Monitoring & Audit: CloudWatch, X-Ray, and CloudTrail

Question 1

What are the main uses for the following 3 services?
1. CloudWatch
2. X-Ray
3. CloudTrail

Answer 1

CloudWatch - Metrics, Logs, Events, and alarms
X-Ray - Troubleshooting perofrmance and errors
CloudTrail - Monitoring of API calls and auditing changes to AWS resources

Question 2

What is a CloudWatch metric?
What do CloudWatch metrics belong to?
What does is a Dimension in respect to a metric?

Answer 2

• It is a variable to monitor
• Metrics belong to a namespace
• A dimension is an attribute of a metric (like instance id, environment)

Question 3

Which API call can you use to create a CloudWatch custom metric?

Answer 3

PutMetricData and define dimensions and metric resolution (StorageResolution)

Question 4

What timespan will CloudWatch accept metrics from?

Answer 4

2 weeks in the past and 2 hours in the future.

Note: You should check your ec2 instance time to make sure its correct

Question 5

Answer the following about CloudWatch logs:
1. What is a Log group
2. What is a Log stream
3. Where can Logs be sent to?

Answer 5

1. Typically represents an application logs belong to
2. Instances within the application
3. They can be sent to s3, data streams, data firehose, aws lambda

Question 6

Suppose you want to stream CloudWatch logs into an AWS service, when would you use each of the following AWS services?
1. Lambda
2. Kinesis Data Firehose
3. Kinesis Data Streams

Answer 6

1. Sending realtime data to Open Search Service
2. Sending near realtime data to S3 or Open Search Service
   3.

Question 7

How would you aggregate CloudWatch logs from multiple accounts and regions?

Answer 7

Stream data from multiple CloudWatch logs into Kinesis Data Streams and then into Kinesis Data Firehose which exports to Amazzon S3

Question 8

What must you configured to send logs from EC2 to CloudWatch?

Answer 8

1. Run a CloudWatch agent on EC2
2. Make sure IAM permissions are correct

Question 9

What is the difference between CloudWatch Logs Agent and CloudWatch Unified Agent?

Answer 9

CloudWatch Logs Agent - Only used for logs
CloudWatch Unified Agent - Can send metrics and logs

Question 10

Do CloudWatch Metric Filters retroactively filter data?

Answer 10

No! Filters only publish the metric data points for events that happen after the filter was created

Question 11

What are the 3 states for a CloudWatch alarm?

Answer 11

1. OK
2. INSUFFICIENT_DATA
3. ALARM

Question 12

What are the 3 main CloudWatch alarm targets?

Answer 12

1. Stop, Teriminate, Reboot, or Recover an EC2 instance
2. Triger an ASG action
3. Send a notification to SNS

Question 13

How can you create a metric that alerts based on multiple other CloudWatch alarms?

Answer 13

Use composite alarms with AND or OR conditions on other alarms

Question 14

What statuses of an EC2 instance might you monitor in CloudWatch?

Answer 14

1. Instance status (EC2 VM)
2. System status (underlying hardward)
3. Attached EBS status (attached EBS volumes)

Question 15

Suppose you want to trigger a CloudWatch alarm based on recieving too many logs containing the string “Error”, how would you achieve this?

Answer 15

Create a CloudWatch metric filter that checks the log contains the string, and then a CloudWatch alarm ontop of this metric filter.

Question 16

What is CloudWatch Synthetics Canary?

Answer 16

Allows you to programmatically test what users may do on your application using Canary Blueprints