</>Học Dev
Bài học

Tuần 8 - Ngày 1: Monitoring và Logging

Tuần 8 – Ngày 1

Tuần 8 - Ngày 1: Monitoring và Logging

1. CloudWatch Deep Dive

CLOUDWATCHCOMPONENTSMETRICS:Standard(1-minutefordetailed)Custom(PutMetricDataAPI)High-resolution(1-second)LOGS:LogGroupsLogStreamsLogEventsMetricFiltersSubscriptionFiltersLogInsights(querylanguage)ALARMS:MetricAlarmsCompositeAlarmsActions:SNS,AutoScaling,EC2DASHBOARDS:Cross-account,cross-regionEVENTS(EventBridge):RulesTargets(Lambda,SNS,etc.)

2. CloudWatch Logs Architecture

LOGSDESTINATIONSSources:EC2(CloudWatchAgent)Lambda(automatic)VPCFlowLogsAPIGatewayManymore...Processing:CloudWatchLogsSubscriptionFilterKinesisLambdaOpenSearchFirehoseStreamsServiceS3

3. X-Ray

Distributed Tracing:
- Trace requests across services
- Service map visualization
- Performance bottleneck identification

Components:
- X-Ray SDK (in application)
- X-Ray Daemon (collects and sends traces)
- X-Ray Console (analysis)

Sampling:
- First request each second: traced
- 5% of additional requests: traced
- Custom sampling rules available

4. CloudTrail

CLOUDTRAILEventTypes:ManagementEvents(default)APIcalls(CreateBucket,RunInstances)DataEvents(extracost)S3objectoperations,LambdainvocationsInsightsEventsUnusualactivitydetectionTrailConfigurations:SingleregionorallregionsOrganizationtrailLogtoS3and/orCloudWatchLogsEncryptionwithKMSBestPractice:-Enableinallregions-LogtocentralizedS3bucket-Enablelogfilevalidation

5. AWS Config

Configurationtrackingandcompliance:Rules:AWSManagedRules(200+)CustomRules(Lambda)Examples:-s3-bucket-public-read-prohibited-encrypted-volumes-iam-password-policyConformancePacks:-Pre-builttemplates-PCIDSS,HIPAA,CIS-Custompacks

Tài liệu tham khảo chính thức

Ngày tiếp theo: EventBridge và Automation