Documentation
Cloud
AWS
Monitoring
CloudWatch

CloudWatch

AWS CloudWatch 筆記。

Concepts

Log Events

  • Always belong to a log stream
  • An individual log line or statement

Log Group

  • Provides ability to group related log events together
  • One application maps to its own Log Group or consists of multiple services’ logs

Log Stream

  • A Log Group can have many Log Streams
  • Represents all log events from a particular source (e.g., specific log file on EC2 instance)

Filtering

Two filter patterns: {} and $.

{$.channel = "github"}
{$.event = "user_login" && $.channel = "google"}

Log Insights Queries

CSV Format:

fields @message
| parse @message "*,*,*" as timestamp, username, action
| filter action = "Login"
| sort @timestamp desc
| display timestamp, username, action

JSON Format:

fields @timestamp, user_id, event, channel
| filter @logStream = "first_stream"
| filter event = "user_login"
| sort @timestamp desc
| display @timestamp, user_id, event, channel

Metrics

  • Variable to monitor: CPU Utilization, Network, Billing, Status Checks, etc.
  • Default metrics: 5 min intervals
  • Detailed Monitoring ($$$): 1 minute intervals

Common Metrics

ServiceMetrics
EBSDisk Read/Writes
S3BucketSizeBytes, NumberOfObjects, AllRequests
BillingTotal Estimated Charge (us-east-1 only)
Service LimitsAPI usage
CustomPush your own metrics

Key Concepts

  • Namespace: Container for CloudWatch metrics
  • Dimension: Name/value pair that is part of the identity of a metric (up to 10 per metric)
  • Data Point: Specific data value collected over a period of time

Alarms

  • Trigger notifications for any metrics
  • Actions: Auto Scaling, EC2 Action, SNS notifications
  • Can choose the period on which to evaluate

Logs

Collect logs from:

  • Elastic Beanstalk: Application logs
  • ECS: Container logs
  • Lambda: Function logs
  • CloudTrail: Based on filter
  • CloudWatch Log Agent: EC2 or on-premises servers
  • Route53: DNS queries

Features:

  • Real-time monitoring
  • Adjustable retention

CloudWatch Agent

By default, no logs from EC2 go to CloudWatch. You need to:

  1. Run CloudWatch agent on EC2
  2. Ensure IAM permissions are correct
CloudWatch Diagram

Setup Options

System Manager Automated Install:

  1. Create IAM Roles: CloudWatchAgentServerPolicy, AmazonSSMManagedInstanceCore
  2. Attach roles to EC2 instance
  3. System Manager → Run Command → AWS-ConfigureAWSPackage
  4. Action: Install, Name: AmazonCloudWatchAgent, Version: latest

Manual Install:

  • IAM Roles: CloudWatchAgentServerPolicy, CloudWatchFullAccess

Sharing Dashboard

  • Require username and password
  • Publicly accessible URL
  • Using SSO
Systems Manager