Module 7: Monitoring and Analytics

學習目標

• 監控 AWS 環境的方法
• Amazon CloudWatch 優點
• AWS CloudTrail 優點
• AWS Trusted Advisor 優點

Monitoring

Observing systems, collecting metrics, and then using data to make decisions.

Amazon CloudWatch

A web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics.

功能

• Monitor your AWS infrastructure and resources in real time
• Monitor your resources’ utilization and performance
• View metrics and graphs to monitor the performance of resources
• Metrics: Variables tied to your resources
• Access metrics from a single dashboard (CloudWatch dashboard)
• Configure automatic actions and alerts in response to metrics
• CloudWatch alarms + SNS

優點

• Access all your metrics from a central location.
• Gain visibility into your applications, infrastructure, and services.
• Reduce MTTR and improve TCO.
• MTTR (mean time to resolution)
• TCO (total cost of ownership)
• Drive insights to optimize applications and operational resources.

AWS CloudTrail

AWS CloudTrail records API calls for your account. The recorded information includes the identity of the API caller (who), the time of the API call (when), the source IP address of the API caller (where), and more. 

功能

• Track user activities and API requests throughout your AWS infrastructure
• Every request gets logged in the CloudTrail engine.
• Events are typically updated in CloudTrail within 15 minutes after an API call.
• Filter logs to assist with operational analysis and troubleshooting
• Automatically detecting unusual account activity 
• CloudTrail Insights (optional feature)

AWS CloudTrail event

CloudTrail Event History: On January 1, 2020 at 9:00 AM, IAM user John created a new IAM user (Mary) through the AWS Management Console.

AWS Trusted Advisor

A web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices.

功能

• Receiving real-time recommendations for improving your AWS environment
• Comparing your infrastructure to AWS best practices in 5 categories
• The guidance provided by AWS Trusted Advisor can benefit your company at all stages of deployment. 

5 pillars

1. Cost optimization 
• Unused or idle resources that could be eliminated and provide cost savings
2. Performance
• High-utilization EC2 instances
• EBS Volumes Throughput Optimization
3. Security
• Review permissions and identify which AWS security features to enable
• IAM Password Policy
• MFA on Root Account
• Security Groups - Specific Ports Unrestricted
4. Fault tolerance
• Amazon EBS Snapshots (backup)
• Amazon EC2 Availability Zone Balance
5. Service limits
• Tell you when you are approaching or hitting AWS service limits. (soft limits)
• e.g. VPC, VPC Internet Gateways, Auto Scaling Groups

AWS Trusted Advisor dashboard (AWS Management Console)

• For each category:
• Green check: Indicates the number of items for which it detected no problems
• Orange triangle: Represents the number of recommended investigations
• Red circle: Represents the number of recommended actions