Amazon provides a monitoring service to oversee its core resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances. Amazon CloudWatch can be used to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. By using CloudWatch, you have access to system-wide visibility into resource utilisation, application performance, and operational health.  This article, Amazon CloudWatch Exam Tips Part 1, provides you with core concepts that you need to know for the AWS Certified Solutions Architect and Sysops Exams.

Access Amazon CloudWatch using:

  • Amazon CloudWatch Console
  • CloudWatch API
  • AWS SDKs

With Amazon CloudWatch, you can specify parameters for a metric over a time period and configure alarms or automated actions when a threshold is reached.

Services Used with CloudWatch

  • Amazon Simple Notification Service (SNS) – to send out messages to subscribing endpoints. For example to get email alerts when the CPU for your instances goes over 80% for a duration of time
  • Auto Scaling – automatically launch or terminate EC2 instances based on policies, health checks and schedules
  • AWS CloudTrail – Monitor and audit calls made to the CloudWatch API for your account – CloudTrail can be used to enable CloudWatch to write log files to S3 buckets for example
  • AWS Identity and Access Management (IAM) – enable authentication and access control for Amazon CloudWatch


CloudWatch EC2 Monitoring Levels

  • Basic Monitoring sends data to Amazon CloudWatch every 5 minutes for a limited number of metrics and can be used free of charge.
  • Detailed Monitoring sends data to Amazon CloudWatch every 1 minute and allows data aggregation for an additional charge. Data Aggregation is offered across Availability Zones within a region, but you cannot aggregate data across regions

Custom Metrics

While you have visibility to metrics that affect the AWS host servers themselves, you do not by default have access to instance specific metrics such as memory consumption or disk metrics visible to the Operating System.  In such cases, you can create custom metrics.  CloudWatch supports API calls where programs and scripts can make PUT requests into CloudWatch, using name-value pairs.  This can then be used to create alarms or trigger action as required.

Metric Granularity

The minimum granularity supported by CloudWatch is 1 minute. Many metrics are received and aggregated at 1-minute intervals. Some are received at 3 or 5-minute intervals. This will depend on the AWS service. The minimum granularity supported by CloudWatch for Custom Metrics is 1 minute.

CloudWatch Logs

Amazon CloudWatch Logs can then be used to monitor and access log files from EC2 instances, CloudTrail and other services.  CloudWatch can also store historical log files in S3 and Glacier.  CloudWatch Log Agents can be installed on certain EC2 instances to automatically send log data to CloudWatch.  With CloudWatch Logs, you can:

  • Perform Real-time Application and System Monitoring
  • Store your log data for as long as you need in highly durable and cost effective storage
  • Use EC2Config service to send a variety of data and log files to CloudWatch including custom text logs, Event logs, Event Tracing (ETW) logs, and Performance Counter data.
  • Note: CloudWatch Logs Agent will send log data every five seconds by default. Also note that CloudWatch Logs can ingest, aggregate and monitor any text based common log data or JSON-formatted logs.
  • You can retrieve any of your log data using the CloudWatch Logs console or through the CloudWatch Logs CLI

CloudWatch Alarms

CloudWatch Alarms can be set up to send Amazon SNS messages when an alarm is active.  Each alarm will monitor a metric over a period of time and perform one or more actions depending on the value of the metric and when it crosses a threshold for a period of time specified.  A notification is then sent to an SNS topic or another endpoint such as an auto scale policy.  Note that:

  • An alarm will invoke an action if the state of change exist for a period of time specified
  • After an alarm has been invoked, addition behaviours are determined by the type of action that was associated with the alarm:
    • Alarms invoking SQS policy notifications will continue for periods that the alarm remains active
    • Alarms invoking SNS notifications are only triggered once and no additional action is invoked

An alarm can be in the following three states:

  • OK
  • Alarm
  • Insufficient_Data


Integration with IAM

Amazon CloudWatch integrates with AWS Identity and Access Management (IAM) so that you can specify which CloudWatch actions a user in your AWS Account can perform. IAM policies can be created to give only certain users in your organisation permission to use GetMetricStatistics. They could then use the action to retrieve data about your cloud resources.

You cannot use IAM to control access to CloudWatch data for specific resources. For example, you can’t give a user access to CloudWatch data for only a specific set of instances or a specific Load Balancer. Permissions granted using IAM cover all the cloud resources you use with CloudWatch.

Additional Key Points:

  • You cannot use IAM roles with the Amazon CloudWatch command line tools.
  • You can retrieve CloudWatch metrics using Get requests. You can further aggregate metrics across length of time etc when using Detailed Monitoring
  • Cloud Watch cannot be used to aggregate data across regions but can be used to aggregate data across Availability Zones within a Region

Some Limitations

  • AWS Accounts are limited to 5000 alarms
  • Alarm History is kept for 14 days by default
  • CloudWatch launched extended retention of metrics on November 1, 2016. The feature enabled storage of all metrics for customers from the previous 14 days to 15 months. CloudWatch Metrics now supports the following three retention schedules
    • 1-minute data points are available for 15 days
    • 5-minute data points are available for 63 days
    • 1-hour data points are available for 455 days


180 Practice Exam Questions – Get Prepared for your Exam Day!

Our Exam Simulator with 180 practice exam questions comes with comprehensive explanations that will help you prepare for one of the most sought-after IT Certifications of the year.  Register Today and start preparing for your AWS Certified Solutions Architect – Associate Exam.

Close Popup

We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.

Close Popup
Privacy Settings saved!
Privacy Settings

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. Control your personal Cookie Services here.

These cookies are necessary for the website to function and cannot be switched off in our systems.

Technical Cookies
In order to use this website we use the following technically required cookies
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

We use WooCommerce as a shopping system. For cart and order processing 2 cookies will be stored. This cookies are strictly necessary and can not be turned off.
  • woocommerce_cart_hash
  • woocommerce_items_in_cart

Decline all Services
Accept all Services
Open Privacy settings