[SAP] CloudWatch

CloudWatch Alarms

  • Can trigger actions: EC2 action (reboot, stop, terminate, recover), Auto Scaling, SNS
  • Alarm events can be intercepted by CloudWatch Events

 

 

CloudWath Logs

  • Log groups: arbitrary name, usually representing an application
  • Log stream: instances within application / log files / containers
  • Can define a log expiration policies (never expire, 30 days, etc...)
  • Optional KMS encryption
  • CloudWatch Logs can send logs to:
    • S3
    • KDS
    • KDF
    • Lambda
    • ElasticSearch

 

CloudWatch Logs - S3 Export

  • S3 bucket must be encrypted with AES-256 (SSE-S3), not SSE-KMS
  • Log data can take up to 12 hours to become available for export (so it is not real time usecase)
  • The API call is CreateExportTask
  • Not near-real time or real-time... use Logs Subscriptions instead

 

 

  • For multi-account or multi region cloudwatch logs aggregation, need to send KDS first.
  • NOT KDF first
  • Then forward to S3

 

 

 

 

 

 

posted @ 2021-09-24 15:42  Zhentiw  阅读(72)  评论(0编辑  收藏  举报