Sushant Patil Cloud Support Engineer AWS Premium Support

Sushant Patil Cloud Support Engineer, AWS Premium Support © 2019 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 1

When to use Cloud. Watch • AWS and on-premise resource performance monitoring and alerting • Ingesting and analyzing logs from various AWS and on-premise resources • Invoking targets based on near realtime events within AWS environment, scheduled events and/or custom events Monitoring Alarms Logs Events

Cloud. Watch Monitoring © 2019 Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Cloud. Watch Monitoring Standard Metrics AWS Services send (push) metrics to Cloud. Watch • All AWS services metrics are within namespace starting with "AWS/” • Only exception is AWS WAF service metrics are within "WAF" namespace • Cloud. Watch never polls AWS services for metrics © 2019 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Custom Metrics Customers can publish custom metrics to Cloud. Watch • Directly running Put. Metric. Data API action • Using custom scripts which calls Put. Metric. Data API action • Using AWS provided "Linux Monitoring scripts”, "Unified Cloud. Watch Agent" 4

Metric Publication – Put. Metric. Data API Metrics can be published as: Individual Datapoints Statistics Sets aws cloudwatch put-metric-data --region ap-southeast-2 -namespace test --metric-name cwlab --value 4 aws cloudwatch put-metric-data --region ap-southeast-2 -metric-name Page. View. Count --namespace My. Service --statistic -values Sum=11, Minimum=2, Maximum=5, Sample. Count=3

Metrics – Customer Scenario

Cloud. Watch Alarms © 2019 Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Alarm Evaluation & States Interval • Standard alarms get evaluated each minute. • High resolution alarms get evaluated each 10 seconds. States • OK • ALARM • INSUFFICIENT_DATA

Alarm Evaluation - Settings Period (p) • Length of time to create each individual data point for an alarm. • Expressed in seconds © 2019 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Evaluation Periods (N) • Number of the most recent periods/datapoints to determine the alarm state • Evaluation Interval = p*N Datapoints to Alarm (M) • Number of datapoints within Evaluation Period that must all be breaching to cause the alarm to go in ALARM state. • M must be less than or equal to N 9

Cloud. Watch Logs

Publishing Logs – Log Agent AWS has provided the following log agents for Linux and Windows based systems which allow customers to publish log events from EC 2 or on-premises server: Unified Cloud. Watch Agent • For both metrics and logs collection • Collects from EC 2 or on-premises servers running Linux or Windows (Old) Cloud. Watch Logs Agent • For collection of logs from Linux SSM Agent / EC 2 Config Service • • For collection of metrics and logs from Windows-based instances Will be deprecated in the future

Publishing Logs – AWS services Various AWS services also publish logs to Cloud. Watch. Here a few examples: Cloud. Trail events VPC Flow Logs

Cloud. Watch Logs Use Cases Metric Filter Subscription Filter Export Logs to S 3 Use metric filters to extract metric observations from ingested events and transform them to data points in a Cloud. Watch metric

Cloud. Watch Logs Use Cases Metric Filter Subscription Filter Export Logs to S 3 • Use to stream specific or all logs events in near real time to destinations for custom processing, analysis, or loading to other systems • Cloud. Watch Logs can be streamed to following destinations: • • Lambda Amazon Kinesis Stream Amazon Kinesis Firehose Elastic. Search via Lambda

Cloud. Watch Logs Use Cases Metric Filter Subscription Filter • For archival purposes • For analysis via Athena Export Logs to S 3

Analyzing Cloud. Watch Logs Log Insights: • Search and analyze log data in Cloud. Watch Log Group • Supports a query language used to perform queries on log groups • Provides quick start access through sample queries and log field discovery • Automatically discovers fields in logs from AWS services such as Amazon Route 53, AWS Lambda, AWS Cloud. Trail, Amazon VPC, and any application or custom log that emits log events as JSON

Cloud. Watch Events

Cloud. Watch Events • Regional AWS service • Takes action based on events occurring in the environment • Able to schedule actions and send custom events • Invokes built-ins such as taking an EBS snapshot • Sends the event to: • • Lambda functions SNS/SQS Kinesis Any other destination

Cloud. Watch Events Components Events are generated by an Event Source and sent to CW Events which are then processed against the rules that are setup up and upon match are sent to target(s) © 2019 Amazon Web Services, Inc. or its Affiliates. All rights reserved. It is possible to use the input transformer feature of Cloud. Watch Events to customize the text that is taken from an event before it is input to the target of a rule. 19

Cloud. Watch Events – Use cases • Schedule Automated builds using Code. Build via scheduled Cloud. Watch Event Rules • Log Amazon S 3 Object-Level Operations by capturing API calls from Cloud. Trail configured for data events via Cloud. Watch Event Rule • Invoke Lambda Function as the target of Cloud. Watch Event Rule to perform custom action when the EC 2 instance within Auto Scaling Group enters LAUNCHING or TERMINATING lifecyle hook • Create an automated snapshot of an existing Amazon Elastic Block Store (Amazon EBS) volume on a schedule using Cloud. Watch Events © 2019 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 20

Q&A

Thank you