Module 7 - Monitoring and Analytics

Module 7 - Monitoring and Analytics

Learning Objective 

In this module, you will learn how to:

• Summarize approaches to monitoring your AWS environment.
• Describe the benefits of Amazon CloudWatch.
• Describe the benefits of AWS CloudTrail.
• Describe the benefits of AWS Trusted Advisor.

Amazon CloudWatch 

Aa web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics.

It uses metrics to represent the data points for your resources. AWS services send metrics to CloudWatch. It then uses these metrics to create graphs automatically that show how performance has changed over time. 

It integrate with SNS for alert
CloudWatch dashboard
Metrics from a central location

AWS CloudTrail
records API calls for your account.  Who did what when and from were 
aws auditing conconst

Question
Which tasks can you perform using AWS CloudTrail? (Select TWO.)
Track user activities and API requests throughout your AWS infrastructure
Filter logs to assist with operational analysis and troubleshooting

AWS Trusted Advisor

Trusted Advisor compares its findings to AWS best practices in five categories: 
cost optimization, 
performance
security
fault tolerance
and service limits
For the checks in each category, Trusted Advisor offers a list of recommended actions and additional resources to learn more about AWS best practices. 
When you access the Trusted Advisor dashboard on the AWS Management Console, you can review completed checks for cost optimization, performance, security, fault tolerance, and service limits.
For each category:
Green check indicates the number of items for which it detected no problems.
Orange triangle represents the number of recommended investigations.
Red circle represents the number of recommended actions.

CloudTrail Insights

Within CloudTrail, you can also enable CloudTrail Insights. This optional feature allows CloudTrail to automatically detect unusual API activities in your AWS account. 

For example, CloudTrail Insights might detect that a higher number of Amazon EC2 instances than usual have recently launched in your account. You can then review the full event details to determine which actions you need to take next.

Example: AWS CloudTrail event

Suppose that the coffee shop owner is browsing through the AWS Identity and Access Management (IAM) section of the AWS Management Console. They discover that a new IAM user named Mary was created, but they do not who, when, or which method created the user.

To answer these questions, the owner navigates to AWS CloudTrail.

Questions
Which actions can you perform using Amazon CloudWatch? (Select TWO.)
Monitor your resources’ utilization and performance
Access metrics from a single dashboard

Note:
Receiving real-time recommendations for improving your AWS environment can be performed by AWS Trusted Advisor.
Comparing your infrastructure to AWS best practices in five categories can be performed by AWS Trusted Advisor.

Question
Which service enables you to review the security of your Amazon S3 buckets by checking for open access permissions?


Note
Amazon CloudWatch is a web service that enables you to monitor and manage various metrics for the resources that run your applications.
AWS CloudTrail is a web service that enables you to review details for user activities and API calls that have occurred within your AWS environment.
Amazon GuardDuty is a service that provides intelligent threat detection for your AWS environment and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment.

QUESTION
Which categories are included in the AWS Trusted Advisor dashboard? (Select TWO.)
Performance
Fault tolerance
AWS Trusted Advisor continuously inspects your AWS environment and provides best practice recommendations across five categories: cost optimization, performance, security, fault tolerance, and service limits.