AWS MONITORING AND LOGGING SERVICES

Posted on by techexpert@lab4devops

This category of services provides monitoring, logging and auditing of services which are running on AWS.

AWS CLOUDWATCH

AWS cloudwatch is a monitoring service for AWS resources and applications running on AWS it’s a performance monitoring service and at same time CloudTrail is for auditing.

Used to collect and track metrics collect logs and monitor them and accordingly set alarms. Cloudwatch mostly monitors below resources.

  • EC2 Instances
  • Dynamo DB
  • RDS DB instances
  • Custom metrics generated by applications and services
  • Log files generated by applications deployed on AWS. Monitors application performance, resource utilization, operational health.

CloudWatch is accessed via API, command-line interface, AWS SDKs, and the AWS Management Console. CloudWatch integrates with IAM.`

CloudWatch retains metric data as follows:

  • Data points with a period of less than 60 seconds are available for 3 hours. These data points are high-resolution custom metrics.
  • Data points with a period of 60 seconds (1 minute) are available for 15 days.
  • Data points with a period of 300 seconds (5 minute) are available for 63 days.
  • Data points with a period of 3600 seconds (1 hour) are available for 455 days (15 months).

CLOUD TRAIL

Cloudtrail provides visibility into user activity by recording actions taken on your account. API history enables security analysis, resource change tracking, and compliance auditing.
Logs API calls made via:

  • AWS Management Console.
  • AWS SDKs.
  • Command line tools.
  • Higher-level AWS services (such as CloudFormation).

CloudTrail records account activity and service events from most AWS services and logs the following records:

  • The identity of the API caller.
  • The time of the API call.
  • The source IP address of the API caller.
  • The request parameters.
  • The response elements returned by the AWS service.

CloudTrail is enabled by default, it’s per AWS account. We can consolidate logs from multiple accounts using an S3 bucket:

  1. Turn on CloudTrail in the paying account.
  2. Create a bucket policy that allows cross-account access.
  3. Turn on CloudTrail in the other accounts and use the bucket in the paying account.

You can integrate CloudTrail with CloudWatch Logs to deliver data events captured by CloudTrail to a CloudWatch Logs log stream.

CloudTrail log file integrity validation feature allows you to determine whether a CloudTrail log file was unchanged, deleted, or modified since CloudTrail delivered it to the specified Amazon S3 bucket.

Unknown's avatar

Published by techexpert@lab4devops

Leave a Reply