In the previous chapter, you looked at the different types of log files AWS can generate. This chapter will focus on the CloudWatch service. Amazon CloudWatch is the leading monitoring service used in AWS and cloud data and metrics from all supported AWS services. It allows you to gain a better understanding of the performance of your environment. CloudWatch lets you collect valuable logging information from many different services, such as EC2 instances and Route 53, and even has the capability to collect and store CloudTrail logs.

In addition, CloudWatch has built-in metric monitoring and reporting capabilities with CloudWatch Metrics. Metrics can be gathered and used in multiple formats, such as creating alarms to help notify your security team when certain thresholds are breached (such as too many log-in attempts during a specific time period) or alarms for other groups depending on their needs. Dashboards can also be created to graphically...

You will need to have access to the AWS Management Console with an active account and AWS CLI access for this chapter.

Amazon CloudWatch is the de facto AWS native service used to help you monitor your services and resources. While other services may help with monitoring specific tasks such as networking or security, CloudWatch considers the services holistically. The primary function of CloudWatch is to help you monitor and track the performance of your AWS workloads, services, and applications.

When working with your systems, especially during peak periods of traffic, you never know what to expect. You need to have visibility into your overall system along with individual components in case the response times start to become sluggish or unresponsive. Applications, and correspondingly their requirements, including security requirements, are becoming more complex. The number of different platforms being used is constantly evolving, and logs are constantly being generated from different sources. Through all of this, you need a way to keep an eye on your systems. The preceding...

CloudWatch Logs allows you to ingest logs from your AWS services. The CloudWatch Logs service helps you move logs off your host and onto durable storage. The S3 service backs this durable storage. Once they have moved there, they are retained until you change the retention period.

With logs stored in CloudWatch Logs, you can perform basic text searches across the data stored. You can also create custom metrics and alarms from the data parsed from the logs. CloudWatch Logs can be an essential tool in your security and compliance frameworks, as they allow you to create an audit trail, serve as evidence for forensic analysis, and provide critical information in case of an incident. From the rules, you can impose the usage, access to, and auditability of the logs.

Having gained a basic understanding of the CloudWatch Logs service, you will now learn about some of the key terms.

CloudWatch Logs Terminology

You should be familiar with some key terms...

Metrics, which are quantitative measurements representing a specific aspect of a resource’s performance, behavior, or utilization, are automatically collected in Amazon CloudWatch from AWS services such as DynamoDB database instances and Lambda functions. As metrics are collected over time, you can quickly graph their values and then choose the timeframe (e.g., 3 hours, 1 day, or 1 month) that you would like to see them.

You can also create a custom metric. These metrics are relevant to your organization and can be made based on the values in your log files. Custom metrics can track any essential data in your company, infrastructure, or application. Examples could be the number of requests your application receives or how many errors a particular application returns.

In the next section, you will see how to create metric filters in CloudWatch from predefined and custom metrics.

Metric Filters in CloudWatch

In AWS CloudWatch, a metric filter provides...

With the metrics that CloudWatch provides, the service also allows you to monitor metrics and events that can automatically initiate actions (such as sending out an SNS notification) when certain conditions are met, in near real time. CloudWatch alarms can be used for a multitude of purposes, including detecting unusual behavior or performance issues with your AWS resources.

A metric alarm monitors a specific metric of CloudWatch. It has a threshold set for monitoring when initially created. These thresholds define the values of when the alarm will be triggered and are based on the metrics that you specify, such as CPU utilization, network traffic, or available disk space. Additionally, initial monitoring periods allow for a grace period after the alarm is created, during which nothing is triggered.

When you create a metric alarm, you select a CloudWatch metric, set a threshold value for the metric, and specify the actions to be taken when the threshold is breached...

You may have heard the term loosely coupled or event-driven if you have dealt with cloud architects over the past few years. The term loosely coupled refers to a design approach where the components of the modules of a system are designed to have minimal dependencies on each other.

In other words, loosely coupled systems are designed in such a way that changes or modifications to one component do not have a significant impact on other components. This allows for greater flexibility and scale in the system and easier maintenance and development.

Two critical components in building a loosely coupled system in AWS are either a queueing system that can receive messages and hold them until they are processed by a downstream process and/or an event bus that can take events from a variety of different sources and send out instructions to a set of corresponding targets.

Figure 8.19: AWS EventBridge flow

Amazon...

In this chapter, you looked at AWS’s CloudWatch service and its multiple functionalities. You saw how it can gather logs for many of the other services running in AWS and store them for the specified period. You also saw how the CloudWatch service provides monitoring and metrics for the different services running in AWS. You looked at both predefined metrics and custom ones.

With the metric capabilities of CloudWatch, you can track your resources and create alarms and dashboards to monitor and keep track of services within your purview.

The chapter concluded with a discussion of Amazon EventBridge, the event bus service. You saw how EventBridge can take events from multiple sources, both internal to AWS and external, and use rules to process the events and then send the events to one or more specified targets for proper processing. You also learned how EventBridge can help you build a decoupled EDA in AWS.

In Chapter 9, Parsing Logs and Events with AWS Native...

For additional information on the AWS Shared Responsibility Model and the underlying principles of AWS security, please check out the following resources:

• AWS CloudWatch FAQs: https://packt.link/qCEmt
• Introducing Amazon EventBridge Scheduler: https://packt.link/T4KbU
• Amazon EventBridge FAQs: https://packt.link/cdauX

Apart from a solid understanding of key concepts, being able to think quickly under time pressure is a skill that will help you ace your certification exam. That is why working on these skills early on in your learning journey is key.

Chapter review questions are designed to improve your test-taking skills progressively with each chapter you learn and review your understanding of key concepts in the chapter at the same time. You’ll find these at the end of each chapter.

How To Access These Resources

To learn how to access these resources, head over to the chapter titled Chapter 21, Accessing the Online Practice Resources.

To open the Chapter Review Questions for this chapter, perform the following steps:

1. Click the link – https://packt.link/SCSC02E2_CH08

   Alternatively, you can scan the following QR code (Figure 8.23):

Figure 8.23: QR code that opens Chapter Review Questions...