Monitor Your AWS Resources
After completing this unit, you’ll be able to:
- Describe the features and benefits of AWS CloudTrail.
- Describe the features and benefits of Amazon CloudWatch.
Suppose you have a team with access to your AWS infrastructure. They're building out interconnected services. When a component fails, how are you notified? How do you determine what happened?
AWS provides services that can help you monitor your resources and determine the cause and timeline when a service stops functioning normally. You can also receive automatic notifications when specific thresholds are met or exceeded, and you can automate corrective actions according to predefined guidelines that you set.
Let’s take a look at how you can use AWS CloudTrail and Amazon CloudWatch to monitor your resources.
Govern Your Account with AWS CloudTrail
AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. It records important information about each action taken on your account.
- The user who made the request
- The services used
- The actions performed
- Parameters for the actions
- The response elements returned by the AWS service
This information helps you track changes made to your AWS resources so you can troubleshoot operational issues. CloudTrail also makes it easier to ensure compliance with internal policies and regulatory standards.
When you create your AWS account, CloudTrail is automatically enabled. You can always view, search, and download the past 90 days of activity using the CloudTrail console or AWS Command Line Interface (AWS CLI).
Additionally, you can configure trails that record events in one region or all regions and deliver CloudTrail event log files to specified Amazon Simple Storage Service (Amazon S3) buckets.
Use CloudTrail to:
- Track changes to resources
- Answer simple questions about user activity
- Demonstrate compliance
- Troubleshoot issues
- Perform security analysis
Monitor Your Resources and Applications with Amazon CloudWatch
Amazon CloudWatch monitors your AWS resources and the applications you run on AWS in real time. You can use CloudWatch to collect and track metrics, collect and monitor log files, and set alarms.
You can create an alarm to monitor any Amazon CloudWatch metric in your account. For example, you can create alarms for the following.
- Amazon Elastic Compute Cloud (Amazon EC2) instance CPU utilization
- Amazon Elastic Load Balancing request latency
- Amazon DynamoDB table throughput
- Amazon Simple Queue Service (Amazon SQS) queue length
- The charges on your AWS bill
When you create an alarm, you can configure it to perform one or more automated actions based on criteria you define. For example, you can set an alarm that:
- Sends you an email
- Publishes to an SQS queue
- Stops or terminates an Amazon EC2 instance
- Executes an Auto Scaling policy
CloudWatch alarms integrate with Amazon Simple Notification Service (Amazon SNS), so you can also use any notification type supported by Amazon SNS. For example, you can set an alarm that sends you a text message when your AWS bill exceeds a specific dollar amount.
When you integrate CloudWatch with other services and configure alarms, it becomes a powerful tool for automating and monitoring your infrastructure. You gain systemwide visibility into resource utilization, application performance, and operational health.
When remembering the difference between AWS CloudTrail and Amazon CloudWatch, it might be helpful to think of CloudTrail as leaving a trail that you can follow for auditing purposes to determine users’ actions. CloudWatch allows you to set alarms like you might do with your watch (think wristwatch) to notify you of something and inspire action.
In the next module, we examine services and strategies for keeping your cloud infrastructure secure.