Lambda * Collects, aggregates, and summarizes system-level metrics including CPU time, memory, disk, and network * Collects, aggregates, and summarizes diagnostic information such as cold starts and Lambda worker shutdowns * it is provided as a Lambda Layer

CloudWatch Lambda Insights

* Analyze log data and create time series that display contributor data. * See metrics about the top-N contributors * The total number of unique contributors, and their usage. * This helps you find top talkers and understand who or what is impacting system performance. * Works for any AWS-generated logs (VPC, DNS, etc..) * For example, you can find bad hosts, identify the heaviest network users, or find the URLs that generate the most errors. * You can build your rules from scratch, or you can also use sample rules that AWS has created – leverages your CloudWatch Logs * CloudWatch also provides built-in rules that you can use to analyze metrics from other AWS services.

CloudWatch Contributor Insights

* Provides automated dashboards that show potential problems with monitored applications, to help isolate ongoing issues * Your applications run on Amazon EC2 Instances with select technologies only (Java, .NET, Microsoft IIS Web Server, databases...) * And you can use other AWS resources such as Amazon EBS, RDS, ELB, ASG, Lambda, SQS, DynamoDB, S3 bucket, ECS, EKS, SNS, API Gateway... * Powered by SageMaker * Enhanced visibility into your application health to reduce the time it will take you to troubleshoot and repair your applications * Findings and alerts are sent to Amazon EventBridge and SSM OpsCenter

CloudWatch Application Insights

* ECS, EKS, Kubernetes on EC2, Fargate, needs agent for Kubernetes * Metrics and logs

CloudWatch Container Insights

Detailed metrics to troubleshoot serverless applications

CloudWatch Lambda Insights

Find “Top-N” Contributors through CloudWatch Logs

CloudWatch Contributors Insights

Automatic dashboard to troubleshoot your application and related AWS services

CloudWatch Application Insights

* Provides governance, compliance and audit for your AWS Account * Is enabled by default! * Get an history of events / API calls made within your AWS Account by: * Console * SDK * CLI * AWS Services * Can put logs into CloudWatch Logs or S3 * It can be applied to All Regions (default) or a single Region. * If a resource is deleted in AWS, investigate this first!

AWS CloudTrail

* Operations that are performed on resources in your AWS account * Examples: * Configuring security (IAM AttachRolePolicy) * Configuring rules for routing data (Amazon EC2 CreateSubnet) * Setting up logging (AWS CloudTrail CreateTrail) * By default, trails are configured to log management events. * Can separate Read Events (that don’t modify resources) from Write Events (that may modify resources)

CloudTrail - Management Events

* By default, data events are not logged (because high volume operations) * Amazon S3 object-level activity (ex: GetObject, DeleteObject, PutObject): can separate Read and Write Events * AWS Lambda function execution activity (the Invoke API)

Data Events

Enable this to detect unusual activity in your account: * inaccurate resource provisioning * hitting service limits * Bursts of AWS IAM actions * Gaps in periodic maintenance activity

CloudTrail Insights

analyzes normal management events to create a baseline

CloudTrail Insights

Continuously analyzes write events to detect unusual patterns * Anomalies appear in the CloudTrail console * Event is sent to Amazon S3 * An EventBridge event is generated (for automation needs)

CloudTrail Insights

are stored for _________ in CloudTrail

90 days

To keep CloudTrail Events beyond this period, log them to ________ and use ___________

S3 Athena

* Helps with auditing and recording compliance of your AWS resources * Helps record configurations and changes over time

AWS Config

Questions that can be solved by AWS Config:

* Is there unrestricted SSH access to my security groups? * Do my buckets have any public access? * How has my ALB configuration changed over time?

AWS Config is a ________ service

per-region

Can AWS Config be aggregated across regions and accounts?????

YES

* Performance monitoring (metrics, CPU, network, etc...) & dashboards * Events & Alerting * Log Aggregation & Analysis

CloudWatch

* Record API calls made within your Account by everyone * Can define trails for specific resources * Global Service

CloudTrail

* Record configuration changes * Evaluate resources against compliance rules * Get timeline of changes and compliance

Config

For an Elastic Load Balancer - * Monitoring Incoming connections metric * Visualize error codes as % over time * Make a dashboard to get an idea of your load balancer performance

Cloudwatch

For an Elastic Load Balancer- * Track security group rules for the Load Balancer * Track configuration changes for the Load Balancer * Ensure an SSL certificate is always assigned to the Load Balancer (compliance)

Config

For an Elastic Load Balancer - * Track who made any changes to the Load Balancer with API calls

CloudTrail