Monitoring an AWS Infrastructure

Being an AWS Consulting Partner means pro-active and constant watch on the AWS console.

Monitoring an AWS Infrastructure

July 16, 2018 / Nirav Shah

Clear strategy saves a lot of time and future pain.

Keeping above line in mind we advise to follow below set of rules for monitoring an AWS infrastructure.

  1. Elastic Load Balaner
  2. WebServer EC2 instance
  3. PostgreSQL isntance
  4. S3 Buckets

We can make the infrastructure smooth and fine by applying various cloud watch monitoring and alerts.

At VPC Level

1.1 AWS Identity and Access Management (IAM)

IAM enables you to securely control how users create, configure, change, and delete AWS network resources. For example, an IAM Network Administrator group or role can be granted permission to administer VPCs, subnets, route tables, gateways, and peering connections while a Developer group can be granted more restrictive, view-only access to these resources, or permission to launch Amazon Elastic Compute Cloud (Amazon EC2) instances into only specific VPCs or subnets. Granular permissions can be used to restrict other network-related tasks, such as API calls that modify a security group or VPC route table changes.

1.2 AWS Cloud Trail and Cloud Watch

AWS Cloud Trail provides a history of AWS API calls for an account, including API calls made via the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services (such as AWS Cloud Formation). This AWS API call history enables security analysis, resource change tracking, and compliance auditing. You can also deliver CloudTrail data to Cloud Watch Logs to store, monitor, and process API calls for network-specific changes and to send appropriate notifications.

1.3 VPC Flow Logs

VPC Flow Logs capture network flow information for a VPC, subnet, or network interface in Amazon Cloud Watch Logs. Flow logs can help you with a number of tasks, such as troubleshooting why specific traffic is not reaching an instance, which in turn can help you diagnose overly restrictive security group rules. You can also use flow logs as a security tool to monitor the traffic that is reaching your instance, to profile your network traffic, and to look for abnormal traffic behaviours.

At EC2 Level

After you launch an instance, you can open the Amazon EC2 console and view the monitoring graphs for an instance on the Monitoring tab. Each graph is based on one of the available Amazon EC2 metrics.
We should consider the following implementations:

Metric Name



Average CPU Utilization Percent With Alarm
Memory usage Custom Matrix With Alarm
DiscSpace Usage Custom Matrix With Alarm
Maximum Network In Bytes
Maximum Network Out Bytes
Summary Disk Read Operations Count
Summary Disk Write Operations Count
Summary Status Instance Count With Alarm
Summary Status System Count With Alarm

At Load Balancer Level

You can view the Cloud Watch metrics for your load balancers using the Amazon EC2 console. These metrics are displayed as monitoring graphs. The monitoring graphs show data points if the load balancer is active and receiving requests.

Metric Name



Healthy Hosts UnHealthy Host Count With Alarm
Unhealthy Hosts UnHealthy Host Count With Alarm
Average Latency Latency
Sum Requests Request Count
Backend Connection Errors Backend Connection Errors With Alarm
Surge Queue Length Surge Queue Length With Alarm
Spillover Count Spillover Count With Alarm
Sum HTTP 2XXs HTTPCode_Backend_2XX
Sum HTTP 4XXs HTTPCode_Backend_4XX With Alarm
Sum ELB HTTP 4XXs HTTPCode_ELB_4XX With Alarm

At RDS Level

You can monitor DB instances using Amazon Cloud Watch, which collects and processes raw data from Amazon RDS into readable, near real-time metrics. These statistics are recorded for a period of two weeks, so that you can access historical information and gain a better perspective on how your web application or service is performing

Metric Name


CPU Utilization With Alarm
Burst Balance
CPU Credit Balance
Database Connections With Alarm
Disk Queue Depth
Freeable Memory With Alarm
Free Storage Space With Alarm
Network Receive Throughput
Network Transmit Throughput
ReplicaLag – if multi az deployment

At Cloud Front Level

Amazon Cloud Front integrates with Amazon Cloud Watch metrics so that you can monitor your website or application. Cloud Front currently provides six free metrics.

Metric Name


Bytes Downloaded
Bytes Uploaded
Total Error Rate With Alarm
4xx Error Rate With Alarm
5xx Error Rate With Alarm

Talk to AWS Certified Consultant

    Spread Love By Sharing:

    Let Us Talk About Your AWS Development Requirements

    Have queries about your AWS project ideas and concepts? Please drop in your project details to discuss with our AWS experts, professionals and consultants.

    • Swift Hiring and Onboarding
    • Experienced and Trained AWS Team
    • Quality Consulting and Programming
    Let’s Connect and Discuss Your Project