Cloudwatch is a tool in AWS which enables you to monitor your AWS resources and the applications you run in AWS in real-time.
You can create thresholds (e.g. 90% CPU usage on EC2) that when exceeded work in conjunction with SNS to alert the recipients of a topic or you can configure it to carry out some kind of automated action.
When using Cloudwatch, you can be charged for:
- Per Cloudwatch dashboard
- For detailed monitoring (basic monitoring is free)
- Cloudwatch custom metrics
- API requests
- Cloudwatch Logs
- Events / custom events
Within Cloudwatch, you can create a dashboard with a number of metrics about your AWS resources / billing on the AWS account. You can then create alarms for each of those metrics in which you can define the threshold at which you wish to be alarmed, the number of consecutive periods that must be breached before the alarm will flag (e.g. how many 5 minute time periods does CPU need to be above 80% to cause concern?
You can configure these alarms to send notifications to SNS topics.
|Side Note: |
Detailed monitoring provides data in 1 minute periods while basic monitoring provides data in 5 minute periods.
Autoscaling heavily relies on Cloudwatch. This is because it uses Cloudwatch to identify whether thresholds have been breached and whether scaling is required.
By default, Cloudwatch monitors host level metrics. These are:
- CPU utilization
- Network In/Out
- CPU Credit Balance
- CPU Credit Usage
We can extend this to monitor the software level with a script provided by AWS:
- Memory Used
- Memory Available
- Swap Disk Usage
- Disk Space
Cloudtrail is a service provided by AWS which is essentially an API logging service. It tracks every single API request made by AWS.
Remember, AWS is effectively one big API, so every action is captured whether it’s from the command line, SDK or the AWS management console.
This is useful if you have several AWS users. Let’s say an important file goes missing. Using Cloudtrail, you’ll be able to identify which user deleted that file.
Cloudtrail stores all its logs in AWS S3, so it’s highly available by default. We can setup an SNS notification to alert us whenever a new log is delivered to the S3 bucket.