Monitoring and Reporting Summary
CloudWatch
- Host Level Metrics:
- CPU
- Network
- Disk
- Status Check
-
Ram Utilization - custom metric
-
Custom Metrics - minimum granularity is 1 minute
-
Terminated Instances - Retrieve data from termed instances indefinitely
- Metric Granularity
- 1 minute - detailed
- 5 minutes - standard
- CloudWatch can be used on premise - Not restricted to just AWS resources. Can be on premis too. Just need to download and install the SSM agent and CloudWatch agent.
EBS
- General Purpose (SSD)
- Provisioned IOPS (SSD)
- Throughput Optimized Hard Disk Drive
- Cold Hard Disk Drive
-
Magnetic
- IOPS Metrics
- Burst up to 3000 IOPS
- More than 10,000 move to PIOPS
CloudWatch vs CloudTrail
- CloudWatch - Performance
- CloudTrail - API Calls
ELB - Monitoring Types
- CloudWAtch Metrics
- Access Logs
- Request Tracing
- CloudTrail Logs
Access Logs
- Store data where the EC2 instance has been deleted. Stored on S3.
Elasticache
- Memcached
- Redis
Elasticache Monitoring Tips
- CPU Utilization
- Swap Usage
- Evictions
- Concurrent Connections
CloudWatch
- Dashboards are multi-region and can display widgets to any region
- Remember to save.
Billing Alarms
- Billing Alarms automatically alert at a cost threshhold.
Organizations
- Centrally Manage Policies Across Multiple AWS Accounts.
- Control Access TO AWS Services.
- Automate AWS Account Creation and Management.
- Consolidate Billing Across Multiple AWS Accounts
Resource Groups
- TAG EVERYTHING!
- Two types of Resource Groups
- Classical
- Systems manager resource groups
EC2 Pricing Options
- On Demand
- Reserved
- Spot
- Dedicated Hosts
Config
- Compliance Checks:
- Trigger
- Periodic
- Configuration Changes
- Managed Rules
- About 40
- Basic, but fundamental
- Permissions needed for Config:
- IAM Role
- Read only permissions to recorded resources
- Write access to S3 logging bucket
- Publish access to SNS
- IAM Role
- Restrict Access:
- Users need to be authenticated to AWS and have the appropriate permissions set via IAM policies to gain access.
- Only Admins needing to setup and manage Config require full access.
- Provide read only permissions for Config day-to-day use.
- Monitoring Config:
- Use CloudTrail with Config to provide deeper insight into resources
- Use CloudTrail to monitor access to config, such as someone stopping the Config Recorder.
ClouWatch vs CloudTrail vs Config
- Cloudwatch - performance
- CloudTrail - API calls
- Config - State changes
Heath Dashboards
- Service Health Dashboards
- Personal Health Dashboards