Today's topic on cloud watch vs cloud trail,
it is very easy to get confused between these
two aws services as both of them are aws monitoring and observatory tools,
Also both the services have logging Capabilities,
Today's is all about knowing the difference
between them
1 – What is amazon cloudwatch?
2 – What is amazon cloudtrail?
3 – Difference between cloudwatch and cloudtrail
now moving on to our first topic
1 – What is Amazon Cloudwatch?
Amazon cloudwatch provides real-time monitoring
of aws resources and customer application running on the amazon infrastructure,
cloudwatch collects monitoring of
aws resources and customer application running on the amazon infrastructure
cloudwatch collects monitoring and operational data in the form of logs metrics
and events,
which provides you with unified view of aws resources
applications and services that run on aws cloud or your on-premises servers.
As i've mentioned cloudwatch sorts the data in
the form of logs metrics and events,
so let us talk about them as they will help us
understand cloud watch better.
Metrics
Now you can think of metrics as a variable to
monitor,
this variable could be for example the cpu usage
of a particular ec2 instances,
and the data points represent the value of the
variable over time.
Logs
Logs are nothing but every time specific
activity that has occurred using your aws resources,
this can be helpful in performing queries so that
you can effectively and efficiently respond to the operational issues.
Events
now an event indicates a change in your aws environment,
like aws resources can generate events when the
state changes.
for illustration amazon ec2 generates an event
when the state of an ec2 case changes from pending to running.
Another example would be amazon ec2 auto scaling
generating events when it launches or terminate in sensors.
Alarms
now this is used to automatically initiate
actions on your behalf,
you will have to set a trigger or you could say
a condition upon which it would perform its action,
it watches a single matrix over a time period
and performs one or more specified action,
These were some of the important cloud watch concepts.
Types of monitoring
available in cloudwatch
Basic monitoring
It is free and it collects data at a 5-minute
time interval,
by default when you provision your aws resources,
all the aws resources accept elastic load balancing
and relational database services start with the basic monitoring mode only.
now elastic load balancing and relational
database services monitor the resources at one minute interval.
for other coffers voluntarily you can switch the
monitoring mode to detailed monitoring.
Detail monitoring
Detail monitoring is chargeable and it makes
data available at a one minute time interval,
for this aws charges start from the lowest tire
at point fourteen dollars per second.
now detail monitoring as I mentioned before does
not change for elastic load balancing and relational database services,
as it is a default and it collects data at a one
minute interval,
similarly detailed monitoring does not change
the elastic block storage volumes which are monitored at the 5-minute intervals.
2 – What is Amazon Cloudtrail?
Aws cloudtrail is a service that enables
Governance
Compliance
Operating
Auditing and risk auditing of your aws account,
It records the action taken by the user
role or the aws services as events.
events could include actions taken in the aws
management console,
aws command line interface and aws sdk and apis.
when an activity occurs in your aws account this
activity is recorded in a cloudtrail event,
you can easily view these events in the
cloudtrail console by going to event history in the aws management console,
evendistry allows you to view search and
download the past 90 days of activities in your aws account.
in addition you can also create a cloudtrail
trail to archive analyze & respond to changes in your aws resources.
now a trail is nothing but a configuration that
enables delivery of event to an amazon s3 bucket that you specify.
which means the event lists are stored safely in
amazon s3,
so the user can retrieve it whenever he wants to.
now you can create a trail with the amazon cloud
trail console the a cli or the cloudtrail api,
you can create 2 types of trails for an aws
account.
the first one is a trail that applies to all
region,
when you create a trail that applies to all
region cloudtrail records event in each region and delivers the cloudtrail event
log files to an s3 bucket that you specify,
if a region is added after you create a trail
that applies to all region the new region is automatically included and the
event in the region are locked,
it is a best practice to create a trail in all
regions.
the next type is a trail that applies to only
one region,
when you create a trail that applies to one
region cloudtrail records the event in that region only,
it then delivers the cloudtrail event log files
into an amazon s3 bucket that you specify,
we can only create a single region trail by using
the aws command line interface,
if you create an additional single trail you can
have those trail deliver cloudtrail event log files to the same amazon s3
bucket or to a separate bucket.
3 – Difference Between Cloudwatch and Cloudtrail
so to understand this let us start by knowing
some of the major difference between them,
now cloudwatch is a service which focuses on the
health and performance of aws resources applications and services that run on
aws or on on-premises servers,
on the other hand cloudtrail focuses on actions
performed inside the aws environment.
next cloudwatch mainly focuses on aws resources
or services whereas cloudtrail mainly focuses on user activities inside the
account.
next cloudwatch can be used in collecting and
tracking metrics log files and in setting alarms for any resources,
on the other hand cloudtrail me focuses on
who what when and where
which means it focuses on what action was taken
who performed the action when the action was
taken and
where the action was taken
for example if someone terminated your vc2
instances you can know who terminated your ec2 instances using cloudtrail.
the next major difference is cloudwatch delivers
even to the cloudwatch dashboard within five minutes using basic monitoring of
one minute using detailed monitoring,
on the other hand cloudtrail delivers an event within
15 minutes of the api call.
cloudwatch and
cloudtrail to understand the difference better.
Now a cloud watch will have complete visibility
of your aws resources and the application,
so cloudwatch automatically collects all your
metrics and logs from your aws resources application and services from your aws
platform and on the on-premises servers.
It record metrics from services like
Elastic compute cloud and sensors,
Elastic block storage,
Simple storage services or
Elastic load balancing.
next with the help of this metrics it will help
you visualize this application on your cloudwatch dashboard,
moreover if there are some operational changes required
in your aws environment,
cloudwatch becomes aware of these changes and
responds to them by taking some sort of corrective action,
now this is done by cloudwatch events as i've
mentioned before.
finally it will provide you with real-time
analysis using cloudwatch metrics math.
this was the working of amazon cloudwatch.
now let us move on to the working of amazon
cloudtrail,
basically cloudtrail captures or records user activities
in the aws services and calls it cloudtrail events,
it delivers this cloudtrail even to cloudtrail console
and stores it in the s3 buckets.
now after the events are delivered to your
cloudtrail console you can now review all the recent activities that have
happened in your account.
and you can also use cloudwatch events and
alarms to set important automatic actions.
this was the working of amazon cloudtrail. now i
guess you have some idea about what is the difference between cloudwatch and
cloudtrail.
0 Comments