CloudWatch or CloudTrail?

There are a lot of AWS services that start with ‘Cloud’.

  • CloudFormation lets you provision infrastructure from a template.
  • CloudFront lets you spread out content so it’s close to where your users are.
  • CloudSearch lets you create a search solution for your website or application.
  • CloudWatch lets you monitor and observe your AWS resources and applications.
  • CloudTrail lets you log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.

Initially, CloudTrail and CloudWatch sound similar, but there are some key differences to what they do, how they monitor services, and when you might need them in isolation or in combination.

What does CloudWatch do?
When to use CloudWatch
What does CloudTrail do?
When to use CloudTrail
How to use them together?
Getting Started

What does CloudWatch do?

CloudWatch is concerned with the ‘what?’

  • Is CPU usage high?
  • Is disk space low?
  • Have billing limits been exceeded?

CloudWatch needs to be turned on and configured but can be used with not only AWS Services, but with custom logs as well.

When to use CloudWatch

CloudWatch allows us to see ‘what’ is happening in real time.

  • CloudWatch Logs: log data from AWS services – CPU utilisation.
  • CloudWatch Metrics: capture variables to monitor – CPU utilisation over time.
  • CloudWatch Events: trigger an event based on a condition – every hour take a snapshot of a server.
  • CloudWatch Alarms: triggers notifications based on metrics when a defined threshold is breached.
  • CloudWatch Dashboards: create visualisations based on metrics.

Some of the services you can watch are:

What does CloudTrail do?

CloudTrail is concerned with the ‘who?’

  • Who made the API call?
  • Which IP address has done something?
  • How did a user access a bucket?

This is turned on by default and sends logs to an S3 bucket for further analysis.

When to use CloudTrail

CloudTrail can help with auditing and allows us to start with the problem, and track back to where the problem began.

Its timestamps and record of ‘who’ lets us follow the trail to find the cause of any problems.

How to use them together?

Like so many other AWS Services, we can use CloudWatch and CloudTrail together.

In this example, CloudTrail logs an event and CloudWatch triggers an email notification.

cloudwatch cloudtrail

1 – First set up CloudTrail to send the logs to CloudWatch.
2 – Set which metrics you would like to measure.
3 – Configure alarms so you know when limits have been reached.

Getting Started

CloudTrail is free of charge BUT the storing of the logs on S3 is not. Check out the Monthly Cost Calculator to find out how much you will be charged given your use case.

Get started with CloudWatch using the free tier. To see if your use case will mean rolling into the paid tier check out the pricing tabs and examples of scenarios where custom metrics are more appropriate.

Useful Links

Photo by eberhard grossgasteiger from Pexels