WEBVTT

00:00:00.240 --> 00:00:01.150
Most likely,

00:00:01.150 --> 00:00:04.510
just like the other services and systems we've seen

00:00:04.510 --> 00:00:06.780
in previous labs in this course,

00:00:06.790 --> 00:00:11.460
cloud monitoring will be built into your management console.

00:00:11.940 --> 00:00:15.950
What are you looking for with your cloud‑monitoring architecture?

00:00:15.950 --> 00:00:19.120
You're looking for inordinate data flows,

00:00:19.130 --> 00:00:22.460
so things that do not look normal,

00:00:22.470 --> 00:00:28.970
based off of what normally is consumed in your distributed application systems.

00:00:28.980 --> 00:00:33.540
Your cloud monitoring system will be able to show you what

00:00:33.540 --> 00:00:37.340
makes sense of a large quantity of data in the form of metrics

00:00:37.340 --> 00:00:40.260
and logs from previous services.

00:00:40.840 --> 00:00:41.580
Also,

00:00:41.590 --> 00:00:48.100
you'll be able to check out various services that cross the SPI stack of SaaS,

00:00:48.100 --> 00:00:52.000
PaaS, and IaaS, including containers and microservices.

00:00:52.010 --> 00:00:57.550
It's an excellent way to be effective in meeting the goals of environmental

00:00:57.550 --> 00:01:01.510
visibility and getting insight into services and statuses.

00:01:01.520 --> 00:01:05.090
This is especially true in multi‑cloud environments.

00:01:05.099 --> 00:01:09.850
The main component that is utilized is the API.

00:01:11.940 --> 00:01:13.930
We're going to move into a demo,

00:01:13.940 --> 00:01:18.100
where we will log into the AWS Management Console again and configuring

00:01:18.100 --> 00:01:21.660
monitoring by using both CloudTrail and CloudWatch.

00:01:21.670 --> 00:01:26.460
It's important to understand that all the API accesses are

00:01:26.460 --> 00:01:28.720
monitored by your cloud service provider.

00:01:28.730 --> 00:01:34.910
You can then take those and set up different alerts and alarms and ways

00:01:34.910 --> 00:01:38.880
of being able to manage accesses to your resources.

00:01:38.890 --> 00:01:40.150
So let's head over there.

00:01:41.040 --> 00:01:43.280
So here we are back in the management console,

00:01:43.280 --> 00:01:47.460
and the first place we're going to go to is CloudTrail.

00:01:47.940 --> 00:01:55.910
CloudTrail tracks all of the user activity when it comes to accessing APIs,

00:01:55.910 --> 00:02:00.630
so every time there is consumption of an API,

00:02:00.640 --> 00:02:05.010
CloudTrail automatically audits that and then puts it inside of the

00:02:05.010 --> 00:02:07.910
Event history without you having to do anything.

00:02:07.920 --> 00:02:10.210
So, just scrolling through here,

00:02:10.220 --> 00:02:13.780
you can see the times that I stopped/started sessions,

00:02:13.790 --> 00:02:16.220
I updated instance information,

00:02:16.230 --> 00:02:19.950
or that I modified some other configuration setting.

00:02:20.840 --> 00:02:26.090
What we want to do is go to the Dashboard and create a trail for ourselves.

00:02:26.100 --> 00:02:32.030
Let's just name it the CCSPOPERATIONS as the trail name.

00:02:32.040 --> 00:02:35.360
Now, it gets stored in object storage,

00:02:35.370 --> 00:02:39.290
that's where the data that comes out of the trail goes to,

00:02:39.300 --> 00:02:41.500
and automatically it wants to encrypt it,

00:02:41.500 --> 00:02:46.460
which is a good idea, but we're not going to do that right now,

00:02:46.470 --> 00:02:50.620
and you can also make it so that it goes to CloudWatch.

00:02:50.630 --> 00:02:56.650
Now CloudWatch in the AWS world is an ingestion point for CloudTrail,

00:02:56.650 --> 00:03:01.160
that's where we can configure rules for certain types of events

00:03:01.170 --> 00:03:04.060
and then get notifications of those events.

00:03:04.060 --> 00:03:09.540
So let's step to the process, and we're going to name it the role,

00:03:09.540 --> 00:03:14.280
CCSPOPERATIONS, and go ahead and select Next.

00:03:14.290 --> 00:03:17.160
What we're interested in is Management events,

00:03:17.170 --> 00:03:22.580
and go ahead and select Next, and then we're going to create the trail.

00:03:22.590 --> 00:03:24.840
So now, go back to our Dashboard.

00:03:24.850 --> 00:03:29.600
We'll actually see that that trail will be alive and working for us.

00:03:29.610 --> 00:03:30.850
So there's our trail.

00:03:30.860 --> 00:03:33.980
We can see it up and running and already logging.

00:03:34.020 --> 00:03:35.810
If we go check it out,

00:03:35.820 --> 00:03:40.360
we can see all the configuration options that we set up are now functional.

00:03:41.540 --> 00:03:47.340
Next, what we want to do is create a CloudWatch rule.

00:03:47.350 --> 00:03:54.710
Recall that CloudTrail will take its data and push it to CloudWatch,

00:03:54.710 --> 00:04:00.860
which is the native logging tool that is in use in the AWS Management Console.

00:04:01.140 --> 00:04:05.290
So, let's go to CloudWatch, select that.

00:04:05.300 --> 00:04:10.430
And what we will do here is head over to the Events,

00:04:10.440 --> 00:04:13.350
open that up, and select Rules.

00:04:14.040 --> 00:04:19.769
And we want the traditional CloudWatch rules, and we can select create.

00:04:19.779 --> 00:04:20.320
And here,

00:04:20.320 --> 00:04:25.290
you can be very specific about the type of event that

00:04:25.290 --> 00:04:27.960
you're concerned being notified about.

00:04:27.970 --> 00:04:28.400
So,

00:04:28.410 --> 00:04:35.950
let's say that we had EC2 as our focus and the event start, maybe it is

00:04:35.950 --> 00:04:44.280
EBS Snapshot Notification since we created a snapshot, and the next

00:04:44.280 --> 00:04:48.410
thing that it wants to do is to add a target.

00:04:48.530 --> 00:04:50.110
Now over here,

00:04:50.120 --> 00:04:57.840
what we could do is to set up a target that is part of what's called a topic.

00:04:57.850 --> 00:05:00.250
I would have had to create a topic.

00:05:00.260 --> 00:05:05.030
And really, what that is, is an enunciation of an event.

00:05:05.040 --> 00:05:08.770
If I had created that topic and associated it with my email,

00:05:08.780 --> 00:05:12.440
then all I'd simply have to do is add the topic here,

00:05:12.440 --> 00:05:16.080
and whenever anything changes with the snapshot,

00:05:16.090 --> 00:05:17.570
I would get an email for it.

00:05:17.580 --> 00:05:18.780
So that's an example,

00:05:18.780 --> 00:05:25.510
just a very brief and surface example of what it would take to create a

00:05:25.520 --> 00:05:29.500
notification that is going to have someone take action,

00:05:29.510 --> 00:05:32.350
based off of the monitoring that's going on in the system.