Monitoring Flashcards
1
Q
Differences between the CloudWatch applications? (Logs, Alarms, Events)
A
Logs: cotains log files, can set alarm and react to changes in AWS resources - can be viewed in real time
Alarms: Monitors a single metric and perfoms actions of it
Events: near real time stream of system events
2
Q
What is free of charge in monitoring?
A
3 Dashboards Basic monitoring for EC2 instances Metrics for EBS, ELB and RDS 50 metrics, 10 alarms 1 mio. API requests 5min Refresh Rate
3
Q
Is CloudWatch inter-regional?
A
Metrics are only available for one region
4
Q
Ways to create custom metrics
A
PutMetricData API
monitoring scripts for Win. / Linux
Applications from the AWS Partner Network
5
Q
How is the retention for the metrics (outside of Cloudwatch Logs)
A
1 min for 15 days
5 min for 63 days
1 hr for 455 days
Metrics cannot be deleted - they expire after 15month if no data is incoming
6
Q
What are the reasons for a system status checks to fail?
A
Loss of network connectivity
Loss of system power
Software issues of host system
Hardware issues of the host
7
Q
What are the reasons for instance status failures?
A
Network configuration issues Incorrect configurations of the OS Exhausted memory Corrupt file system Kernel issues
8
Q
What is the purpose of CloudWatch Alarms?
A
Initiate automatic action in response to a predefined condition of a single metric
9
Q
What are the status of CloudWatch Alarms?
A
OK
ALARM
INSUFFICIENT_DATA
10
Q
When are events created?
A
Change in AWS resource status (for example EC2 instance stopping)
Events sent by CloudTrail, user login e.g.
Issued by a scheduled (cron) basis
11
Q
What is the Cost Explorer?
A
Review of the costs of the last 13 month and a forecast of the next 3
It also generates detailed CSV reports
12
Q
How are inter-regional Trails managed?
A
All trails are applied to all regions by default, but it is not one trail but a copy to all regions
13
Q
What can be done with AWS Config?
A
Create snapshot of current environments
Historical configurations
Notifications then resources change
See relations between resources
14
Q
What is the maximum number of months of history that AWS Cost Explorer displays?
A
13 months
15
Q
What are the basic metrics of EC2?
A
CPUCreditBalace
CPUUtilization
Network In / Network Out
16
Q
What are the basic metrics of EBS?
A
Volume IdleTime
V. ReadBytes / ReadOps
V WriteByte / WriteOps
17
Q
What are the basic metrics of an ALB?
A
Active Connections Rejected Connections (Un)HealthyHostCounts Status Codes RequestCounts
18
Q
What are the basic metrics of RDS?
A
CPUUtilization
ReadIOPS / WriteIOPS
Free Space
Active DB Connections
19
Q
What is the definition of a custom metric?
A
- Anything generated inside the OS
- Coming from outside the resources - as long as it has access to the CloudWatch Service API
- Application Metrics like RAM or Disk Space
20
Q
What is needed to push custom metrics?
A
CloudWatch Agent or scripts/SDK
Appropriate IAM access
21
Q
What action should be taken if an EC2 instance (behind a ASG) is in an alarm state?
A
Terminate the instance - the auto scaling group will boot another one
22
Q
What are the EBS Volume Status Checks? (non prov. IOPS)
A
oka
warning
impared
insufficient-data
23
Q
What are (some) RDS status checks?
A
Available Backing Up Creating / Deleting Failed Mainenance Rebooting
24
Q
Which arichtectural choice improve network performance?
A
Single AZ
Placement Groups
Enhances Networking
Keeping Traffic in the VPC
25
What can be performance bottlenecks and how to get notified?
```
Undersized NAT instances
Undersized RDS instances
Undersized EC2 instances
Old EC2 instance types
Underprovisioned EBS volumes
Static assets from EC2
```
The Trusted Advisor report can locate bottlenecks
26
List Cloud Watch Event Targets
```
SNS Topics
EC2 Instances
Lambda functions
Kinesis Data Streams
ECS tasks
System Manager commands
AWS Batch jobs
CodePipeline for deployments
Inspector for assessments
```
27
What services have built-in CloudWatch Log support? (Store the logs in CW)
Route53
CloudTrail
Lambda
API Gateway
28
What are services for CloudWatch Logs Custom Sources?
EC2 Applications
On-Premis Service
Other cloud resources
29
What are the steps to install the CloudWatch Logs Agent
Single command install
Configure configureation file
Take and push the Metric
30
What are the options to automate the install of the CloudWatch Logs Agent?
Include in AMI
Include in EC2 user-data
Include in configuration management tool like Ansible or Chef
Via the AWS Systems Manager Agent command
31
What services log in S3 Buckets
S3
CloudFront
ELB
32
In what logs can CloudTrail put its logs?
Logs in S3 and CloudWatch Logs
33
What are the intervals for tracking metrics in Cloudwatch?
5min for basic
| 1min for details
34
What are the host level metrics tracked in Cloudwatch?
CPU
Network
Disk
Status Checks
35
What the general difference between basic and custom metric?
basis: AWS has knowledge
custom: AWS has no knowledge
36
How long are metrics kept in CLoudWatch Logs?
Indefinitely or a custom duration
37
What are ELB access logs?
Optional loggin for load balancers. Stores logging information in S3.
Captures IP, latency, requests and Server response.
It can be used for example to trace requests to ec2 instances that have been terminated in the meantime.
38
What should be monitored for ElastiCache?
CPU Utilization
Evictions
Swap Usage
Concurrent Connections
39
How to create a CloudWatch dashboard across regions?
Just create it in one region, it will be available in other regions as well (with the data from the region the widget is created from)
40
What is the purpose of AWS Organizations?
- Manage policies across accounts
- Control access to Services (Using SCPs)
- Account management (Creation and Managing)
- Consolidate Billing
41
What has precedence: an SCP or IAM policy?
A deny in an SCP will overrule an allow in an IAM Policy
42
What is the tree structure of AWS Organizations?
Root
Organizational Unit(s)
AWS Accounts
43
What are Resource Groups?
AWS Service to group resources based on tags.
| Those can be used for example to automate / bulk tasks with the AWS System Manager
44
What are Cost Allocations Tags and how to use them?
You can select the Tags that are relevant for Billing such as Department or Team.
These can be used in the Cost Explorer and Billing/Cost Management Console
45
What are the three parts of configurations in AWS Config?
Configuration Items: Point in time attributes
Configuration Snapshots: Collection of the Items
Configuration Streams: Stream of Item changes
46
Is AWS Config inter-regional?
No, every region has its own data
| But you can aggregate the resgions/accounts
47
AWS Config: What are compliance checks and how to use them?
Config can check against a set of rules (about 40), for example, if unrestricted ssh access is allowed somewhere.
The check can be triggered periodically or when a configuration has changed.
To enable AWS config to do these checks it needs a role with read access to the resources and write access to S3 and SNS
48
Where can you find the Service Health Dashboard?
status.aws.amazon.com
49
What is the Personal Health Dashboard?
Global Dashboard to indicate how problems in AWS would affect services in the own account
50
What is needed for metrics to be tracked on On-Premise servers?
SSM agent
| CloudWatch agent
51
What is the AWS FlowLog?
- All VPCs monitored must be in the same account
- Not monitored: Metadata, DHCP, traffic to reserved IPs
- Data logged in CloudWatch (FlowLog needs permission to write)
- Can be streamed to Lambda or ElasticSearch
52
What are AWS Config Rules?
Checks for (non) compliant settings in services, for example open SSH ports in Security Groups or cloudtrail being enabled
53
Does AWS Config span multiple regions?
No, they need to be configured separately
| or include global services like S3
54
How are logs from AWS Config stored?
In a S3 bucket (same or different account)
| [BUCKET]/[OPTIONAL PREFIX]/AWSlogs/[ID]/config/[REGION]
55
How to get notified when a AWS Config rule is broken?
Create and subscribe to an SNS topic
56
What permissions are needed for AWS Config to work?
Config needs a role that has read-only access to the ressources and write access to the S3 bucket
57
What are the (two) trigger types in AWS Config?
Perioc (duration can be set - per default 24h)
on configuration change
NOTE: some rules cannot be set to on or both of the trigggers
58
How to install the CloudWatch Logging Agent?
1) Create a role and attach it to the instance
2) Download and install the agent on the instance
3) Configure and start the agent
59
How can a second account assume a role in another account?
- Create the role in the primary account
| - In the secondary account create a policy with the action sts:AssumeRole and link the first role as the Resource
60
What are S3 Access Logs?
Logs events made for the buckets and its objects.
| Not enabled per default.
61
What is the standard bucket name strucutre for CloudFront Logs?
[bucketname].s3.amazonaws.com/[optionalprefix]/[distributionid]/[YYY-MM-DD-HH].[uniqueid].gz
62
What are the limitations of VPC Flow Logs?
- You can only see VPC from your own account (if peered)
| - Flow logs cannot be edited after creation
63
Which traffic is not caputed by the Flow Logs?
- DHCP
- Amazon DNS Servers
- Router
- Metadata IPs (169.254.169.254/.123)
- Activation Servers
- Traffic between Network Load Balancer Interface and Endpoint Network Interface
64
Is the CloudWatch alarm for estimated charges limited to one Region?
No, it says US-East, but is summed up for alle regions
65
What are Cost Allocation Tags?
Selection of tags that are used for cost reporting.
| Needs to be enabled first, then the tags can be selected.
66
How can Tags be used for security?
Tags can be used in IAM policies to ensure a resource has the needed tag
67
What are Resource Groups?
A group of resources based on one or many tag (and value) combinations.
Can be used in IAM, since after creation a ARN is present.
68
Does AWS Config span regions?
No, the settings must be done for every region that config will be used
69
Inspector: With which service does AWS Inspector work with?
EC2
70
CloudWatch: What is a composite alarm?
Alarm states of other alarms that you have created. The composite alarm goes into ALARM state only if all conditions of the rule are met.
71
CloudWatch: What are Periods, Evaluation Periods and Datapoints to Alarm?
Period: Duration that will be checked
Evaluation Period: umber of the most recent periods, or data points, to evaluate
Datapoints to Alarm: number of data points within the Evaluation Periods that must be breaching to cause the alarm to go to the ALARM state
72
CloudWatch: How can missing data points be handled?
notBreaching – Missing data points are treated as "good" and within the threshold,
breaching – Missing data points are treated as "bad" and breaching the threshold
ignore – The current alarm state is maintained
missing – If all data points in the alarm evaluation range are missing, the alarm transitions to INSUFFICIENT_DATA.
73
CloudWatch: Anomaly Detection
Mines past metric data and creates a model of expected values.
You can choose whether the alarm is triggered when the metric value is above the band of expected values, below the band, or either above or below the band.
74
CloudWatch: What is necessary for CW to start, stop, terminate EC2 instances?
To set up a CloudWatch alarm action that can reboot, stop, or terminate an instance, you must use a service-linked IAM role, AWSServiceRoleForCloudWatchEvents.
The AWSServiceRoleForCloudWatchEvents IAM role enables AWS to perform alarm actions on your behalf.
75
CloudWatch: How to recover an instance using CloudWatch?
When the StatusCheckFailed_System alarm is triggered, and the recover action is initiated, you will be notified by the Amazon SNS topic that you chose when you created the alarm and associated the recover action. During instance recovery, the instance is migrated during an instance reboot, and any data that is in-memory is lost.
The recover action can be used only with StatusCheckFailed_System, not with StatusCheckFailed_Instance.
It is not supported and does not work with instances with Instance Store volumes
76
CloudWatch: What is a billing alert?
It is possible to set up an alarm in CW, that will sound when a given threshold is reached.
It triggers only when actual billing exceeds the threshold. It doesn't use projections based on your usage so far in the month.
77
CloudWatch: Can you use CW cross-account / cross-regional?
Yes, by sharing with single accounts or the entire organisation
78
CloudWatch: What can be done with the CloudWatch Agent?
- Collect more system-level metrics from Amazon EC2 instances
- Send data from on-premise instances
- Can be installed manually or wir the SSM
79
CloudWatch: What are High Resolution Custom Metrics?
Allows push push data to the log down to 1 sec - therefore Alarms can be triggered down to 10sec.
80
Trusted Advisor: What are the four categories that TA helps with?
Cost Optimization
Fault Tolerance
Performance
Security
81
Trusted Advisor: How are the data refreshed?
Automatically after 24h hours
| Manually every 5min for all or selected checks
82
Trusted Advisor: What are the three types of results of a check?
No action necessary
Investigation recommended
Action recommended
83
Inspector: What is the purpose of the AWS Inspector?
For EC2 Instances
Helps to identifiy security vulnerbilities based in hundreds of best pracitices
For it to work an agent has to be installed on the instance
84
What is needed to get metrics from an ELB?
Nothing, AWS will automatically send metrics from an ELB
85
What are ELB access logs?
Optional feature (disabled per default)
Will list:
- IP address
- Latency
- Request path
- Server response codes
86
What is Request Tracing?
For requests coming to the ELB, AWS adds the X-Amzn-Trace-Id to the header, which can be used to analyze the traffic from the client to the system.
Needs the ALB (not NLB or Classic LB)
87
If an instance has the tag name MyInstance and the tag Name AlsoMyInstance, which one will be shown the the Name column of the overview page?
AlsoMyInstance
| Tags are case sensitive and the overview page listens to "Name"
88
What are the two types of Resource Groups?
Tag based
| CloudFormation stack based
89
How to use Tags in the Cost Explorer?
(if organized in an Organisational Unit -> log in as root)
Select the Tags
Activate the Tags
Use Tag in the Explorer
90
Which service does Systems Manager integrate with to give you visibility of the overall health of your AWS infrastructure?
CloudWatch
91
By default, how frequently are ELB metrics published to CloudWatch?
If there are requests flowing through the load balancer, Elastic Load Balancing measures and sends its metrics in 60-second intervals. If there are no requests flowing through the load balancer or no data for a metric, the metric is not reported.
92
CloudTrail: How long are the trails stored by default and where?
In a non visible S3 Bucket fpr 7 days.
| If longer duration is needed an own bucket can be selected
93
CloudTrail: What are digest files?
Hash value that verifies the integrity of the logs.
94
Flow Log: What are the attributes in a log entry?
```
version
account-id
interface-id
srcaddr
dstaddr
srcport
dstport
protocol
packets
bytes
start
end
action
log-status
```
First Source, then Destination (both for port and IP)
95
Flow Log: Where can you send/save the data to?
Cloud Watch Logs
| S3
96
You would like to run a Lambda function at the same time every night. How could this be done?
Schedule an event in CloudWatch to trigger the function
97
What is the use-case for AWS X-Ray?
X-Ray can be used for adding code tracing support for both monolithic application code (e.g. a large Django monolithic project) and serverless (Lambda function) code.
98
Is it possible to use CloudWatch metrics to trigger auto-scaling based on SQS queue size?
yes
https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-using-sqs-queue.html
99
What is Request Tracing?
Used by the load balancer, Request Tracing can be used to track HTTP requests from clients to targets.
Tracked with the X-Amzn-Trace-Id parameter in the header.
100
CloudWatch Events:
What is the "target" and what services can be used?
```
The target is the action that is taken place when the event occurs, such as:
calling a lambda function,
sending an E-Mail with SNS
deploying Code or
activate a command in SSM
```
101
What can be the destinations for a VPC Flow Log?
S3 or CloudWatch Log Group
102
What are "units"?
Every metric has a unit, per default it is "none"
103
What is Aggregation?
When there are multiple data points published at the same timestamp, namespace / dimension AWS aggregates them for better visibility.
Only available for detailed monitoring and not across regions
104
How to get the status of all instances (cli)
aws ec2 describe-instance-status
105
CloudWatch: How to allow a user to only access certain EC2 instances to monitor
This is not possible
106
What are the (three) conditions, when an alarm is triggered?
- Reached a particular value
- stays over a threshold for a consecutive times
- stays on a consistent value multiple periods
107
What happens for Auto Scaling Groups / SNS when an alarm is triggered?
ASG: Will fire the event every time until the alarm is gone
SNS: Will only fire once
108
ElastiCache: What should be done if CPUUtilization is high?
Memcached: implement larger instance type or add more nodes
Redis: Add read replicas
109
ElastiCache: What should be done if the SwapUsage goes over 50mb?
Memached: Increase ConnectionOverhead
Redis: no recommendations atm
110
ElastiCache: What should be done if data is evicted?
Memcached: Scale up cluster or add nodes
Redis: Scale up cluster
111
ELB: What is the metric to track (un)healthy hosts?
HealthyHostCount
112
ELB: What are the SpilloverCount and the SurgeQueueLength?
SpilloverCount: Dropped requests because the surge queue is full
SurgeQueueLength: Count of requests that can wait to be handled
113
CloudWatch Events: When are events created? (four)
- AWS resource changed (instance stopped e.g.)
- Events from CloudTrail (failed login attempt)
- Code from applications that should be processed in CW Events
- On a scheduled basis
114
CloudWatch Events: What can be done to have a recurring Event-Check done?
Set up a scheduled (cron like) event
115
CloudWatch Logs: What is a Log Group?
Stream of data from multiple resources, such as a group of EC2 instances
116
CloudWatch Logs: What is the Retention Policy?
How long events are kept in the logs.
| From 1 day to 10years (option to keep them always)
117
What service can monitor costs and how to alert the customer?
Costs can be monitored with CloudsWatch in a billing alert, which can send a notification when the usage exceeds the limit.
Billing alerts can be created in the AWS Billing and Cost Management console
118
How to encrypt CloudTrail log files?
By default they are encrypted
119
Config: How to set up a custom rule?
The check will be created in AWS Config and will run as a custom Lambda function on change or in periodic intervals.
120
CloudWatch Events: What are the three components?
Events, Rules and Targets
121
What command can you type into the Amazon CLI to retrieve the Amazon EC2 instance namespace?
aws cloudwatch list-metrics --namespace AWS/EC2.
122
CloudWatch: How can you access Amazon CloudWatch? (four)
Amazon CloudWatch Console
AWS CLI
CloudWatch API
AWS SDK
123
CloudWatch: How many Alarms can you have in a region?
5000
124
CloudWatch: What are:
- Data Point
- Data Points to Alarm
- Evaluation Points
- Evaluation interval
Data Points: Metric to be checked
DP to Alarm: How many checks in on interval should be failed in order to raise the alarm (3 e.g)
Evaluation Point: How often should be checked (1min e.g.)
Evaluation interval: How long in total should be checked? (5min e.g.)
125
CloudWatch: What is a namespace in Amazon CloudWatch?
A logical grouping of Amazon CloudWatch metrics
126
CloudWatch: What are the supported Linux Distributions for the CLoudwatch Agent?
Amazon Linux
Ubuntu
Red Hat
Debian
127
CloudWatch: What (two) types of logs can be send from a Windows Server?
IIS Logs
| System Logs
128
CloudWatch: How to install the CW Agent on a Windows 2016 Server?
Via the Systems Manager
| The EC2 Config Service does not exist anymore.
129
CloudWatch: How is data encrypted?
Log data is encrypted in transit and at rest within Amazon CloudWatch. This requires
no special configuration on the part of a system administrator
130
Is there a way to create reports with billing data
| by usage, or the cost per individual log group?
Yes, using "detailed billing"
131
How many tags can you have in an Amazon CloudWatch log group?
50
132
CloudWatch: How would you enable / disable Amazon CloudWatch detailed monitoring via the AWS CLI?
aws ec2 monitor-instances --instance-ids
| aws ec2 unmonitor-instances --instance-ids
133
CloudWatch: How to get the total number of metrics tracked in a span of time?
SampleCount can give you the total number of metrics that are being used in a
statistical calculation. This can be helpful if you are trying to determine sample size
134
CloudWatch: Which two steps are necessary to be able to aggregate statistics across multiple instances?
- Enable detailed monitoring.
| - Choose the Amazon EC2 namespace and select Across All Instances.
135
How to get alerted when the use of resources goes out of AWS Free Tier?
Set up an AWS Free Tier alert in AWS Budgets
136
Where should you create an alarm for a failed Amazon EC2 status check failure?
Amazon EC2 Console
137
Amazon EC2 Console: For what metrics can you use High - Resolution metrics?
Custom Metrics (not pre-built metrics)
138
CloudTrail: How to automatically push the calls to new regions? (two)
- Select Yes to apply to all regions in the trail configuration page.
- In the CLI, you set the parameter IsMultiRegionTrail to True.
139
CloudTrail: Your boss wants you to create two separate trails in Amazon CloudWatch, one for
management and one for data.
Is this possible?
Yes, you can create two separate trails and separate management activity from data
activity.
140
Config: What are the periodic steps you can set up?
You can set periodic rules to run every 1, 3, 6, 12, or 24 hours
141
. Which account is used in AWS Organizations to create an organization, invite new AWS
accounts, and remove AWS accounts?
master
142
How can you get access to all of the checks within AWS Trusted Advisor?
Upgrade to Business-level support or
| Upgrade to Enterprise-level support.
143
Trusted Advisor continuously alerts on one of your resources.
Ensure that AWS Trusted Advisor no longer alerts on that resource. How can you
accomplish this?
Add an exclusion for reporting the resource at the resource level.
144
Inspector: What type of software can be checked by inspector?
Amazon Inspector can only find applications installed by the operating system’s
package manager. It can’t find applications installed by automation software like Chef,
Puppet. or Ansible
145
Inspector: What are the two report types?
Findings Report
| Full Report
146
What is the purpose of AWS GuardDuty?
Amazon GuardDuty allows you to monitor for threats by analyzing AWS CloudTrail
events, VPC Flow Logs, and DNS logs
147
Which AWS services classifies data in S3 and catalogs the normal behaviors from users
who are accessing that data?
Amazon Macie
148
Guard Duty: How long are findings stored?
90 days
149
With which tool can you query logs using regex?
Amazon CloudWatch Logs Insights
150
Which tool allows to display metric charts on a website or third party tool?
Amazon CloudWatch snapshot graphs
151
What ist needed for the Run Command in AWS Systems Manager?
| Open Ports / Remote Access?
Open Ports
152
What ist needed for the Session Manager AWS Systems Manager?
| Open Ports / Remote Access?
Session Manager within AWS Systems Manager allows remote console sessions via an
interactive web browser with no need to open inbound ports or use bastion hosts to access
your systems
153
What are the editions for QuickSight and how are they billed?
- Pay-per-session
- Enterprise and Standard
The Enterprise
Edition will support Active Directory groups from AWS Directory Service.
The Standard
edition allows you to invite IAM users, or users directly with an email address.
154
What is a benefit provided by Amazon Macie?
Visibility into the locations where you store data
155
You want to use CloudWatch to find the average CPU utilization for an instance over
a 30-minute period. The metric is updated every 5 minutes. Which statistic and period
should you use?
The Average statistic with a 30-minute period
