📡 You're offline — showing cached content
New version available!
Quick Access
🗺️ Roadmaps 🃏 Flashcards 📚 Series 🎓 Tutorials 🗺️ My Path 🎤 Mock Interview Cheat Code 📄 Resume Builder 🛠️ Dev Tools
Tutorials AWS Solutions Architect CloudWatch & CloudTrail — Monitoring

CloudWatch & CloudTrail — Monitoring

4 min read Quiz at the end
Master CloudWatch metrics, alarms, and Logs Insights. Understand CloudTrail for API auditing and compliance. Know the difference between the two.

CloudWatch and CloudTrail — See Everything

You cannot improve what you cannot measure. CloudWatch collects metrics and logs so you know HOW your systems are performing. CloudTrail records WHO did WHAT in your AWS account.

Teacher Note: Think of a hospital. CloudWatch is the patient monitoring system — heart rate, blood pressure, temperature (metrics). CloudTrail is the hospital visitor log — records every person who entered, when, and what they did (API audit trail).

CloudWatch — Metrics, Logs, and Alarms

ComponentPurposeExample
MetricsNumerical data points over timeEC2 CPU: 75%, Lambda errors: 5/minute
AlarmsAlert or take action when metric breaches thresholdCPU > 80% for 5 minutes → send SNS email
LogsText output from applications and AWS servicesApplication errors, access logs, VPC flow logs
Logs InsightsSQL-like queries on log dataFind all ERROR messages in the last hour
DashboardsVisual graphs for metrics and alarmsOperations team monitoring screen
Anomaly DetectionML-based baseline — alert on unusual patternsDetect unusual spikes in API errors

CloudTrail — API Audit Trail

CloudTrail records EVERY API call made in your AWS account — Console clicks, CLI commands, SDK calls, and automated service actions. Essential for:

  • Security forensics: who deleted that S3 bucket? when? from where?
  • Compliance auditing: prove to auditors that only authorised users accessed sensitive data
  • Change detection: what changed 10 minutes before the application broke?
  • Anomaly detection with GuardDuty: unusual API patterns may indicate compromised credentials

CloudWatch vs CloudTrail

CloudWatchCloudTrail
AnswersHOW is my system performing?WHO did WHAT in my account?
DataMetrics, logs, eventsAPI calls and management events
ExampleLambda error rate is 5%Alice deleted the production S3 bucket at 3:42pm
Exam Tip: Common exam: CloudTrail is NOT enabled by default for data events (S3 GetObject, DynamoDB read). You must explicitly enable S3 data events if you need to audit who accessed specific files. Management events ARE enabled by default.
Topic Quiz · 2 questions

Test your understanding before moving on

1. A security team needs to investigate who deleted an S3 bucket containing sensitive data. Which service provides this information?
💡 CloudTrail records every API call including DeleteBucket — who made the call, when, from which IP address, and using which credentials.
2. An EC2 instance CPU utilisation rises above 90% and stays there. The operations team should be automatically notified by email. What is the CORRECT configuration?
💡 CloudWatch Alarm monitors CPUUtilization metric. When it exceeds 90%, the alarm triggers an SNS topic which delivers an email notification.