AWS Cloudwatch

Amazon CloudWatch is a fully managed monitoring and observability service for collecting, analyzing, and acting on logs and metrics. Key Components are -

  1. Metrics
  2. Logs
  3. Dashboards
  4. Events
  5. Alarms
  6. Insights

1. Key Components

  1. Metrics: Tracks performance data from AWS resources and custom applications(e.g., CPU utilization, memory usage).
  2. Logs: Centralized storage and analysis of log data for troubleshooting.
  3. Alarms: Monitors metrics and triggers notifications or automated actions.
  4. Dashboards: Real-time, customizable visualizations for monitoring metrics and logs.
  5. Events (EventBridge): Automates workflows based on system or custom events.
  6. Insights: Enables deep log and metric analysis with query-based tools.
  7. Anomaly Detection: Uses ML to identify unusual metric behavior automatically.
  8. ServiceLens: Combines traces, logs, and metrics for end-to-end application observability.
  9. Synthetics: Simulates user interactions for monitoring application availability.

2. CloudWatch Alarms and EventBridge

Use both together to create powerful automation workflows based on alarm state changes.

  1. Example Use Case: You want to monitor an EC2 instance for high CPU usage. If the CPU usage exceeds 80% for 5 consecutive minutes, you want to automatically restart the instance using EventBridge and AWS Lambda.
  2. Workflow Steps:
    1. The CloudWatch Alarm monitors the CPU usage of the EC2 instance.
    2. When the CPU usage exceeds the threshold, the alarm transitions to the ALARM state and sends the event to EventBridge.
    3. EventBridge Rule matches the event and triggers the associated Lambda function.
    4. The Lambda Function restarts the EC2 instance automatically.

3. Amazon CloudWatch Alarms Types

Amazon CloudWatch supports different types of alarms to monitor the state of your AWS resources and applications.

  1. Metric Alarms: Standard CloudWatch alarms that monitor a single metric or a mathematical expression based on one or more metrics.
  2. Composite Alarms: Alarms that evaluate the combined state of multiple metric alarms using logical operators (AND, OR, NOT).
  3. Anomaly Detection Alarms: Alarms that use machine learning models to detect anomalies in metric patterns.
  4. High-Resolution Alarms: Metric alarms with a more granular evaluation period (as low as 10 seconds).

4. CloudWatch Logs Subscription Filters

CloudWatch Logs subscription filters allow you to configure streams for your logs, directing the data to various AWS services with minimal setup.

  1. Amazon OpenSearch Service (formerly Amazon Elasticsearch Service)
  2. Amazon S3
  3. Amazon Kinesis Data Streams
  4. Amazon SQS
  5. Amazon SNS
  6. Amazon Redshift
  7. AWS Lambda

When setting up the destination in subscription filters, you can choose one of the above services. For each filter configuration, only one destination can be configured.

Share the dashboard from the CloudWatch console

Enter the email address and provide a shareable link for the dashboard is ideal because it directly allows sharing the CloudWatch dashboard with someone via email without the need for creating AWS credentials or access keys. This solution aligns with the least privilege principle by providing specific access to the desired dashboard without exposing additional AWS resources.

5. Question

What is the minimum time Interval for the data that Amazon CloudWatch receives and aggregates? Ans: The minimum interval is 1 second for custom or high-resolution metrics. For standard metrics, the default granularity is 1 minute.

6. Question

A company stores its application logs in an Amazon CloudWatch Logs log group. A new policy requires the company to store all application Logs to Amazon OpenSearch Service (Amazon Elasticsearch Service) in near-real time. Which solution will meet this requirement with the LEAST operational overhead?

  1. Configure a CloudWatch Logs subscription to stream the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service). (Correct)
  2. Create an AWS Lambda function. Use the log group to invoke the function to write the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service).
  3. Create an Amazon Kinesis Data Firehose delivery stream. Configure the log group as the delivery streams sources. Configure Amazon OpenSearch Service (Amazon Elasticsearch Service) as the delivery stream's destination.
  4. Install and configure Amazon Kinesis Agent on each application server to deliver the logs to Amazon Kinesis Data Streams. Configure Kinesis Data Streams to deliver the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service).