AWS Monitoring and Notification services
AWS allows you to launch hundreds of services, as and when your environment grows it becomes a tedious task to monitor all services manually and to keep everything running smoothly.
So, let's explore what services does AWS provides to automatically monitor your environment uptime, health, and security.
AWS CloudWatch - CloudWatch monitors your EC2 instances, EBS volume metrics, and applications. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers. You can use CloudWatch to set billing alarms that trigger alerts when a set amount range is breached. Likewise, alerts can be set for EC2 metrics, EBS volumes, and SNS topics.
CloudWatch Logs automatically collects logs from many AWS services. You can also use the unified CloudWatch agent to collect and store logs from your custom applications and services.
Benefits - Observability on a single platform across applications and infrastructure, Easiest way to collect metrics in AWS and on-premises, Improve operational performance and resource optimization, Get operational visibility and insight, Derive actionable insights from logs.
Use cases - Infrastructure monitoring and troubleshooting, Mean-time-to-resolution improvement, Proactive resource optimization, Application monitoring, and Log Analytics.
Read in detail about the CloudWatch in the below AWS official documentation.
- — — — — — — — — — — — — — — — — — — — — — — — — — -
AWS CloudTrail - CloudTrail is a web service that records every AWS API call (ex: launch/terminate the instance, launch bucket, etc)made in your account and delivers them to you in a log file. AWS enables CloudTrail by default to monitor the logs for the past 90 days.
CloudTrail log consists of information such as who made the API call, when and from where it was called, which service was called, source IP address, and few other important details. It collects two types of events management and data events.
AWS CloudTrail allows us to write logs to CloudWatch Logs and create a CloudWatch alarm when a specific API call is made. For example, when EC2 terminate API call is made we can set up a CloudWatch alarm so that the responsible team is updated on this API call.
With AWS CloudTrail, you can discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your AWS account within a specified period of time.
Benefits - Simplified compliance, Visibility into user and resource activity, Security analysis and troubleshooting, Security automation.
Use case - Compliance aid, Security analysis, Data exfiltration, Operational issue troubleshooting, and Unusual activity detection.
— — — — — — — — — — — — — — — — — — — — — — — — — —
AWS SNS - Simple Notification Service is a fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P) communication. We need to create an SNS topic ( it is a logical access point that acts as a communication channel) when a CloudWatch alarm needs to be sent to subscribers. The A2P functionality enables you to send messages to users at scale via SMS, mobile push, and email.
AWS SNS allows you to send messages directly to millions of users, reliably deliver messages, ensure accuracy with message ordering and deduplication, Simplify your architecture with Message Filtering.
Learn more details here https://aws.amazon.com/sns/
— — — — — — — — — — — — — — — — — — — — — — — — — — -
AWS VPC Flow Logs - VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs or Amazon S3. After you’ve created a flow log, you can retrieve and view its data in the chosen destination.
VPC Flow Logs can be enabled at ENI (Elastic Network Interface) level, Subnet level, or at the VPC level, and this granularity helps you in troubleshooting network issues at various stages with clarity.
Flow log data is collected outside of the path of your network traffic, and therefore does not affect network throughput or latency. You can create or delete flow logs without any risk of impact on network performance.
— — — — — — — — — — — — — — — — — — — — — — — — — — -
AWS WAF - Web Application Firewall helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that control bot traffic and block common attack patterns, such as SQL injection or cross-site scripting. You can also customize rules that filter out specific traffic patterns.
You can deploy AWS WAF on Amazon CloudFront as part of your CDN solution, the Application Load Balancer that fronts your web servers or origin servers running on EC2, Amazon API Gateway for your REST APIs, or AWS AppSync for your GraphQL APIs. With AWS WAF, you pay only for what you use and the pricing is based on how many rules you deploy and how many web requests your application receives.
— — — — — — — — — — — — — — — — — — — — — — — — — —
Your suggestions or feedbacks matters a lot!!! Please do like, share and subscribe to spread the word about Cloud Computing.
Follow my page to keep updated with new AWS Services and releases.
@ yogendrahj.medium.com
LEARN and BE CURIOUS!!!!!
Happy Learning,
Yogendra.
