DevOps

CloudWatch

native monitoring service

Overview

  • Sevice used for monitoring the cloud and on-premises systems (using CloudWatch agent).

State of Alarm

  • INSUFFICIENT_DATA: alarm has just started, the metric is not available, not enough data.

  • OK: within the threshold

  • ALARM: outside of the defined threshold.

Benefits

  • Single platform observability (both AWS resources and on-premises servers).

  • Easy metrics collection. Natively integrate with 70+ AWS services.

  • Improve performance and resource optimization

Features

Default EC2 metrics

By default, CloudWatch provides these metrics:

  • CPU utilization

  • Network utilization

  • Disk I/O

It does not natively provide memory and disk space utilization metrics. You need to install CloudWatch agent to collect these metrics. Some other metric that unavailable:

  • Memory utilization

  • Disk swap, disk space utilization

  • Page file utilization

  • Log collection

CloudWatch Agent

  • Used to collect data from on-prem systems.

  • Support both Windows, Linux

  • Configuration file: a JSON file that specifies the metrics and logs that the agent is to collect.

Metrics Lambda send to CloudWatch

  • Invocation

  • Duration

  • Errors

  • Throttles

  • DeadLetterErrors

  • IteratorAge

  • ConcurrentExecutions

  • UnreservedConcurrentExecutions

Concepts

  • Metric: a time-ordered set of data points that are published to CloudWatch.

  • Namespace: a container for CloudWatch metrics.

  • Dashboard: are customizable home pages in the CloudWatch console.

Trivia

  • Data is available in 5-minute periods. If you enable Detailed monitoring, data will be available in 1-minute periods.

  • Dashboard are global. That means you can access dashboard from anywhere.

  • If you want people to access Dashboard only, try to use CloudWatch Dashboard sharing.

KMS

  • CloudWatch Logs supports only symmetric customer managed keys. Do not use an asymmetric key to encrypt the data in your log groups.

  • To encrypt a log group with a customer managed key, you need to use the AWS CLI or SDKs. The steps would be:

  1. Create a customer managed symmetric KMS key

  2. Add policy to KMS key for CloudWatch to use the created key "Service": "logs.region.amazonaws.com"

  3. Associate the KMS key with the log group

  1. Any new log events ingested into the log group after associating the KMS key will be encrypted using that key

PreviousCloudTrailNextTrustedAdvisor

Last updated