Monitoring and Reporting Summary

CloudWatch

• Host Level Metrics:
  • CPU
  • Network
  • Disk
  • Status Check

• Ram Utilization - custom metric

• Custom Metrics - minimum granularity is 1 minute

• Terminated Instances - Retrieve data from termed instances indefinitely

• Metric Granularity
  • 1 minute - detailed
  • 5 minutes - standard
• CloudWatch can be used on premise - Not restricted to just AWS resources. Can be on premis too. Just need to download and install the SSM agent and CloudWatch agent.

EBS

• General Purpose (SSD)
• Provisioned IOPS (SSD)
• Throughput Optimized Hard Disk Drive
• Cold Hard Disk Drive

• Magnetic

• IOPS Metrics
  • Burst up to 3000 IOPS
  • More than 10,000 move to PIOPS

CloudWatch vs CloudTrail

• CloudWatch - Performance
• CloudTrail - API Calls

ELB - Monitoring Types

• CloudWAtch Metrics
• Access Logs
• Request Tracing
• CloudTrail Logs

Access Logs

• Store data where the EC2 instance has been deleted. Stored on S3.

Elasticache

• Memcached
• Redis

Elasticache Monitoring Tips

• CPU Utilization
• Swap Usage
• Evictions
• Concurrent Connections

CloudWatch

• Dashboards are multi-region and can display widgets to any region
• Remember to save.

Billing Alarms

• Billing Alarms automatically alert at a cost threshhold.

Organizations

• Centrally Manage Policies Across Multiple AWS Accounts.
• Control Access TO AWS Services.
• Automate AWS Account Creation and Management.
• Consolidate Billing Across Multiple AWS Accounts

Resource Groups

• TAG EVERYTHING!
• Two types of Resource Groups
  • Classical
  • Systems manager resource groups

EC2 Pricing Options

• On Demand
• Reserved
• Spot
• Dedicated Hosts

Config

• Compliance Checks:
• Trigger
  • Periodic
  • Configuration Changes
• Managed Rules
  • About 40
  • Basic, but fundamental
• Permissions needed for Config:
  • IAM Role
    • Read only permissions to recorded resources
    • Write access to S3 logging bucket
    • Publish access to SNS
• Restrict Access:
  • Users need to be authenticated to AWS and have the appropriate permissions set via IAM policies to gain access.
  • Only Admins needing to setup and manage Config require full access.
  • Provide read only permissions for Config day-to-day use.
• Monitoring Config:
  • Use CloudTrail with Config to provide deeper insight into resources
  • Use CloudTrail to monitor access to config, such as someone stopping the Config Recorder.

ClouWatch vs CloudTrail vs Config

• Cloudwatch - performance
• CloudTrail - API calls
• Config - State changes

Heath Dashboards

• Service Health Dashboards
• Personal Health Dashboards