Section 20: AWS Monitoring & Audit, CloudWatch, X-Ray and CloudTrail: X-Ray Flashcards by Anna Soto

What did Amazon EventBridge used to be called?

CloudWatch Events.

How well did you know this?

Not at all

Perfectly

What is Amazon EventBridge?

EventBridge is a serverless service that uses events to connect application components together, making it easier for you to build scalable event-driven applications. Event-driven architecture is a style of building loosely-coupled software systems that work together by emitting and responding to events. Event-driven architecture can help you boost agility and build reliable, scalable applications.

How well did you know this?

Not at all

Perfectly

About Amazon EventBridge.

A rule can run in response to an event, or at certain time intervals. For example, to periodically run an AWS Lambda function, you can create a rule to run on a schedule.What are the two types of scheduled rules? (Just names, you’ll describe them later).

Rate expression
Cron expression.

How well did you know this?

Not at all

Perfectly

Regarding Amazon EventBridge and creating rules, what’s a rate expression?

Rules that run at a regular rate
EventBridge runs these rules at regular intervals; for example, every 20 minutes.
To specify the rate for a scheduled rule, you define a rate expression.

How well did you know this?

Not at all

Perfectly

Regarding Amazon EventBridge and creating rules, what’s a cron expression?

Rules that run at specific times
EventBridge runs these rules at specific times and dates; for example, 8:00 a.m. PST on the first Monday of every month.
To specify the time and dates a scheduled rule runs, you define a cron expression.

How well did you know this?

Not at all

Perfectly

What are examples of Amazon EventBridge events?

An event indicates a change in an environment such as an AWS environment, a SaaS partner service or application, or one of your applications or services. The following are examples of events:
Amazon EC2 generates an event when the state of an instance changes from pending to running.
Amazon EC2 Auto Scaling generates events when it launches or terminates instances.
AWS CloudTrail publishes events when you make API calls.
Trigger Lambda functions, send SQS/SNS messages.

How well did you know this?

Not at all

Perfectly

What are Amazon EventBridge events used for? What’s an example.

Rules use event patterns to select events and send them to targets. An event pattern either matches an event or it doesn’t.
IAM root user sign in event -> sns topic with email notifications.

How well did you know this?

Not at all

Perfectly

What are some popular EventBridge (possibly rules) sources (and their corresponding example events)? (hint, there are six, but i’ll cut you a break and say 4/5 of them.)

ec2 instance (ex: start instance)
CodeBuild (ex: failed build)
s3 event (ex: upload object)
Trusted Advisor (ex: new Finding)
CloudTrail (ex: any API call)
Schedule or Cron (ex: every 4 hours)

How well did you know this?

Not at all

Perfectly

what are the exmple destinations for Amazon EventBridge Rules?

Compare: Lambda, AWS Batch, ECS Task
Integration: SQS, SNS, Kinesis Data Streams
Orchestration: AWS Step Functions, CodePipeline, CodeBuild
Maintenance: SSM, EC2 Actions

How well did you know this?

Not at all

Perfectly

Do you have the option to use a filter to determine which events Amazon EventBridge is gonna pass onto a destination? What are some filter examples.

Yes. For example, you can create an event pattern that matches an event when:
* A field of the event is within a specific numeric range.
* The event comes from a specific IP address.
* A specific field doesn’t exist in the event JSON.

Amazon EventBridge supports declarative content filtering using event patterns. With content filtering, you can write complex event patterns that only match events under very specific conditions.

How well did you know this?

Not at all

Perfectly

idk find some json stuff for amazon eventbridge rules. I know you’re a little struggly now.

How well did you know this?

Not at all

Perfectly

What are Amazon EventBridge event buses?

An event bus is a router that receives events and delivers them to zero or more destinations, or targets. Event buses are well-suited for routing events from many sources to many targets, with optional transformation of events prior to delivery to a target.

How well did you know this?

Not at all

Perfectly

When using Amazon EventBridge event buses, do you have the ability rep replay archived events?

Yes.

How well did you know this?

Not at all

Perfectly

When using Amazon EventBridge event buses, can you archive events (all/filter) sent to an event bus (indefinitely or set period)?

Yes

How well did you know this?

Not at all

Perfectly

When using Amazon EventBridge event buses, can event buses be accessed by aws accounts?

Yes. Event buses can be accessed by other AWS acounts using Resource-based policies?

How well did you know this?

Not at all

Perfectly

How do event buses work?

Event buses enable you to route events from multiple sources to multiple destinations, or targets.
At a high level, here’s how it works:
An event source, which can be an AWS service, your own custom application, or a SaaS provider, sends an event to an event bus.
EventBridge then evaluates the event against each rule defined for that event bus.
For each event that matches a rule, EventBridge then sends the event to the targets specified for that rule. Optionally, as part of the rule, you can also specify how EventBridge should transform the event prior to sending it to the target(s).
An event might match multiple rules, and each rule can specify up to five targets. (An event may not match any rules, in which case EventBridge takes no action.)

How well did you know this?

Not at all

Perfectly

Okay, so you want to use and amazon eventbridge event bus to um create a bus (figure out better words for this later) between eventbridge and other aws services. Do you use a default event bus, a partner event bus, or a custom event bus?

Default event bus

How well did you know this?

Not at all

Perfectly

Okay, so you want to use and amazon eventbridge event bus to um create a bus (figure out better words for this later) between eventbridge and some big-name non-aws aws services, like Saas providers/things zendesk and datadog. Do you use a default event bus, a partner event bus, or a custom event bus?

Partner event bus

How well did you know this?

Not at all

Perfectly

Okay, so you want to use and amazon eventbridge event bus to um create a bus (figure out better words for this later) between eventbridge and some apps you made (i presume they’re not hosted on aws). Do you use a default event bus, a partner event bus, or a custom event bus?

Custom event bus.

How well did you know this?

Not at all

Perfectly

What does Amazon EventBridge Schema Registry allow you to do?

The Schema Registry allows you to generate code for your app that will know in advance how data is structured in teh event bus.
Search a collection of schemas that can be leveraged by developers in your organization. EventBridge allows you to add schemas manually or can automate the process by using schema discovery.
idk look into it later

How well did you know this?

Not at all

Perfectly

Can Amazon EventBridge Schema Registry schemas be versioned?

Yes

How well did you know this?

Not at all

Perfectly

T/F can EventBridge analyze the events in your bus and infer the schema?

yea. also, look into this later. idk if it’s important.

How well did you know this?

Not at all

Perfectly

What do amazon eventbridge resource based policies do? example? (it’s okay if you give the use case, i’ll provide it just in case you do but i’m asking ask you about that later)

Manage permissions for a specific event bus
ex: allow/deny events from anoterh aws account or aws region
use case: aggregate all events from your aws org in a single aws account or aws region

How well did you know this?

Not at all

Perfectly

What is a use case for an amazon EventBridge - Resource-based Policy? (i’ll provide the example, just in case you answer that one instead. honestly i don’t quite get the different at this point.)

use case: aggregate all events from your aws organization in a single aws account or aws region.
example: allow/deny events from another aws account or aws region.

How well did you know this?

Not at all

Perfectly

Okay so what's missing in this amazon eventbridge resource based policy json?

* events:putEvents (the quotes are already there) * arn:aws:events:us-east-1:1234567875:event-bus/central-event-bus. (quotes are already there)

# AWS EventBridge Can you create cross account access to a single event bus?

yep

What do you need to create EventBridge cross account access to a single event bus (it's called multi account aggregation)

a resource policy for the central account's event bus.

how does EventBridge multi account aggregation work?

Okay now it's x ray time. What's it look like X-Ray is for?

looks like it's some fancy new way to debug, but you don't have to test locally and add log statements everywhere and redploy in production

Does xray give you visual (also called graphical but, and call me a snob, that doesn't look like a graph to me) analysis of your applications?

yep

So what are the advantage sof using xray?

* troubleshooting performance (including bottlenecks) * understand dependencies in a microservices architecture * pinpiont service issues * review request behavior * find errors and exceptions * find out things like whether you're meeting time SLA, where you're getting throttled, identify users that are impacted.

What aws services is xray compatible with? (or which ones is it really popular with)

* aws lambda * elastic beanstalk * ecs * elb * api gateway * ec2 instances or any app server (even on premises)

Is x ray compatible with on-premise app servers?

Yea

* Does x ray use tracing? * what's tracing (the tiny explaination version)?

* yea * it's an end to end way of following a "request"

xray tracing: flush out lines associated with the following terms: * segments * annotations

* segments: tracing is made of segments (and sub segments) * annotations can be added to traces to provide extra information

# about xray: T/F Each component dealing with the request adds it's own trace

true

# Xray T/F * xray gives you the ability to trace every request * xray gives you the ability to trace a sample of requests (as a percentage for example or a rate per minute)

* T * T

what are the two aws services you're gonna need for xray?

* IAM for authorization (it totally is an aws service) * KMS for encryption at rest (so KMS is a thing outside of aws - key management service (ex, gcp has their own) but it turns out AWS KMS is, you know, i beleive classified as another aws service)

What kind of things does the aws xray sdk capture (4 examples)?

* calls to aws services * http/https requests * database calls (MySQ, PostgreSQL, DynamoDB) * Queue calls (SQS)

When you want to use aws xray sdk, do you need to modify a lot of code?

slides say nope.

how does the xray daemon work?

the aws xray daemon works as a low level udp packet interceptor (linux/windows/mac)

# T/F about xray Each application must have the IAM rights to write data to xray.

True

Does aws lambda/other aws services run xray daemon for you?

Yea. I know that's a little vague. In case you want to look into it later, the exact sentence is "AWS Lambda / other AWS services already run teh X-Ray daemon for you".

How often can an xray daemon running on a machine (say an ec2 instance) send batch (which I suspect is shorthand for send 'a batch of information' to aws xray?

every 1 second.

Say you're on an ec2 instance. You have an application code and xray sdk running on that instance. it sends traces to what?

the xray daemon also running on the same machine (double check that, or actually do it so you know for sure.)

How do you enable xray?

1. your code (Java, Python, Go, Node.js, .NET) must import the AWS xray sdk. (don't worry about the languages, i'll ask you about those later) 2. install the xray daemon or enable xray aws integration

Just talk about this.

Just in case it's a selling point, is the ideal behind xray's visual display that even non technical people can help troubleshoot?

yea.

# about xray: T/F is the service map (that visual) computed from all segments and traces?

About troubleshooting xray (very meta). If xray is not working on an ec2 instance, what are the two things you should do?

1. ensure the ec2 iam role has the proper permissions 2. ensure the ec2 instance is running the xray daemon

About troubleshooting xray (again, meta) (honestly, this one seems less about troubleshooting and more about enabling but whatever). To enable xray on aws lambda (or things to do if xray isn't working with your aws lambda stuff), what 3 things should you do/check.

1. ensure it has an iam execution role with proper policy (AWSX-RayWriteOnlyAccess) 2. ensure that xray is imported in the code 3. enable Lambda X-Ray Active Tracing.

What's the policy you need to apply to the IAM execution role to enable xray on aws lambda?

AWSX-RayWriteOnlyAccess

What's the aws xray (at least slide version) def of instrumentation

Instrumention means the measure of product's performance in order to diagnose errors and write trace information (gotta cite the wiki cuz the slide version was actually written in a non-viable-sentancey way https://en.wikipedia.org/wiki/Instrumentation_(computer_programming) )

To instrument yor application code you use the *fill in the blank*

xray SDK

# T/F, regarding xray Do many sdks only require configuration changes?

Yea

T/F: you can modify your app code to customize and (sorry, these last couple slides have not been vetted for grammar/syntax usage, so you might want to check these things out) I bet the word is supposed to be *annotate* but *annotation* is the word that was used, and also i'm not sure whether it's the same definition of annotation being used (like I don't think it's @Query we're talking about here). anyway, so the exact quote is "annotation the data that the SDK sends to xray using interceptors, filters, handlers, middleware"

What kind of instrumentation can you use to get xray to work? (like the three categories - if you can provide the names and read the answer we'll call that a 4 out of 5)

Auto instrumentation – instrument your application with zero code changes, typically via configuration changes, adding an auto-instrumentation agent, or other mechanisms. Library instrumentation – make minimal application code changes to add pre-built instrumentation targeting specific libraries or frameworks, such as the AWS SDK, Apache HTTP clients, or SQL clients. Manual instrumentation – add instrumentation code to your application at each location where you want to send trace information.

xray sdk provides interceptors to...?

add to your code to ttrace incoming http requests

xray sdk provides client handlers to...?

client handlers to instrument AWS SDK clients that your application uses to call other AWS services

xray sdk provides an http client to...?

An HTTP client to instrument calls to other internal and external HTTP web services

aws xray uses filter expressions to:

Use filter expressions to view a trace map or traces for a specific request, service, connection between two services (an edge), or requests that satisfy a condition. X-Ray provides a filter expression language for filtering requests, services, and edges based on data in request headers, response status, and indexed fields on the original segments.

T/F: When you add the middleware to your application and configure a segment name, the X-Ray SDK for Python creates a segment for each sampled request. This segment includes timing, method, and disposition of the HTTP request. Additional instrumentation creates subsegments on this segment.

T. The X-Ray SDK for Python supports the following middleware to instrument incoming HTTP requests: Django Flask Bottle

idk think about whether you want to ask a question about this code snippet (it's an example for node.js and express (in a slide about instrumentation in your code))

fls;kadjf

xray concepts (answering with the slide definition, but honestly I don't love them and you might want to see if there are any clearer definitions): * what are segments? (it's like annoyingly vague)

things each app/service sends (i suppose to xray is the location)

xray concepts (answering with the slide definition, but honestly I don't love them and you might want to see if there are any clearer definitions): * when do you use subsegments

for when you need more details in your segment. ## Footnote idk see if there's an example you can find?

xray concepts (answering with the slide definition, but honestly I don't love them and you might want to see if there are any clearer definitions): * what's a trace?

segments collected together to form an end to end trace

xray concepts (answering with the slide definition, but honestly I don't love them and you might want to see if there are any clearer definitions): * why use sampling?

To decrease the amount of requests sent to xray and reduce costs

xray concepts (answering with the slide definition, but honestly I don't love them and you might want to see if there are any clearer definitions): * what are annotations?

key value pais used to index traces and use with filters

xray concepts (answering with the slide definition, but honestly I don't love them and you might want to see if there are any clearer definitions): * what is metadata

key value pairs *not* indexed, not used for searching

the xray daemon / agent has a config you can use to send traces cross accounts. * T/F: this allows you to have a central account for all your app tracing * T/F: you need to make sure the IAM permissions are correct - the agent will assume the role.

True and true.

Okay, with Xray sampling rules can you control the amount of data you record?

yes

with xray sampling can you modify sampling rules without changing your code?

Yes.

# xray sampling By default, the xray sdk records the *blank 1* and *blank 2* of any additional requests.

1. first request each second 2. five percent

# xray sampling t/f one request per second is the reservoir, which ensures that at least one trace is recorded each second as long as the service is serving requests.

True

# xray sampling What is the rate (aka fixed rate) at which additional requests beyond the reservoir size are sampled?

5%.

Can you create your own xray custom sampling rules?

Yea

What do you need to create your own xray custom sampling rules?

Reservoir and rate values.

Fill in the question marks of an example of an xray custom sampling rule for a higher minimum sampling rate for posts . * rule name - POST minimum * Priority - 100 * Reservoir - ? * Rate - ? * Service name - asterisk * Host - asterisk * HTTP method - POST * URL path - asterisk * Resource ARN - asterisk

* Reservoir - 10 * Rate - 0.10

Fill in the question marks of an example of an xray custom sampling rule to create a debugging rule to trace all requests for a problematic route (a high priority rule applied temporarily for debugging). * rule name - DEBUG - history updates * Priority - 1 * Reservoir - ? * Rate - ? * Service name - Scorekeep * Host - asterisk * HTTP method - PUT * URL path - /history/asterisk * Resource ARN - asterisk

* Reservoir - 1 * Rate - 1

xray sampling rules - what is the priority range (min to max values) and which value has the highest priority.

priority range: 1 - 9999 highest priority: 1 lowest priority: 9999

about xray sampling rules: 1. what is the def of reservoir size? 2. what is the def of fixed rate

1. max number of requests to sample per second. 2. rate of sampling to allow after exceeding the reservoir size

what's the IAM policy that the xray daemon needs to have so it's authorized to make the correct API calls to function (make write api calls) correctly?

arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess

What are the xray write APIs (just names) used by the xray daemon? (there are 5 main ones mentioned in the slides)

* PutTraceSegments * PutTelemetryRecords * GetSamplingRules * GetSamplingTargets * GetSamplingStatisticSummaries

What is xray write API PutTraceSegments used for?

to upload segment documents to aws xray

What is xray write api PutTelemetryRecords used by/for, and what are the three sub apis mentioned in the slides?

Used by the aws xray daemon to upload telemetry. The three sub apis are SegmentsReceivedCount, SegmentsRejectedCounts, and BackendConnectionErrors.

What is xray write api GetSamplingRules used for?

to retrieve all sampling rules (to know what/when to send)

This is the aws managed policy AWSXrayWriteOnlyAccess. IT gets used by the xray daemon so the daemon has permission to make necessary api calls. What's in the hidden section? hint: apis are PutTraceSegments, PutTelemetryRecords, GetSamplingRules, GetSamplingTargets and GetSamplingStatisticSummaries.

Okay, so what are the xray read apis (names only) that got mentioned in the slides?

* GetServiceGraph * BatchGetTraces * GetTraceSummaries * GetTraceGraph

What is the xray read api GetServiceGraph used to do?

Get main graph

What is the xray read api BatchGetTraces used to do?

retrieve a list of traces specified by ID. Each trace is a collection of segment documents that originates from a single request.

What is the xray read api GetTraceSummaries used to do?

Retrieve IDs and annotations for traces available for a spcified time frame using an optional filter. to get the full traces, pass the trace ID to BatchGetTraces.

What is the xray read api GetTraceGraph used to do?

Retrive a service graph for one or more specific trace ID

What is the arn for the aws managed policy for granting a user, group or role access to xray read apis?

arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess

T/F : aws elastic beanstalk platforms include the xray daemon

True

You can run the xray daemon by setting an option in the elastic beanstalk console or with a configuration file in .ebextensions/xray-daemon.config. What's in the config file?

If you want to use xray to monitor an application deployed using elastic beanstalk, do you still need to worry about giving your elastic beanstalk instance profile the correct IAM permissions so that the xray daemon can function correctly?

Yes

If you want to use xray to monitor an application deployed using elastic beanstalk and you've already given your instance profile the correct iam permissions so that the xray daemon can function correctly, what else do you need to do?

You need to make sure the application code is instrumented with the xray sdk.

What two things do you need to do to make sure xray can monitor an app you have deployed on an elastic beanstalk instance?

1. make sure you give your instance profile the correct iam permissions so that the xray daemon can function correctly. 2. make sure your application code is instrumented with the xray sdk.

Elastic Beanstalk platforms provide a configuration option that you can set to run the [xray] daemon automatically. However, there is one type of elastic beanstalk platform that aws does not provide the xray daemon for (does not give the config for setting up automatically). Which is that?

xray daemon is not provided (no option for having it setup automatically) for Multicontainer Docker (Amazon ECS) platform

okie dokie lets talk about xray and ecs. There are three main ways/patterns for integrating xray with ecs. What are they? (There are three of them.) (Just names, we'll talk details later.)

* ECS Cluster - xray container as daemon * ecs cluster - xray container as a side car * fargate cluster - xray container as a side car.

Okay, i think i've asked this before, but what's a daemon

"In multitasking computer operating systems, a daemon is a computer program that runs as a background process, rather than being under the direct control of an interactive user. Wikipedia" ## Footnote https://en.wikipedia.org/wiki/Daemon_(computing)

What's a sidecar?

Sidecars are supporting processes or services that are deployed with the primary application. On a motorcycle, the sidecar is attached to one motorcycle, and each motorcycle can have its own sidecar. In the same way, a sidecar service shares the fate of its parent application. ## Footnote https://learn.microsoft.com/en-us/azure/architecture/patterns/sidecar

what's the visual you should think of when people talk about using the ecs cluster (with ec2 instances) - xray integration option with the xray container as a daemon?

what's the visual you should think of when people talk about using the ecs cluster (with ec2 instances) - xray integration option with the xray container as a side car?

what's the visual you should think of when people talk about using the fargate cluster - xray integration option with the xray container as a side car?

About ecs + xray. This is an example task definition. What goes in the yellow? ## Footnote Note that the close scope curly brace is totally there, it's just cut off. It's not super important, just wanted to mention in case you got fixated on that.