Professional Documents
Culture Documents
Monitoring/Metrics/Logging
1.1. Cloud Watch
Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you
run on AWS. You can use Amazon CloudWatch to
collect and track metrics,
collect and monitor log files,
set alarms, and automatically react to changes in your AWS resources.
Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon
DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your
applications and services, and any log files your applications generate. You can use Amazon
CloudWatch to gain system-wide visibility into resource utilization, application performance, and
operational health. You can use these insights to react and keep your application running
smoothly.
Namespaces are container for metrics.
Main Purpose
1.5. Cloud Trail
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk
auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain
account activity related to actions across your AWS infrastructure. CloudTrail provides event
history of your AWS account activity, including actions taken through the AWS Management
Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies
security analysis, resource change tracking, and troubleshooting.
Delegation: You can allow users in other AWS accounts, access to resources in your directly.
Federation : Federation allows users from external IDP's access to your account. Two Types of
federation
Corporate/Enterprise Identity Federation
o Source Include: Active Directory, LDAP
o You can use, Custom Federation proxy, SAML or AWS Directory Service.
Web/Social Identity Federation
2.2. Corporate Identity Federation
Get FederationToken doesn't support MFA
2.3. Web Identity Federation