# AWS CloudTrail
AWS records and tracks all Application Programming Interface (API) requests in your AWS account.

Requests can be intiated from:
* Software Development Kits (SDKs)
* AWS Command Line Interface (CLI)
* AWS Management Console
* Another AWS Service

For example, an auto scaling policy sends an API request to launch additional or terminate EC2 instances.<br>
Those API requests are recorded by CloudTrail.

## CloudTrail Events
Every API request captured is recorded as an 'event'

Multiple events are recorded within CloudTrail Logs

Events contain an array of associated metadata, including:
* Identity of the caller
* Timestamp of the request
* Source IP address

## CloudTrail Logs
New log files are created every 5 minutes.

Log files are delivered and stored within S3.

Log files can be stored for as long as required allowing you to review the history of all API requests.

CloudTrail Log files can also be delivered to CloudWatch Logs for metric monitoring and alerting via SNS.

## CloudTrail Infrastructure
CloudTrail is a global service supported in ALL regions.

Support for over 60 AWS services and features.

## Use cases for captured data
Effective for security analysis:
* Monitor restricted API calls
* Notification of threshold breaches

Resolve day to day operational issues
* Filtering mechanisms for isolating data
* Quicker root cause identification
* Speedy resolution

Able to track changes to your AWS infrastructure.

CloudTrail logs can be used as evidence for various compliance and governance controls:
* ISO
* PCI DSS
* FedRamp

# AWS Config
* Captures resource changes
* Acts as resource inventory
* Store configuration history
* Provides a snapshot of configurations
* Notifications about changes
* Provide AWS CloudTrail integration
* Use rules to check compliancy
* Security analysis
* Identify relationships

## Supported services and resources
This includes and not limited to:
* AWS Certification manager
* AWS CloudTrail
* EBS
* EC2
* EC2 system manager
* ELB
* Identity and Access Management (IAM)
* RedShift
* RDS
* S3
* VPC

# Amazon CloudWatch
CloudWatch is the window of the health and operational performance of your applications and infrastructure.

This gives you the opportunity to take advantage of the insights that CloudWatch presents.

Which in turn can trigger automated responses or provide you with the opportunity and time to make manual operational changes and decisions to optimise your infrastructure as required.

Understanding the health and performance of your environment is one of the fundamental operations you can do to help you minimise incidents, outages, and errors.

## CloudWatch components
### CloudWatch Dashboard
Using the AWS Management console, the AWS CLI, or the PutDashboard API, you can build and customise a apage using different visual widgets.

The resources within your customised dashboard can be from different regions.

Design and configure different dashboard to represent the data that you need to see from a business and operational perspective.

### CloudWatch Metrics and Anomaly Detection
Metrics are a key component and fundamental to the success of Amazon CloudWatch, they enable you to monitor a specific element of an application or resource over a period of time while tracking these data points.

Different services will offer different metrics.<br>
There are no DiskReads for S3 as it is not a compute service, so instead metrics relevant to the service are available, such as NumberOfObjects, which tracks the number of objects in a specified bucket.

By default everyone has access to a free set of metrics, and for EC2 these are collated over a 5 minute time period.

For an additional charge, you can enamble detailed monitoring which will allow you to gain a deeper insight by collating data across the metrics every minute.

You can also create your own custom metrics for your applications.

Custom metrics are region locked.

#### Anomaly detection
This allows CloudWatch to implement machine learning algorithmms against your metric data to help detect any activity that sits outside of the normal baseline parameters that are generally expected.

### CloudWatch Alarms
Amazon CloudWatch Alarms tightly integrate with metrics and allow you to implement automatic actions based on specific thresholds that you can configure relating to each metric.

When an alarm is triggered into a state of ALARM, it will turn red on the dashboard, giving a clear indication.

#### States of alarms
* OK - The metric is within the defined configured threshold
* Alarm - The metric has exceeded the thresholds set
* Insufficient Data - The alarm has just started, the metric is unavailable, or not enough data is available for the metric to determine the alarm state.

### CloudWatch EventBridge
CloudWatch EventBridge is the evolution of Amazon Events.

An event is anything that causes a change to your environment or application.

The big benefit of using CloudWatch EventBridge is that it offers the opportunity to implement a level of even driven architecture in a real-time decoupled environment.

#### Rules
A rule acts as a filter for incoming streams of event traffic and then routes these events to the appropriate target defined within the rule.

The rule itself can route traffic to multiple targets.

#### Targets
Targets are where the events are sent by the rules, such as:
* AWS Lambda
* SQS
* Kinesis
* SNS

All events received by the target are in a JSON format.

#### Event buses
An Event Bus is the component that actually receives the Event from your applications and your rules are associated with a specific event bus.

CloudWatch EventBridge uses a default event bus that is used to receive events from AWS services.

### CloudWatch Logs
CloudWatch Logs gives you a centralised location to house all of the logs from different AWS services that provide logs as an output, such as CloudTrail, EC2, VPC Flow logs, etc. in addition to your own applications.

CloudWatch Logs acts as a central repoistory for real-time monitoring of log data.

#### Unified CloudWatch Agent
Unified CloudWatch agent can collect logs and additional metric data from EC2 instances as well as on-premise services running either a Linux or Windows operating system.

This metric data is in addition to the default EC2 metrics that CloudWatch automatically configures for you.

## CloudWatch Insights
Insights provide the ability to get more information from the data that CloudWatch is collecting.

There are three types on insights:
* Log Insights,
* Container Insights, and 
* Lambda Insights

### Log Insights
This is a feature that can analyse your logs that are captured by CloudWatch Logs at scale in seconds using interactive queries delivering visualisations.

You can use Log insights to filter your log data to retrieve specific data allowing to gather insights that you are interested in.

### Container Insights
Container Insights allows you to collate and group different metric data from different container services and applications within AWS.

Container Insights also allows you to capture and monitor diagnostic data giving you additional insights into how to resolve issues that arise within your container architecture.

This monitoring and insight data can be analysed at the cluster, node, pod, and task level making it a valuable tool to help you understand your container applications and services.

### Lambda Insights
This feature provides the opportunity to gain a deeper understanding of the applications using AWS Lambda.

It gather and aggregates system and diagnostic metris related to AWS Lambda to help monitor and troubleshoot the serverless applications.