AWS ‐ CloudWatch | CloudTrail - FullstackCodingGuy/Developer-Fundamentals GitHub Wiki

What's the difference between CloudTrail and CloudWatch?

CloudTrail collects data related to user activity and API usage for auditing and security purposes, while CloudWatch collects metrics and logs to monitor, manage, and optimize system performance and operational health. Both provide critical insights but serve different aspects of cloud management.

Amazon CloudWatch

  • Real time monitoring service

  • It is a tool that Collects, Access and Analyze AWS Data.

  • It allows us to Improve operations & Performance

  • It seamlessly integrate many AWS Services and helps Troubleshoot operational problems

    • It integrates with Amazon Simple Notification Service (SNS), Amazon EC2 Auto Scaling Services, AWS CloudTrail, AWS IAM

  • It Provides

    • Real-Time Monitoring
    • Track Metrics
    • Custom Dashboards
    • Alarm Creation
    • System-wide visibility

image

Amazon CloudWatch Logs

  • It is a centralized log management
  • Logs can be viewed in the console
  • Log files can be searched
  • Logs can be filtered based on specific fields

Use Cases for CloudWatch

  • Monitor Application Performance
  • Test Websites
  • Optimize Resources
  • Perform Analysis

CloudWatch Alarms

  • Metric Alarms - ex: to get alarms when a particular machine reaches a threshold.
  • Composite Alarms - ex: when multiple parameters breaches the threshold

image image

AWS CloudTrail

Any action that is taken by user/role/aws service, is recorded as event in this aws cloudtrail.

  • CloudTrail is an Archieve of all the events that could have happened.

  • It supports

    • Risk Auditing
    • Governance
    • Compliance

  • It Provides

    • Logging
    • Continuous Monitoring
    • Account Activity
    • Event History

image

CloudTrail Events

  • Management Events
  • Data Events
  • CloudTrail Insight Events

These events are stored in the JSON format, it can be consumed in the programming interfaces.

CloudTrail Log File

  • A log file contains one or more records

  • CloudTrail uses a specific log file name format

  • Ex: AccountId_Cloudtrail_regionname_yyyymmddThhmmZ_uniqueString.filenameformat

  • Limitations are

    • Trails per region - i.e logs from application in a region will not be visible in another region. image

Difference