Log files from ec2 instances cloudtrail and other

  • No School
  • AA 1
  • Pikiapiseh
  • 369
  • 100% (4) 4 out of 4 people found this document helpful

This preview shows page 341 - 345 out of 369 pages.

log files from EC2 instances, CloudTrail and other services CloudWatch can archive older log files in S3 and Glacier for long term retention Log Agents can be installed on certain EC2 instances to automatically send log data to CloudWatch With CloudWatch Logs allow: Real time Application and System Monitoring Store log data for as long as needed in highly durable and cost effective storage Use EC2Config service to send a variety of data and log files to CloudWatch including: custom text logs, Event logs, Event Tracing (ETW) logs, and Performance Counter data. CloudWatch Logs agents send log data every five seconds by default and that CloudWatch Logs can ingest, aggregate and monitor any text based common log data or JSON-formatted logs You can retrieve any of your log data using the CloudWatch Logs console, API or through the CLI ExamCollection - Latest Exam Questions & Answers
Image of page 341
CloudWatch Alarms CloudWatch Alarms can be setup to send Amazon SNS messages when an alarm is active An alarm agent monitors a metric over a period of time and performs one or more user defined actions depending on the value of the metric and when it crosses a threshold for a period of time specified A notification is then sent to an SNS topic or another endpoint such as an auto scaling policy Note that: An alarm will invoke an action if the state of change exist for a period of time specified After an alarm has been invoked, addition behaviors is determined by the type of action that was associated with the alarm Alarms invoking SQS policy notifications will continue for periods that the alarm remains active Alarms invoking SNS notifications are only triggered once and no additional action is invoked An alarm can be in the following three states: OK Alarm Insufficient Data (check still in progress) ExamCollection - Latest Exam Questions & Answers
Image of page 342
Cloudwatch Integration with IAM CloudWatch integrates with AWS Identity and Access Management (IAM) so that you can specify which CloudWatch actions a user in your AWS Account can perform IAM policies can be created to give only certain users in your organization permission to use GetMetricStatistics They could then use the action to retrieve data about your cloud resources You cannot use IAM to control access to CloudWatch data for specific resources which is to say, you can’t give a user access to CloudWatch data for only a specific set of instances or a specific Load Balancer Permissions granted using IAM cover all the cloud resources you use with CloudWatch You cannot use IAM roles with the Amazon CloudWatch command line tools You can retrieve CloudWatch metrics using Get requests You can aggregate metrics across length of time etc. when using Detailed Monitoring Cloud Watch cannot be used to aggregate data across regions but can be used to aggregate data across Availability Zones within a Region ExamCollection - Latest Exam Questions & Answers
Image of page 343
Cloudwatch Limitations AWS Accounts are limited to 5000 alarms
Image of page 344
Image of page 345

You've reached the end of your free preview.

Want to read all 369 pages?

  • Fall '19
  • AWS, Amazon Elastic Compute Cloud

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture