Cloud Monitoring

Section
Amazon CloudWatch Metrics

Amazon CloudWatch monitors your Amazon Web Services (AWS)

resources and the applications you run on AWS in real time

• CloudWatch provides metrics for every services in AWS

• Metric is a variable to monitor (CPU Utilization, NetworkIn…)
• Metrics have timestamps
• Can create CloudWatch dashboards of metrics
Example: CloudWatch Billing metric (us-east-1)
Metrics
Metrics are data about the performance of your systems

• EC2 instances: CPU Utilization, Status Checks, Network (not RAM)

• Default metrics every 5 minutes
• Option for Detailed Monitoring ($$$): metrics every 1 minute
• EBS volumes: Disk Read/Writes
• S3 buckets: BucketSizeBytes, NumberOfObjects, AllRequests
• Billing: Total Estimated Charge (only in us-east-1)
• Service Limits: how much you’ve been using a service API
• Custom metrics: push your own metrics
Amazon CloudWatch Alarms
• Alarms are used to trigger notifications for any metric
• Alarms actions…
• Auto Scaling: increase or decrease EC2 instances “desired” count
• EC2 Actions: stop, terminate, reboot or recover an EC2 instance
• SNS notifications: send a notification into an SNS topic
• Various options (sampling, %, max, min, etc…)
• Can choose the period on which to evaluate an alarm
• Example: create a billing alarm on the CloudWatch Billing metric
• Alarm States: OK, INSUFFICIENT_DATA, ALARM
Amazon CloudWatch Logs
• CloudWatch Logs can collect log from:
• Elastic Beanstalk: collection of logs from application
• ECS: collection from containers
• AWS Lambda: collection from function logs
• CloudTrail based on filter
• CloudWatch log agents: on EC2 machines or on-premises
servers
• Route53: Log DNS queries
• Enables real-time monitoring of logs
• Adjustable CloudWatch Logs retention
CloudWatch Logs for EC2
• By default, no logs from your EC2 CloudWatch Logs
instance will go to CloudWatch
• You need to run a CloudWatch agent on
EC2 to push the log files you want
• Make sure IAM permissions are correct
• The CloudWatch log agent can be setup CloudWatch CloudWatch
on-premises too Logs Agent Logs Agent

On Premise
EC2 Instance Server
Amazon EventBridge (formerly CloudWatch
Events)
• Schedule: Cron jobs (scheduled scripts)

Schedule Every hour Trigger script on Lambda function

• Event Pattern: Event rules to react to a service doing something

IAM Root User Sign in Event SNS Topic with Email Notification

• Trigger Lambda functions, send SQS/SNS messages…

 Amazon EventBridge Rules
Example Destinations
Example Source

Compute
Lambda AWS Batch ECS Task
EC2 Instance CodeBuild

Integration
(ex: Start Instance) (ex: failed build)

SQS SNS Kinesis Data

Streams

Maintenance Orchestration
S3 Event Trusted Advisor
(ex: upload object) (ex: new Finding) Amazon
EventBridge
Step CodePipeline CodeBuild
Functions
CloudTrail Schedule or Cron
(any API call) (ex: every 4 hours)

SSM EC2 Actions

Amazon EventBridge
AWS Services AWS SaaS Custom
Default Partners Partner Apps Custom
Event Bus Event Bus
Event Bus

• Schema Registry: model event schema

• You can archive events (all/filter) sent to an event bus (indefinitely or set
period)
• Ability to replay archived events
Amazon SNS
• Amazon Simple Notification Service is a notification service provided as part of
Amazon Web Service.
• It provides a low-cost infrastructure for the mass delivery of messages
• Each subscriber to the topic will get all the messages
• Up to 12,500,000 subscriptions per topic, 100,000 topics limit

publish SQS Lambda Kinesis Data

Firehose

SNS
Emails SMS & HTTP(S)
Mobile Notifications Endpoints
AWS CloudTrail
• Provides governance, compliance and audit for your AWS Account
• Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail.
• CloudTrail is enabled by default!
• Get an history of events / API calls made within your AWS Account by:
• Console
• SDK
• CLI
• AWS Services
• Can put logs from CloudTrail into CloudWatch Logs or S3
• A trail can be applied to All Regions (default) or a single Region.
• If a resource is deleted in AWS, investigate CloudTrail first!
CloudTrail Events
• Management events: provide information about management operations
that are performed on resources in your AWS account.
• Data events: provide information about the resource operations
performed on or in a resource.
• CloudTrail Insights: events capture unusual API call rate or error rate
activity in your AWS account.
 CloudTrail Diagram

SDK

CloudWatch Logs
CloudTrail Console
CLI

Console
Inspect & Audit S3 Bucket

IAM Users &

IAM Roles
Monitoring Summary
• CloudWatch:
• Metrics: monitor the performance of AWS services and billing metrics
• Alarms: automate notification, perform EC2 action, notify to SNS based on metric
• Logs: collect log files from EC2 instances, servers, Lambda functions…
• Events (or EventBridge): react to events in AWS, or trigger a rule on a schedule
• CloudTrail: audit API calls made within your AWS account
• CloudTrail Insights: automated analysis of your CloudTrail Events