Monitoring an AWS Infrastructure
Being an AWS Consulting Partner means pro-active and constant watch on the AWS console.
Being an AWS Consulting Partner means pro-active and constant watch on the AWS console.
July 16, 2018 / Nirav Shah
Clear strategy saves a lot of time and future pain.
Keeping above line in mind we advise to follow below set of rules for monitoring an AWS infrastructure.
We can make the infrastructure smooth and fine by applying various cloud watch monitoring and alerts.
1.1 AWS Identity and Access Management (IAM)
IAM enables you to securely control how users create, configure, change, and delete AWS network resources. For example, an IAM Network Administrator group or role can be granted permission to administer VPCs, subnets, route tables, gateways, and peering connections while a Developer group can be granted more restrictive, view-only access to these resources, or permission to launch Amazon Elastic Compute Cloud (Amazon EC2) instances into only specific VPCs or subnets. Granular permissions can be used to restrict other network-related tasks, such as API calls that modify a security group or VPC route table changes.
1.2 AWS Cloud Trail and Cloud Watch
AWS Cloud Trail provides a history of AWS API calls for an account, including API calls made via the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services (such as AWS Cloud Formation). This AWS API call history enables security analysis, resource change tracking, and compliance auditing. You can also deliver CloudTrail data to Cloud Watch Logs to store, monitor, and process API calls for network-specific changes and to send appropriate notifications.
1.3 VPC Flow Logs
VPC Flow Logs capture network flow information for a VPC, subnet, or network interface in Amazon Cloud Watch Logs. Flow logs can help you with a number of tasks, such as troubleshooting why specific traffic is not reaching an instance, which in turn can help you diagnose overly restrictive security group rules. You can also use flow logs as a security tool to monitor the traffic that is reaching your instance, to profile your network traffic, and to look for abnormal traffic behaviours.
After you launch an instance, you can open the Amazon EC2 console and view the monitoring graphs for an instance on the Monitoring tab. Each graph is based on one of the available Amazon EC2 metrics.
We should consider the following implementations:
Metric Name |
Unit |
Suggestion |
|---|---|---|
| Average CPU Utilization | Percent | With Alarm |
| Memory usage | Custom Matrix | With Alarm |
| DiscSpace Usage | Custom Matrix | With Alarm |
| Maximum Network In | Bytes | – |
| Maximum Network Out | Bytes | – |
| Summary Disk Read Operations | Count | – |
| Summary Disk Write Operations | Count | – |
| Summary Status Instance | Count | With Alarm |
| Summary Status System | Count | With Alarm |
You can view the Cloud Watch metrics for your load balancers using the Amazon EC2 console. These metrics are displayed as monitoring graphs. The monitoring graphs show data points if the load balancer is active and receiving requests.
Metric Name |
Unit |
Suggestion |
|---|---|---|
| Healthy Hosts | UnHealthy Host Count | With Alarm |
| Unhealthy Hosts | UnHealthy Host Count | With Alarm |
| Average Latency | Latency | – |
| Sum Requests | Request Count | – |
| Backend Connection Errors | Backend Connection Errors | With Alarm |
| Surge Queue Length | Surge Queue Length | With Alarm |
| Spillover Count | Spillover Count | With Alarm |
| Sum HTTP 2XXs | HTTPCode_Backend_2XX | – |
| Sum HTTP 4XXs | HTTPCode_Backend_4XX | With Alarm |
| Sum ELB HTTP 4XXs | HTTPCode_ELB_4XX | With Alarm |
You can monitor DB instances using Amazon Cloud Watch, which collects and processes raw data from Amazon RDS into readable, near real-time metrics. These statistics are recorded for a period of two weeks, so that you can access historical information and gain a better perspective on how your web application or service is performing
Metric Name |
Suggestion |
|---|---|
| CPU Utilization | With Alarm |
| Burst Balance | – |
| CPU Credit Balance | – |
| Database Connections | With Alarm |
| Disk Queue Depth | – |
| Freeable Memory | With Alarm |
| Free Storage Space | With Alarm |
| Network Receive Throughput | – |
| Network Transmit Throughput | – |
| ReplicaLag – if multi az deployment | – |
| WriteIOPS | – |
Amazon Cloud Front integrates with Amazon Cloud Watch metrics so that you can monitor your website or application. Cloud Front currently provides six free metrics.
Metric Name |
Suggestion |
|---|---|
| Requests | – |
| Bytes Downloaded | – |
| Bytes Uploaded | – |
| Total Error Rate | With Alarm |
| 4xx Error Rate | With Alarm |
| 5xx Error Rate | With Alarm |
As a Director of Eternal Web Private Ltd an AWS consulting partner company, Nirav is responsible for its operations. AWS, cloud-computing and digital transformation are some of his favorite topics to talk about. His key focus is to help enterprises adopt technology, to solve their business problem with the right cloud solutions.
Have queries about your AWS project ideas and concepts? Please drop in your project details to discuss with our AWS experts, professionals and consultants.
