[AWS DA] AWS Monitoring & Audit: CloudWatch, X-Ray and CloudTrail
CloudWatch
CloudWath Metrics
- Default every 5 mins
EC2 Detailed monitoring
- Get data every 1 mins
- Free Tier allow to have 10 details monitoring metrics
[Note]: EC2 Memory usage is by default not pushed (if must be pushed, from inside the instance as a csutom metric)
Custom Metrics
- Possibility to define and send your own custom metrics to CloudWatch
- Metric resolution:
- Standard: 1 min
- High Resolution: up to 1 second
- StorageResolution API paramter
- Use API call PutMetricData
- Use Exponential back off in case of throttle errors
CloudWatch Alarms
- Alarms are used to trigger notifications for any metric
- Alarms can go to Auto Scaling, EC2 Actions, SNS notifications
- Alarms States: OK, INSUFFICIENT_DATA, ALARM
- Period: High Resolution custom metrics: can only choose 10 sec or 30 sec
CloudWatch Logs
- Can define log expiration policies (by default never expire, 30 days ...)
- Make sure IAM permissions are correct
- Security, encrypted by KMS at the group level
- You are able to do search for logs
- Other actions can do
EventBridge
X-Ray
Compatibility
- Lambda
- Elastic Beanstalk
- ECS
- ELB
- API Gateway
- EC2 Instances or any applciation server
- ...
Enable X-Ray
Enabled X-Ray in ElasticBeanstalk
Concepts
- Segments: each application / service will send the them
- Subsegments: if you need more details in your segment
- Trace: segments collected together to form an end-to-end trace
- Sampling: decrease the amount of requests send to X-Ray, reduce costs
- Annotations: Key Value pairs, used to index / search traces and use with filter
- Metadata: Key Value paris, not indexed, not used for searching
- PutTraceSegements: most important one, enable x-ray send data to server
- PutTelemetryRecords
- GetSamplingRules: also write to x-ray
- GetSamplingStaticSummaries
- GetSamplingTargets
There are two ways to run X-Ray on ECS instances.
1. Well-known one is deploy X-Ray daemon on an own docker container pre EC2 instance
2. "Side Car", deploy X-Ray daemon container along side Application container, each app with one x-ray daemon.
3. For Fargate, use side car approach
On ECS, main thing to remember for Exam is that
- You need to map x-ray port: 2000
- and protocal: udp