CloudWatch or CloudTrail?
There are a lot of AWS services that start with ‘Cloud’.
- CloudFormation lets you provision infrastructure from a template.
- CloudFront lets you spread out content so it’s close to where your users are.
- CloudSearch lets you create a search solution for your website or application.
Initially, CloudTrail and CloudWatch sound similar, but there are some key differences to what they do, how they monitor services, and when you might need them in isolation or in combination.
What does CloudWatch do?
CloudWatch is concerned with the ‘what?’
- Is CPU usage high?
- Is disk space low?
- Have billing limits been exceeded?
CloudWatch needs to be turned on and configured but can be used with not only AWS Services, but with custom logs as well.
When to use CloudWatch
CloudWatch allows us to see ‘what’ is happening in real time.
Some of the services you can watch are:
What does CloudTrail do?
CloudTrail is concerned with the ‘who?’
- Who made the API call?
- Which IP address has done something?
- How did a user access a bucket?
CloudTrail is turned on by default and sends logs to an S3 bucket for further analysis.
When to use CloudTrail
CloudTrail can help with auditing and allows us to start with the problem, and track back to where the problem began.
It’s timestamps and record of ‘who’ lets us follow the trail to find the cause of any problems.
How to use them together?
Like so many other AWS Services, we can use CloudWatch and CloudTrail together.
In this example, CloudTrail logs an event and CloudWatch triggers an email notification.
1 – First set up CloudTrail to send the logs to CloudWatch.
2 – Set which metrics you would like to measure.
3 – Configure alarms so you know when limits have been reached.
Get started with CloudWatch using the free tier. To see if your use case will mean rolling into the paid tier check out the pricing tabs and examples of scenarios where custom metrics are more appropriate.
Photo by Pixabay on Pexels