AWS ‐ CloudWatch | CloudTrail
CloudTrail collects data related to user activity and API usage for auditing and security purposes, while CloudWatch collects metrics and logs to monitor, manage, and optimize system performance and operational health. Both provide critical insights but serve different aspects of cloud management.
-
Real time monitoring service
-
It is a tool that Collects, Access and Analyze AWS Data.
-
It allows us to Improve operations & Performance
-
It seamlessly integrate many AWS Services and helps Troubleshoot operational problems
- It integrates with Amazon Simple Notification Service (SNS), Amazon EC2 Auto Scaling Services, AWS CloudTrail, AWS IAM
-
It Provides
- Real-Time Monitoring
- Track Metrics
- Custom Dashboards
- Alarm Creation
- System-wide visibility
- It is a centralized log management
- Logs can be viewed in the console
- Log files can be searched
- Logs can be filtered based on specific fields
- Monitor Application Performance
- Test Websites
- Optimize Resources
- Perform Analysis
- Metric Alarms - ex: to get alarms when a particular machine reaches a threshold.
- Composite Alarms - ex: when multiple parameters breaches the threshold
Any action that is taken by user/role/aws service, is recorded as event in this aws cloudtrail.
-
CloudTrail is an Archieve of all the events that could have happened.
-
It supports
- Risk Auditing
- Governance
- Compliance
-
It Provides
- Logging
- Continuous Monitoring
- Account Activity
- Event History
- Management Events
- Data Events
- CloudTrail Insight Events
These events are stored in the JSON format, it can be consumed in the programming interfaces.
-
A log file contains one or more records
-
CloudTrail uses a specific log file name format
-
Ex: AccountId_Cloudtrail_regionname_yyyymmddThhmmZ_uniqueString.filenameformat
-
Limitations are
- Trails per region - i.e logs from application in a region will not be visible in another region.
- Trails per region - i.e logs from application in a region will not be visible in another region.
