@boldlink ・ May 25,2022 ・ 4 min read ・ 513 views
Monitoring tells you when something is wrong, while Observability enables you to understand why. Monitoring is a subset of and necessary action for Observability. You can only monitor an observable system. We at Boldlink implement the Observability solutions tailored to our Customers' requirements.
Setting the correct monitoring solutions in place for your AWS Organisations is crucial, but only half of the implementation; once data is being collected, you must develop Observable insights from it to allow you to have the Observability of your platform.
AWS monitors their facilities services, Api’s availability, and by default, will not filter or stop traffic unless there is an attack with significant traffic or you have subscribed to Advanced Shield.
It is up to you to create the necessary infrastructure and logic for your AWS Organisation, Accounts and Platforms on AWS for Monitoring Alerting and Audit. Let us dive in.
AWS Cloudtrail is the system to monitor all your API calls in every AWS account in your Organization and Region. These are importantly allowing us to observe patterns of usage and access, and some of the recommended best practices.
For your platforms, you will have many different parts with different log systems and different log formats.
It would be best if you approached this with the same attitude you would approach a datalake, centralise the data from different sources and use other systems to generate the insights for you to action.
AWS Security Hub agglomerates many tools such as GuarDuty; IAM Access Analyzer; Macie; and Inspector and can be expanded with 3rd party solutions, let us look into more detail about the AWS solutions:
A key component of your Observability strategy is AWS Cloudwatch, this service allows for the aggregation of your logs, for example, you can create subscriptions that will trigger if there are specific keywords and feed this to custom metrics where you can create alert conditions.
Do you have to use only AWS Cloudwatch? No, you can bring your own or use 3rd party solutions to replace or extend, but if you can use it, we recommend it since it will be another platform for your teams to manage.
This will be a learning curve as your Platform and AWS journey progresses, and more services are available to AWS customers.
Was this list comprehensive or too short? What else should we also include? Let us know in the comments below.
Join other developers and claim your FAUN account now!
AWS DevOps Consultancy, Boldlink@boldlink
Only registered users can post comments. Please, login or signup.