CloudWatch vs CloudTrail
Amazon, I love ya to death, but something has got to change with the “Cloud” naming trend. At the time of writing this article there are 8 services that follow this pattern: CloudSearch, Cloud9, CloudWatch, CloudTrail, CloudFront, Cloud Map, CloudHSM, and CloudEndure.
You should be asking yourself… Cloud WHAT?!?
This naming (or lack thereof) makes it extremely difficult for students to differentiate between the purposes of these services! Amazon, the next time you’re naming a service PLEASE consider something other than Cloud “name”… Thanks!
Well… now that’s off my chest, let’s clarify two of these services so you can pass your exam!
Monitoring in AWS
Two of the most important “Cloud” services to know for your exam are Amazon CloudWatch and AWS CloudTrail. You may have already heard of these services before because they’re quite popular on AWS (for a good reason). They’re popular because they both perform a very important function. With “Watch” and “Trail” at the end of the name, can you guess what essential function it is that they perform?
You got it, monitoring!
When I hear “Watch” and “Trail” I think of tracking and hunting, which is exactly what CloudWatch and CloudTrail both do. They help you to “track” and “hunt down” key information about your cloud environment. CloudWatch and CloudTrail make this possible by monitoring events and resources. However, the type of monitoring that CloudWatch and CloudTrail differ from each other and understanding that difference will help you to perform well come test day!
So, let’s get started, shall we?
Amazon CloudWatch is used for monitoring performance. When you want to track certain metrics of an Amazon EC2 instance (or many EC2 instances) then you use CloudWatch. If you want to keep track of your Amazon DynamoDB performance, you use CloudWatch. Want to see how Amazon S3 is performing? Use CloudWatch. Do you have an application that uses Amazon API Gateway and AWS Lambda? Use CloudWatch to monitor and log its performance over time. “CloudWatch allows you to collect default metrics of over 70 services on AWS” (Amazon CloudWatch) making it an industry-leading monitoring tool for your cloud environment.
In addition to collecting default metrics, CloudWatch has other features to best meet your monitoring needs. CloudWatch has a “Custom Metrics” feature that allows you to collect a metric that is important to what you’re trying to accomplish. For example, if you want to know how people are using your application, you can customize your own “User Activity” metric to track key information over time. Custom Metrics are definitely a plus when it comes to tailoring your environment to meet your business needs.
A few of the core features of Amazon CloudWatch:
- CloudWatch Alarms – enables you to perform one or more actions based on the value of a metric. For example, CloudWatch can be used with Amazon EC2 Auto Scaling Groups to trigger scaling events based on metrics to ensure your application scales.
- CloudWatch Events – trigger actions based on changes to the state of AWS resources. This allows some serious automation of your environment. An example is an S3 log being updated every time a Lambda function is invoked.
- CloudWatch Logs – centralized collection of system and application logs. These logs can be great for a number of reasons. You can check these logs for anomalies, for evidence that something is wrong. You can also analyze the logs that have been collected over a long period of time to look for trends in your environment and gain key insights as to how to optimize your business.
There are so many different ways CloudWatch can be used to make your life easier. Seriously, your imagination is the limit with CloudWatch! So, CloudWatch summed up is monitoring performance, collecting metrics, alarm automation, and storing information in logs. Easy enough, right? Let’s check out CloudTrail now.
AWS CloudTrail is used for auditing API activity. Normally when we hear auditing we think of the stressful time of the year when we find out the truth about our tax situation. That’s not what auditing means for CloudTrail though! When we say “CloudTrail is for auditing” we mean that CloudTrail keeps track of what is done in your AWS account, when, and by whom. For example, with CloudTrail you can view, search, and download recent activity in your AWS account to see if any actions have been taken that are out of the norm and, if so, by whom. This type of auditing is the core service of CloudTrail.
CloudTrail can be used to track data events and management events:
- Data events record object-level API activity (think requests being made to your resources). An example of a data event would be an item being created or deleted in a DynamoDB table.
- Management events log changes to your environment (think resources being created or deleted). An example of a management event would be the creation or deletion of the entire DynamoDB itself.
CloudTrail tracks which applications or persons took these actions and stores them in logs. These logs are encrypted and stored in S3 so that the user can check them, search them, analyze them, and make better decisions as to how to better use your cloud environment.
So CloudTrail summed up is auditing of API activity, tracking who did what and when, and securely logging this information to Amazon S3 for you to analyze later on.
Here’s a table to make sense of it all…
CloudWatch vs CloudTrail Comparison Table
|Monitoring Options||Amazon CloudWatch||AWS CloudTrail|
|Type of Monitoring||System-wide performance monitoring of resources||API activity monitoring (auditing)|
|Defining Features||Monitoring and management service of applications||Governance, compliance, operational/risk auditing of account|
|Use Cases||Monitor applications, logs, metrics, events, alarms, automate actions||Auditing, event history, account activity, resource change tracking, troubleshooting|
|Tracking objective||Tracks resource and application performance||What is done in AWS, when, and by whom|
|Data Capture/Delivery Speed||Detailed monitoring: 1 minute periods; Basic Monitoring: 5 minute periods
Custom metrics support high resolution down to 1 second
|Within 15 minutes of an API call|
|Data Storage Location||Stores within CloudWatch Dashboard (metrics and logs)||Centralizes logs from all regions and stores in an S3 Bucket|
|Alarms||Native alarms built-in to CloudWatch;
Metric data is retained for 15 months
|No native alarms; Can use CloudWatch Alarms
Store logs in S3 or CloudWatch indefinitely
|Pricing Model||Pay for what you use;
– Metrics: per 1,000 requests
– Dashboards: $3/dashboard/month
– Alarm: per alarm metric
– Logs: per GB
– Events: per million events
|Pay for what you use;
– Management Events: per 100,000 management events delivered
– Data Events: per 100,000 delivered
– Events: per 100,000 analyzed
AWS Monitoring Summed Up
- CloudWatch is for performance. Think of monitoring application metrics.
- CloudTrail is for auditing. Think of tracking API activity within an account.
I hope that clears up AWS monitoring options. Of course, we can only cover so much in an article but check out our video courses for lectures and hands-on labs to really learn how these services work.
Thanks for reading!
Written by Blake Nipper, a learner of all things cloud-related. When he’s not answering students’ questions on Udemy he’s most likely spending time with his wife and corgi. You can find him on the Digital Cloud Training Slack channels or by connecting with him on LinkedIn.
Checkout our AWS Training Courses!
At Digital Cloud Training we provide the highest quality AWS training courses in the market at affordable prices. Our training options include:
- Video-based training courses that seamlessly blend theoretical education with hands-on practice so you can not only prepare to answer tricky exam questions but learn critical hands-on skills that will set you up for your next job.
- Practice tests with large banks of questions that reflect the style and difficulty of the real AWS exam so you can be well prepared to easily pass your exam on the day. All questions come with detailed explanations and reference links and the tests are offered in multiple formats for training and exam simulation.
- Cheat Sheets and eBooks that help you to memorize and cross-check key facts you need to know for the exam and also take your studies offline. These are great resources for final exam preparation.
Check out our catalog of courses now to get started with your AWS certification journey.
Contact us here.