Amazon’s CloudWatch is a Cloud Based Monitoring service provided to monitor your AWS cloud resources & the applications running on your AWS resources close to real-time. Using Cloud watch you can monitor AWS resources such as EC2 instances, Amazon Dynamo DB tables, RDS instances, ELBs etc. With Cloud Watch you can gain system wide visibility into your resource utilization, application performance & operational health.
The CloudWatch home page by default displays metrics about every AWS service you use, however custom dashboards can be created to display metrics about your custom applications, and display custom collections of metrics that you choose.
You can access the Cloud Watch Service via the following:
- AWS Management Console
- AWS CLI
- Cloud Watch API
- AWS SDKs
You will need to understand the few CloudWatch Terminologies to understand the use of AWS CloudWatch:
- Namespaces: It can be referred to as a container for CloudWatch metrics. Metrics from different namespace are isolated from each other so metrics from different applications are not aggregated or mixed up. No default namespace is present hence you must create a one while you create a metric.
- Metrics: Metrics are related to data points & are fundamental concept in CloudWatch. Think of metric as a variable and data point as value of that variable over time. AWS services send metrics to CloudWatch, and you can send your own custom metrics to CloudWatch. Metrics are local to a region in which they are created and they cannot be deleted so they expire after 15 months.
- Time Stamps: Each metric data point must be associated with a time stamp. The time stamp can be up to two weeks in the past and up to two hours into the future. If you do not provide a time stamp, CloudWatch creates a time stamp for you based on the time the data point was received.
- Alarms: You can use alarms to trigger automatic actions on your behalf. Alarm will look for a single metric over a specified time period and performs one or more actions based on the value of the metric relative to the threshold defined by the user. The action is a notification sent to an Amazon SNS topic or an Auto Scaling policy. CloudWatch monitors EC2 instance be default every 5 minutes however you can enable detailed monitoring for your EC2 instances which then monitors it every 60 seconds.
AWS CloudWatch service work flow can be defined as under:
- Collect: AWS CloudWatch service collects and stores logs from your resources, applications & services in real time. Logs may include
- VPC flow logs, Route 53 logs.
- Logs from services i.e. API Gateway, AWS Lambda, and AWS Cloudtrail.
- Custom logs/metrics
- Cloud Watch allows you to collect default metrics from more than 70 AWS services, such as Amazon EC2, Amazon Dynamo DB, Amazon S3, Amazon ECS, AWS Lambda, and Amazon API Gateway, without any action on your part.
- Monitor: AWS CloudWatch monitors the metrics/logs collected from the AWS resources and provides you with unified dashboard having graphical representation to visualize your Cloud resources. For example you can visualize CPU utilization & memory for any application integrated with CloudWatch. This unified view helps you monitor your Cloud environment from a single pane of glass and makes Cloud operations easy.
- Act: Cloud Watch allows you to respond quickly to any changes on your Cloud Resources and triggers an alarm to take the corrective actions immediately. For example you can trigger automatic auto scaling action if a defined threshold value is breached on a metric.
- Analyze: AWS CloudWatch has a can store the logs and metrics data as old as 15 months post which the data is purged. Hence you can monitor trends on your historic and current data stored. For example you can check what was the CPU/ memory utilization on your EC2 instance today to any time in the past.
- Compliance and Security: Amazon CloudWatch is integrated with AWS Identity and Access Management(IAM) so that you can control which users and resources have permission to access your data and how they can access it.
Related – IAM (Identity access manager) in AWS