CloudWatch vs CloudTrail

Home » Amazon Web Services » CloudWatch vs CloudTrail
AWS Cloudwatch vs CloudTrail

Amazon, I love ya to death, but something has got to change with the “Cloud” naming trend. At the time of writing this article, there are 8 services that follow this pattern: CloudSearch, Cloud9, CloudWatch, CloudTrail, CloudFront, Cloud Map, CloudHSM, and CloudEndure.

You should be asking yourself… Cloud WHAT?!?

This naming (or lack thereof) makes it extremely difficult for students to differentiate between the purposes of these services! Amazon, the next time you’re naming a service PLEASE consider something other than Cloud “name”… Thanks!

Well… now that’s off my chest, let’s clarify two of these services so you can pass your exam! 

Monitoring in AWS

Two of the most important “Cloud” services to know for your exam are Amazon CloudWatch and AWS CloudTrail. You may have already heard of these services before because they’re quite popular on AWS (for a good reason). They’re popular because they both perform a very important function. With “Watch” and “Trail” at the end of the name, can you guess what essential function it is that they perform? 

You got it, monitoring!

When I hear “Watch” and “Trail” I think of tracking and hunting, which is exactly what CloudWatch and CloudTrail both do. They help you to “track” and “hunt down” key information about your cloud environment. CloudWatch and CloudTrail make this possible by monitoring events and resources. However, the type of monitoring that CloudWatch and CloudTrail offer differ from each other and understanding that difference will help you to perform well come test day! 

So, let’s get started, shall we?

Amazon CloudWatch

Amazon CloudWatch is used for monitoring performance. When you want to track certain metrics of an Amazon EC2 instance (or many EC2 instances) then you use CloudWatch. If you want to keep track of your Amazon DynamoDB performance, you use CloudWatch. Want to see how Amazon S3 is performing? Use CloudWatch. Do you have an application that uses Amazon API Gateway and AWS Lambda? Use CloudWatch to monitor and log its performance over time. “CloudWatch allows you to collect default metrics of over 70 services on AWS” (Amazon CloudWatch) making it an industry-leading monitoring tool for your cloud environment. 

In addition to collecting default metrics, CloudWatch has other features to best meet your monitoring needs. CloudWatch has a “Custom Metrics” feature that allows you to collect a metric that is important to what you’re trying to accomplish. For example, if you want to know how people are using your application, you can customize your own “User Activity” metric to track key information over time. Custom Metrics are definitely a plus when it comes to tailoring your environment to meet your business needs.

A few of the core features of Amazon CloudWatch:

  • CloudWatch  Alarms – enables you to perform one or more actions based on the value of a metric. For example, CloudWatch can be used with Amazon EC2 Auto Scaling Groups to trigger scaling events based on metrics to ensure your application scales.
  • CloudWatch Events – trigger actions based on changes to the state of AWS resources. This allows some serious automation of your environment. An example is an S3 log being updated every time a Lambda function is invoked. 
  • CloudWatch Logs – centralized collection of system and application logs. These logs can be great for a number of reasons. You can check these logs for anomalies, for evidence that something is wrong. You can also analyze the logs that have been collected over a long period of time to look for trends in your environment and gain key insights as to how to optimize your business. 

There are so many different ways CloudWatch can be used to make your life easier. Seriously, your imagination is the limit with CloudWatch! So, CloudWatch summed up is monitoring performance, collecting metrics, alarm automation, and storing information in logs. Easy enough, right? Let’s check out CloudTrail now.

AWS CloudTrail

AWS CloudTrail is used for auditing API activity. Normally when we hear auditing we think of the stressful time of the year when we find out the truth about our tax situation. That’s not what auditing means for CloudTrail though! When we say “CloudTrail is for auditing” we mean that CloudTrail keeps track of what is done in your AWS account, when, and by whom. For example, with CloudTrail you can view, search, and download recent activity in your AWS account to see if any actions have been taken that are out of the norm and, if so, by whom. This type of auditing is the core service of CloudTrail.

CloudTrail can be used to track data events and management events:

  • Data events record object-level API activity (think requests being made to your resources). An example of a data event would be an item being created or deleted in a DynamoDB table. 
  • Management events log changes to your environment (think resources being created or deleted). An example of a management event would be the creation or deletion of the entire DynamoDB itself. 

CloudTrail tracks which applications or persons took these actions and stores them in logs. These logs are encrypted and stored in S3 so that the user can check them, search them, analyze them, and make better decisions as to how to better use your cloud environment.

So CloudTrail summed up is auditing of API activity, tracking who did what and when, and securely logging this information to Amazon S3 for you to analyze later on. 

Here’s a table to make sense of it all…

CloudWatch vs CloudTrail Comparison Table

Monitoring OptionsAmazon CloudWatchAWS CloudTrail
Type of MonitoringSystem-wide performance monitoring of resourcesAPI activity monitoring (auditing)
Defining FeaturesMonitoring and management service of applicationsGovernance, compliance, operational/risk auditing of account
Use Cases Monitor applications, logs, metrics, events, alarms, automate actionsAuditing, event history, account activity, resource change tracking, troubleshooting
Tracking objectiveTracks resource and application performanceWhat is done in AWS, when, and by whom
Data Capture/Delivery SpeedDetailed monitoring: 1 minute periods; Basic Monitoring: 5 minute periods
Custom metrics support high resolution down to 1 second
Within 15 minutes of an API call
Data Storage LocationStores within CloudWatch Dashboard (metrics and logs)Centralizes logs from all regions and stores in an S3 Bucket
AlarmsNative alarms built-in to CloudWatch;

Metric data is retained for 15 months
No native alarms; Can use CloudWatch Alarms

Store logs in S3 or CloudWatch indefinitely

Pricing ModelPay for what you use;

– Metrics: per 1,000 requests
– Dashboards: $3/dashboard/month
– Alarm: per alarm metric
– Logs: per GB
– Events: per million events
Pay for what you use;

– Management Events: per 100,000 management events delivered
– Data Events: per 100,000 delivered
– Events: per 100,000 analyzed

AWS Monitoring Summed Up

  • CloudWatch is for performance. Think of monitoring application metrics.
  • CloudTrail is for auditing. Think of tracking API activity within an account.

I hope that clears up AWS monitoring options. Of course, we can only cover so much in an article but check out our video courses for lectures and hands-on labs to really learn how these services work.

Learn how to Master the AWS Cloud

AWS Training – Our popular AWS training will maximize your chances of passing your AWS certification the first time.
Membership – For unlimited access to our cloud training catalog, enroll in our monthly or annual membership program.
Challenge Labs – Build hands-on cloud skills in a secure sandbox environment. Learn, build, test and fail forward without risking unexpected cloud bills.

Related posts: