Monitoring your cloud infrastructure is key for reliability, security, and efficiency. Before you think about buying and installing a fancy and expensive (application) monitoring solution make sure you got the basics of monitoring AWS covered.
I’ve derived the following monitoring checklist from my AWS Monitoring Primer. The prioritized list includes all parts of a basic monitoring setup for AWS.
- Use CloudWatch metrics and alarms to monitor all your resources: ELB, EC2, RDS, ElastiCache, … (The simplest way to monitor a web application on AWS)
- Create budgets to track current and forecasted spendings for your AWS infrastructure.
- Make sure logs from all EC2 instances push log messages to CloudWatch Logs or Elasticsearch allowing you to monitor and debug problems within your applications.
- Subscribe to AWS health events to get notified about hiccups and planned outages.
- Subscribe to CloudTrail events informing you about root logins to your AWS account.
- Subscribe to service-specific events notifying you about potential problems with your RDS instances, ElastiCache nodes, Auto Scaling Groups, Elastic Beanstalk,…
- Subscribe to notifications from Trusted Advisor pointing you to possible security, reliability, or efficiency issues within your infrastructure.
- Enable access logs for ELB, CloudFront, and S3. Bonus: ship logs to Elasticsearch to be able to analyze them with Kibana.
- Enable GuardDuty a simple to use threat detection service. And make sure you get notified about findings.