Tuesday, 23 November 2021

Top 20 Aws Cloudwatch interview Questions & Answers

  

Ques: 1). What Is Amazon Cloudwatch and How Does It Work?

Answer:

CloudWatch is an AWS monitoring service that keeps track of your cloud resources and the applications you run on them. CloudWatch may be used to gather and track metrics, monitor log files, and generate alarms. EC2 instances, DynamoDB tables, and RDS DB instances may all be monitored with CloudWatch.

Amazon CloudWatch is a management tool for system architects, administrators, and developers, and it is part of the Amazon Web Services family.

 

Ques: 2). What's the difference between CloudTrail and CloudWatch, and how do I use them?

Answer:

CloudWatch keeps track of the health and performance of AWS services and resources and generates reports on them. CloudTrail, on the other hand, keeps track of all of the activities that take place in your AWS environment.

 

Ques: 3). What platforms are compatible with CloudWatch Logs Agent?

Answer:

The CloudWatch logs agent is compatible with a wide range of operating systems and platforms. The following is a list of similar items:

  • CentOS
  • Amazon Linux
  • Ubuntu
  • Red Hat Enterprise Linux
  • Windows

 

Ques: 4). What Are Amazon Cloudwatch Logs, and What Do They Mean?

Answer:

Using your existing system, application, and custom log files, Amazon CloudWatch Logs allows you to monitor and troubleshoot your systems and applications. You may monitor your logs in near real time with CloudWatch Logs for specific phrases, values, or patterns. You could, for example, set an alarm for the amount of failures in your system logs or look at graphs of web request latency from your application logs. The original log data can then be viewed to determine the source of the problem. You don't have to worry about filling up hard discs because log data may be saved and accessed endlessly in very durable, low-cost storage.

 

Ques: 5). What Cloudwatch Access Management Policies Can I Implement?

Answer:

You can select which CloudWatch actions a user in your AWS Account can execute using CloudWatch's integration with AWS IAM. IAM cannot be used to restrict access to CloudWatch data for individual resources. You can't grant a person access to CloudWatch data for just one group of instances or a single LoadBalancer, for example. Permissions provided by IAM apply to all cloud resources used by CloudWatch. Furthermore, the Amazon CloudWatch command line tools do not support IAM roles.

 

Ques: 6). What is a CloudWatch Alarm, and how does it work?

Answer:

CloudWatch Alarms is a new feature that allows you to monitor CloudWatch metrics and receive warnings when they go outside of the levels (high or low thresholds) you designate. There can be several Alarms for each statistic, each with its own set of actions.

A CloudWatch Alarm's state is always one of three things: OK, ALARM, or INSUFFICIENT DATA. When the metric is inside the permissible range that you've set, the Monitor is in the OK condition. It enters the ALARM state when it hits a particular threshold. When the data needed to make a judgement is absent or incomplete, the monitor enters the INSUFFICIENT DATA state.

 

Ques: 7). What Is The Average Metric Retention Period?

Answer:

The following is how CloudWatch stores metric data:

For 3 hours, data points with a period of less than 60 seconds are available. These data points are bespoke measurements with a high resolution.

Data points with a period of 60 seconds (1 minute) are available for 15 days, 300 seconds (5 minutes) are available for 63 days, and 4) data points with a metric of 3600 seconds (1 hour) are available for 455 days (15 months). Data points with a shorter duration of publication are aggregated together for long-term storage.

 

Ques: 8). When should I use a custom metric instead of sending a log to Cloudwatch Logs?

Answer:

Custom metrics, CloudWatch logs, or both can be used to keep track of your data. If your data, such as OS process or performance measurements, is not already produced in log format, you may want to utilise custom metrics. You may also create your own app or script, or use one offered by an AWS partner. CloudWatch Logs can be used to store and save specific measurements as well as supplementary information.

 

Ques: 9). Is There Anything I Can Do With My Cloudwatch Logs?

Answer:

CloudWatch Logs can monitor and store logs to help you understand and operate your systems and applications better. No code modifications are necessary when using CloudWatch Logs with your logs because your existing log data is used for monitoring.

 

Ques: 10). What is Amazon CloudWatch Synthetics, and how does it work?

Answer:

You may use Amazon CloudWatch Synthetics to create canaries, which are programmable scripts that run on a schedule, to monitor your endpoints and APIs. Canaries follow the same paths as customers and do the same actions, allowing you to validate your client experience even when there is no customer activity on your apps. Using canaries, you can notice problems before your customers do.

Synthetic monitoring is a technique for assessing a website or online service's availability, performance, and functionality by mimicking visitor queries.

 

Ques: 11). Is it possible to use regular expressions with log data?

Answer:

Regular expressions are not supported by CloudWatch Metric Filters. Consider using Amazon Kinesis and connecting the stream to a regular expression processing engine to handle your log data with regular expressions.

 

Ques: 12). Canaries in Amazon CloudWatch Synthetics are what they sound like.

Answer:

Canaries are scripts that are written in Node.js or Python. Users construct Lambda functions in your account using Node.js or Python as a framework. The HTTP and HTTPS protocols are both supported by Canaries.

 

Ques: 13). How Do I Get My Log Data Back?

Answer:

The CloudWatch Logs console or the CloudWatch Logs CLI can be used to retrieve any of your log data. The Log Group, Log Stream, and time with which the log events are related are used to obtain them.

 

Ques: 14). What Are the Different Thresholds I Can Use To Set A Cloudwatch Alarm?

Answer:

When you create an alarm, you must first select the CloudWatch statistic that it will track. The next step is to select an evaluation period and a statistical value to assess. Set a target value and choose whether the alarm will be triggered if the value is more, equal, or less than that value to create a threshold.

 

Ques: 15). What is Amazon CloudWatch ServiceLens, and how does it work?

Answer:

Amazon CloudWatch ServiceLens is a new tool that allows you to visualise and analyse the health, performance, and availability of your applications in a single location. All public AWS Regions that offer AWS-X-Ray support Amazon CloudWatch ServiceLens.

 

Ques: 16). What are CloudWatch Metric Streams, and how can I use them?

Answer:

CloudWatch Metric Streams is a feature that lets you broadcast CloudWatch metrics endlessly to a location of your choice with very little setup and administration. It's a completely managed solution that takes care of everything for you, including writing code and maintaining infrastructure. With a few clicks, users can setup a metric stream to destinations like Amazon Simple Storage Service (S3). Users might also submit the analytics to a variety of third-party service providers to keep their operational dashboards up to date.

 

Ques: 17). What Can Amazon Cloudwatch Metrics Tell Me?

Answer:

CloudWatch allows you to monitor AWS cloud resources as well as the AWS packages you use. EC2 times, EBS volumes, ELBs, Autoscaling agencies, EMR process flows, RDS DB times, DynamoDB tables, ElastiCache clusters, RedShift clusters, OpsWorks stacks, Route 53 fitness assessments, SNS topics, SQS queues, SWF workflows, and Storage Gateways are among the AWS services and products for which metrics are automatically provided. You can also view custom metrics generated by your own applications and services.

 

Ques: 18). How do I send Grafana from CloudWatch metrics?

Answer:

1. Install Grafana : Follow the steps to Install Grafana.

2. Go to AWS -> IAM -> Policies.

3. Add below JSON in policy -> Create Policy:

{

   "Version": "2021-10-23", -- current Date

   "Statement": [

       {

           "Sid": "AllowReadingMetricsFromCloudWatch",

           "Effect": "Allow",

           "Action": [

               "cloudwatch:ListMetrics",

               "cloudwatch:GetMetricStatistics",

               "cloudwatch:GetMetricData"

           ],

           "Resource": "*"

       },

       {

           "Sid": "AllowReadingTagsInstancesRegionsFromEC2",

           "Effect": "Allow",

           "Action": [

               "ec2:DescribeTags",

               "ec2:DescribeInstances",

               "ec2:DescribeRegions"

           ],

           "Resource": "*"

       }

   ]

}

4. IAM -> Roles -> Create Role -> Select AWS Service / EC2

5. Attach Permission policies

6. IAM -> Users and click Add User ->Attach existing policies -> copy Access Key ID, your Secret Key

7. EC2 -> Instances-> Select Grafana Server and click on Actions -> Instance Settings -> Attach/Replace IAM Role -> Attach your Grafana IAM Role to the instance.

8. Log in to your Grafana Server using Terminal as root user and provide Access Key ID, your Secret Key:

# vim /usr/share/grafana/.credentials

aws_access_key_id = 000000000000

aws_secret_access_key = 0000000000

region = us-west-2


# chmod 0644 .credentials

9. Grafana -> Navigate to Data Sources -> Select CloudWatch Type

10. Create Dashboard -> Select Graph -> Select Panel Title -> edit and provide namespace.


Ques: 19). Is it possible to use IAM roles with the CloudWatch logs agent?

Answer:

Yes, the CloudWatch logs agent has access to both keys and IAM roles and is capable of supporting and working with IAM.

Amazon Key Management Service (AWS KMS) is a managed service that integrates with a number of other AWS services. You can use it to create, store, and control encryption keys in your applications to encrypt your data. AWS KMS Key Management Service is a service that allows you to manage your keys on Amazon Web Services.

 

Ques: 20). How does AWS CloudWatch handle authentication and access control?

Answer:

Use IAM users or roles to control who has access.

To manage access control, use Dashboard Permissions, IAM identity-based policies, and service-linked roles.

Permissions policies define who gets access to what and when.

Policies based on an individual's identity

Policies based on resources

You can't utilise CloudWatch Amazon Resource Names (ARNs) in an IAM policy because there aren't any. When designing a policy to control access to CloudWatch actions, replace the resource with a * (asterisk).




No comments:

Post a Comment