[AWS] CloudWatch

CloudWatch is a collection of services that monitor/observe cloud resources – via metrics, logs, and events – and provide actionable insights.

  • CloudWatch monitors the performance of AWS services – a repository service for metric data.
  • CloudWatch logs the events and visualizes them.

Amazon CloudWatch


  • Collect metrics on AWS and on premises
    • A metric is a set of data points over time. (ex. CPU Utilization of EC2 instances)
  • Enhance operational visibility and insights
    • Metrics can be configured with alarms that can take actions.
  • Improve resource optimization
    • for example, auto-scaling is dependent on CloudWatch to trigger the addition or removal of instances.

Data Retention

  • one-hour metrics (for 455 days)
  • five-minute metrics (for 63 days)
  • one-minute metrics (for 15 days)

Monitoring Plans

  • Basic: Data is available in 5-minute periods at no charge.
  • Detailed: Data is available in 1-minute periods with an additional charge.

CloudWatch Services

CloudWatch is a collection of services: Alarms, Logs, Metrics, and Events.


An alarm watches a metric over a specified time period and performs one or more specified actions, based on the value of the metric relative to a threshold over time.

  • Alarm State
    • Insufficient: not enough data
    • Alarm: the threshold is breached.
    • OK: The metric is within the defined threshold.
  • The components of alarms are:
    • Metric: The data points being measured
    • Threshold: the criteria to check it is normal or abnormal
    • Period: How long the state over the threshold is bad before an alarm is generated
    • Action: What needs to be done when an alarm is triggered
      • SNS Notification
      • EC2 Actions: Stop, terminate, or reboot an EC2 instance
      • Auto Scaling Actions: Execute an Auto Scaling policy


  • A time-ordered set of data points
  • Exist only in a region where they are created
  • Cannot be deleted. But old data are aggregated, and data older than 15 months are dropped.

CloudWatch Components


  • A container for ClouldWatch metrics
  • the naming convention: aws/service


  • A name/value pair that uniquely identifies a metric.


  • Aggregated metric data over specified periods of time
  • Minimum, Maximum, Average, Sum, SampleCount …

CloudWatch and EC2 Instances

CloudWatch does not collect some metrics for EC2 instances. You need to install a CloudWatch agent in the instances.

  • Default Metrics:
    • Host Level metrics:
      • CPU Utilization, Disk Reads/Writes, and Network Utilization (Network In/Out)
  • Custom Metrics with CloudWatch agents:
    • EC2 does not send OS-level metrics to CloudWatch
    • Memory utilization, processes, and disk space/swap usages

How to setup the CloudWatch Agent

  1. Create a role
    • Add a managed permission “CloudWatchAgentServerPolicy
  2. Create an EC2 Instance
    • Attach the role to the instance – IAM Instance Profile
  3. Connect the created EC Instance
    • Setup the instance using the following script
**** 1. Update
yum update -y

**** 2. Install/Configure the CloudWatch Agent: 
sudo yum install amazon-cloudwatch-agent -y
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard

**** Select the default value for most cases
**** Say no to monitoring CollectD ****
**** Monitor /var/log/messages ****

**** 3. Config file
cd /opt/aws/amazon-cloudwatch-agent/bin
****   /opt/aws/amazon-cloudwatch-agent/bin/config.json is the config file

**** 4. Start the CloudWatch Agent
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json

CloudWatch Logs

CloudWatch Logs is a service for centralizing logs. It stores, monitors, and accesses logs from AWS services and applications.

  • “CloudWatch Logs” accepts connections from AWS services (such as EC2, Lambda, or CloudTrail), from API streams (from a custom application), or CloudWatch agents.
    • You can review logs as a flow of time-ordered events.
  • A metric filter uses pattern matches to analyze logs and create metrics.
  • A log event is a timestamp and a raw message.
  • A log stream is a sequence of log events with the same source.
  • A log group is a container for log streams. It controls retention, monitoring, and access. You can set filters in a group.

CloudWatch Insights

CloudWatch Insights is an enhanced-service for monitoring some AWS services and your applications It collects, aggregates, and summarizes logs and metrics. CloudWatch Logs Insights lets you query logs to help respond to operational issues more efficiently.

  • Container Insights
    • for containerized applications and services
  • Lambda Insights
    • for detailed performance metrics and logs of your lambda functions
  • Application Insights
    • for resources and work-load specific metrics of your application

CouldWatch Events

CloudWatch Events has been replaced with EventBridge.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s