CloudWatch
General Info¶
Use cases | Monitoring service for AWS resources/applications:
|
Enables |
|
Limits |
|
CloudWatch Logs¶
- Characteristics
-
- Allows to aggregate and monitor logs from applications and systems
- Sources
- pushed from some AWS services (including CloudTrail)
- pushed from your apps/systems
- metrics from log entry matches
- Elements
Log Group A collection of log streams that share the same retention, monitoring, and access control settings Log Stream A sequence of log events that share the same source Subscription Filters Define a filter pattern that matches events in a particular log group, send them to Kinesis Data Firehose stream, Kinesis stream, or a Lambda function - Storage
- stored indefinitely (does not use S3) unless you set a retention period on a Log Group
- can export Log Groups (in a particular time range) to S3 (not real time)
- Integrations
- CloudWatch Agent can be installed on a host (e.g. via SSM) to push logs to CloudWatch Logs
- can receive events from other accounts by creating a "destination" in CloudWatch, which references a receiving Kinesis stream
- the destination has a resource-based policy that controls which accounts can write to the destination
- CloudWatch Logs on the sender side can then stream to the other account
CloudWatch Monitoring¶
- Characteristics
-
- Provides monitoring of performance metrics (real time)
- Types
Type Description BASIC
- Sends data points to CloudWatch every 5mins
- For a limited number of metrics
- No charge
DETAILED
- Every 1min
- Allows data aggregation (across AZ within a region)
- Additional charge
- Metrics
- Hypervisor visible metrics (CPU) (NO MEMORY)
- default = CPU util/network util
- custom = disk space/RAM utilization
- Alarms = if CPU > 80% for 5 mins —> alarm
- Notifications = SNS
- Can support on-premise services (doesn't need to be an AWS service)
CloudWatch Events¶
- Description
-
- Provides a near real-time stream of events within your AWS account which can be used to trigger actions (such as a Lambda function) to perform a task
- Near real-time stream of system events (event-driven security)
Characteristics
Events |
|
Rules |
|
Targets |
![]() |
Access control |
|