Shulou(Shulou.com)06/02 Report--

AWS CloudWatch concept based on identified content monitoring infrastructure components send notifications based on specified metrics and trigger various operations distributed statistics and collection systems for collecting and tracking metrics by default, seamlessly collect metrics at the hypervisor level, such as CPU utilization, IO byte operations, network byte operations CloudWatch can trigger, including startup termination restart EC2, add and decrease AutoScaling groups Send messages to operational property panels such as SNS (Dashboards)-Custom panels can be created to facilitate the observation of different monitoring object alarms (Alarms) in the AWS environment-when a monitoring object exceeds the threshold Alarm message events (Events)-response logs (Logs) for changes occurring in the AWS environment-Cloudwatch logs help collect, monitor and store log information monitoring metrics support monitoring and specifying metrics for most AWS services, including: Auto Scaling,Amazon CloudFront,Amazon CloudSearch,Amazon DynamoDB,Amazon EC2,Amazon EC2 Container Service (Amazon ECS), Amazon ElastiCache,Amazon Elastic Block Store (Amazon EBS), Elastic Load Balancing,Amazon Elastic MapReduce (Amazon EMR) Amazon Elasticsearch Services, Amazon Kinesis Streams,Amazon Kinesis Firehose,AWS Lambda,Amazon Machine Learning, AWS OpsWorks,Amazon Redshift,Amazon Relational Database Services (Amazon RDS), Amazon Route 53, Amazon SNS,Amazon Simple Queue Service (Amazon SQS), Amazon S3 Magi AWS Simple Workflow Service (Amazon SWF), AWS Storage Gateway,AWS WAF and Amazon WorkSpaces. Ability to customize metrics, including those application metrics that are not visible to AWS, such as web page loading time, request error rate, number of concurrent processes or threads, support through API call PUT various metrics monitoring frequency basic monitoring every 5 minutes as a data point for collection, free of charge a limited number of indicators and monitoring detailed monitoring to collect data points per minute, customizable indicators More fine-grained high-resolution metrics are supported for paid use. Every 1s collection CloudWatch supports cross-availability zone aggregation and retrieval, but does not support cross-region aggregation CloudWatch can only monitor performance metrics, can not track changing cloud design patterns-CloudWatch combined with monitoring software work CloudWatch can not provide internal work of EC2, such as operating system, middleware, applications, etc. All of these require the use of independent monitoring system to deploy Nagios, Zabbix, Munin and other software on independent EC2, and obtain monitoring information from AWS through CloudWatch API, so as to integrate.

CloudWatch Logs can process data through custom metrics or CloudWatch Logs to obtain near real-time monitoring logs and store logs to help you better understand and run systems and applications. You can use CloudWatch Logs to store log data in highly persistent and cost-effective storage for a long time without worrying about running out of hard disk space. The log file monitoring data that CloudWatch Logs can store separate measurement results and other information can be retained for up to 15 months by default. And data points that cannot be manually deleted for a period of less than 60 seconds can be retained for 3 hours. These data points are high-resolution custom metrics. Data points with a period of 60 seconds (1 minute) can be retained for 15 days, data points with 300 seconds (5 minutes) for 15 days, data points with 3600 seconds (1 hour) for 63 days, and data points with 3600 seconds (1 hour) for 63 days (15 months) support real-time monitoring of log files and triggering specific events CloudWatch Logs can be used for the following processing methods: real-time streaming of data logs to data processing solutions such as Amazon Kinesis Stream or AWS Lambda In the solution, it is stored in S3 or Glacier as a batch archive. The administrator can see through the console that CLoudWatch Agent in EC2's Linux system can collect EC2 system internal logs Amazon Linux by installing CloudWatch log Agent. Ubuntu, CentOS, Red Hat Enterprise Linux, and Windows all support CloudWatch Logs Insights's interactive integrated log analysis feature for CloudWatch Logs. It allows developers, operators, and systems engineers to search and visualize their logs to help them understand, improve, and debug their applications. Alert you can create alerts in your account to monitor any Amazon CloudWatch metrics. For example, you can create alerts to monitor Amazon EC2 instance CPU usage, Amazon ELB request latency, Amazon DynamoDB table throughput, Amazon SQS queue length, and even AWS billing charges. You can also create alerts for custom metrics specific to custom applications or infrastructure. If the custom metric is a high-resolution metric, you can choose to create a high-resolution alert that will be alerted during a 10-second or 30-second period. When you create an alert, you can configure to perform one or more automatic actions when the selected monitoring metric exceeds the defined threshold. For example, you can set alerts to send e-mail, publish to a SQS queue, stop or terminate an Amazon EC2 instance, or enforce an Auto Scaling policy. Because Amazon CloudWatch alerts are integrated with the Amazon Simple Notification Service implementation, any notification type supported by SNS can also be used. The alert history is valid for 14 days. The DashboardAmazon CloudWatch control panel allows you to create, customize, interact, and save charts of AWS resources and custom metrics. The automation dashboard pre-builds best practices for AWS service recommendations, maintains resource awareness, and can be dynamically updated to reflect the latest status of key performance metrics. You can now filter and troubleshoot specific views without adding additional code to reflect the latest status of AWS resources. Once you have identified the root cause of the performance problem, you can go directly to the AWS resource to take quick action. The control panel refreshes automatically when it is open. EventAmazon CloudWatch Events (CWE) is a system event stream that describes changes to AWS resources. When an event matches a rule that you created in the system, you can automatically call an AWS Lambda function, relay the event to the Amazon Kinesis flow, send an Amazon SNS topic notification, or invoke a built-in workflow. Event does not check for compliance like AWS Config does, nor does it record call records like CloudTrail. The limit of CloudWatch is that each AWS account can save up to 5000 alarms. By default, the granularity of monitoring collection and aggregation is 1 minute. The metric data collected by default is retained for 15 days. If you need to save it to S3 or Glacier for a long time, you cannot monitor memory and internal metrics by default. You need to customize the configuration of AWS CloudTrail Overview. CloudTrail provides visibility of user activities by recording the actions performed on the account. CloudTrail records important information about each operation, including the originator of the request, the service used, the operation performed, the parameters of the operation, and the response elements returned by the AWS service. This information can help you track changes to AWS resources and help you troubleshoot operational problems. CloudTrail makes it easy for you to ensure compliance with internal policies and regulatory standards. An event contains information about the activity: the originator of the request, the service used, the operation performed, the parameters of the operation, and the response elements returned by the AWS service. Capture various operations done by the AWS account, including AWS API calls and related events, and upload the log file to S3. After uploading the log file to S3, you can choose to trigger SNS for notification, or you can pass the event to the CloudWatch monitoring log group log file. In S3, you can use SSE encrypted storage to define the life cycle of archiving or deleting logs. API calls generate log files in about 15 minutes and will be released every 5 minutes by default. And retain 90-day record configuration CloudTrail for all regions each Region uses the same configuration and policy all logs will be delivered to a single specified S3 bucket, which is the default configuration of CloudTrail, and it is recommended that each region of CloudTrail handle its own Trail log logs separately to its own S3 bucket CloudTrail trace by setting CloudTrail trace You can pass CloudTrail events to Amazon S3, Amazon CloudWatch Logs, Amazon CloudWatch Events. This allows you to take advantage of a variety of features to help archive, analyze, and respond to changes that have occurred in AWS resources. Applying a trace to all regions means creating a track that records AWS account activity in all regions. You only need to call API once or click a few mouse clicks to create and manage traces in all regions within the partition. You will receive a record of account activity across all regions in your AWS account in an S3 bucket or CloudWatch Logs log group. After Global Trail applies a trace to all regions, CloudTrail creates a new trace in all regions by copying the relevant tracking configuration. CloudTrail records and processes log files in each region and transfers log files containing account activity in all AWS regions to an S3 bucket and an CloudWatch Logs log group. Multiple Trail in one AWS area, you can create up to five traces. A trace applied to all areas appears in each area and counts as a trace for each area. With multiple traces, different stakeholders such as security administrators, software developers, and IT auditors can create and manage their own traces. If you enable Logging Global Service in multiple region, it will cause multiple duplicates in the log of Global Service, so it is recommended to enable CloudTrail processing library in only one region. AWS CloudTrail processing library is a Java library that can help you easily build applications that read and process CloudTrail log files. The CloudTrail processing library provides the ability to continuously poll SQS queues, read and parse SQS messages, download log files stored in S3, and parse and serialize events in log files in a fault-tolerant manner. AWS Trusted Advisor overview draws on a large number of best practices to examine the savings of existing opportunities in the AWS environment Suggestions for improving availability and performance and bridging security loopholes suggest viewing the overall status of AWS resources and budget savings through the dashboard best practices for cost optimization security fault tolerance performance improvement color coding: red-recommended action * *-recommended investigation green-No problem detected free check project service limit-check exceeds service limit 80%, based on snapshot There is a delay of about 24 hours for the unrestricted port of the security group-check the port IAM that allows 0.0.0.0plus 0-check if the IAM root account MFA is used-check whether the root account enables MFATrusted Advisor features and functions Notification: free service Send an email every week to get an update on AWS resource deployment Access Management: use IAM to control access to specific inspection items or categories AWS Support API: programmatically retrieve and refresh Trust Advisor results operation links: enter the AWS management console directly through the hyperlink in the report to make recent changes according to the recommendations: track recent changes on the console dashboard In addition to items: custom do not check irrelevant projects 5 minutes refresh: you can click refresh all or automatically refresh check project AWS Config overview every 5 minutes to provide AWS resource list, Fully managed service for configuration history and configuration change notification supports compliance audit, security analysis, resource change tracking, and troubleshooting by default AWS Config creates a configuration item for every supported resource in the region, and each change generates a history of configuration item changes that can be configured to check whether resource changes are in violation, mark noncompliance and send notifications through SNS to support change management, ongoing audit and compliance, troubleshooting, security and event analysis AWS Config can enable AWS Config to aggregate data across multiple accounts However, the cross-account preset rule Config RuleConfig rule represents the expected configuration of a resource, and its evaluation is based on the configuration changes of the related resources recorded in the AWS Config. The results of the evaluation rules for resource configuration can be viewed in the dashboard. Using Config rules, you can assess overall compliance and risk status from a configuration perspective, view compliance trends over time, and identify which configuration changes have caused resources to break out of compliance. Config rules do not directly affect the way end users use AWS. It evaluates the resource configuration only after the configuration changes have been completed and recorded by AWS Config. Config rules do not prevent users from making changes that may not be compliant. The Config rule evaluates the rule after the resource's configuration item (CI) is captured by AWS Config. It does not evaluate rules before preset resources or change resource configuration. By default, you can create up to 50 rules in your AWS account. Any rule can be created as a rule triggered by a change or as a recurring rule. Rules triggered by changes are executed after AWS Config records configuration changes for any specified resource. In addition, you must specify one of the following: tag key: (optional): tag key: value means that any configuration change for a resource record with the specified tag key: value will trigger rule evaluation. Resource type: any configuration changes recorded for any resource within the specified resource type will trigger rule evaluation. Resource ID: any change to the resource record specified for the resource type and resource ID triggers rule evaluation. Periodic rules are triggered at the specified frequency. Available frequencies are 1 hour, 3 hours, 6 hours, 12 hours, or 24 hours. A recurring rule has a complete snapshot of the current configuration item (CI) of all resources that apply to the rule. A Config Items configuration item (CI) refers to the configuration of a resource at a given point in time. CI consists of five parts: basic information about resources common to different resource types (such as Amazon Resource name, label), resource-specific configuration data (such as EC2 instance type), mapping to other resources (such as EC2::Volume vol-3434df43 "attach to instance" EC2 Instance i-3432ee3a), AWS CloudTrail event ID related to this state, Metadata that helps you identify information about CI, such as the version of the CI, and when the CI was captured. AWS Config detects resource configuration changes and records the configuration status caused by the changes. If multiple configuration changes are made to the resource one after another (for example, in a few minutes), Config will only record the final configuration that represents the cumulative impact of this set of changes. With AWS Config, you can record configuration changes to software within the EC2 instance in your AWS account, as well as to virtual machines (VM) or servers in your local environment. The configuration information recorded by AWS Config includes operating system updates, network configuration, installed applications, and so on. Integration of AWS Config and CloudTrail if the resource configuration change is the result of the API call, AWS Config will also record the ID corresponding to the CloudTrail event and the API call to modify the resource configuration, as well as the caller, call event and IP address log to facilitate troubleshooting. Welcome to scan the code and follow us for more information.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.