AWS Cloudtrail vs Cloudwatch in 15 minutes | AWS tutorial for beginners

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone in this video I'm gonna talk about the differences between AWS cloud trail and Amazon Cloud watch so first of all let's start by talking about the similarities between the two services both of them start with the cloud right we know that so it's kind of confusing because it's cloud watch and cloud trail but they also both provide logging capability right you can log with cloud watch and you can log with cloud trail and I think this is where people are confused you know this is what makes people confused because they both have logs so which one is for what let's start with cloud trail cloud trail is concerned mainly with who did what on AWS right it's concerned with people within your account like users or services within your account cloud trail is a service that enables governance compliance operational auditing and risk auditing on your AWS account let's say that everything the users on your account do on AWS is logged all right so let's say that someone logs into your AWS console then the time they logged in will be logged on cloud trail right not only that it will also tell you the IP address they use to log into the console if someone says I'm out of town and I'm gonna work you know from from my computer you can see that maybe they're not out of time because you have their IP address visible in cloud trail one of your users shut down your ec2 instance right they cannot deny that they didn't terminate it because everything is logged you can see that these things are helpful in auditing what happened in your account what happened to your resources one of the cool features about cloud trail is that you can centralize all the logs across regions and not only that you can centralize logs across many accounts that you control everything that you do on AWS at the account level like you log into the AWS console you know you launch ec2 instances you delete a bucket everything can be logged with cloud trail so cloud trail logs activities of users and services on your account so this is my cloud trail dashboard and as you can see I can see the recent events in here right I can see events going back up to 90 days and if I click on view all events let's see what we see here I can see that you know there's something called event time user name and event name right now all of these look and they look very similar described stream but you know what these things are they are logs of what happened in my account right so looks like a user called AWS lambda described a stream right now if I click on filter and filter by user name what if I filter by the root user right I can see that the root user at 12:56 p.m. did this described instances right or instance credit specifications described alarms but then you can also see all the things that this user did which is the root user of this account and you know he described the tags he described the instances he terminated the instances now this is a event that I'm interested in let's say that I want to see who terminated my ec2 instances the root user did that you know he terminated the resource name this instance with an ID of this now I can also go down and I can see other things that the root user did you know all the same all in June 27th right I can also check for my user one of my user is named Kieran so I'm gonna type in his name and see what he did looks like he logged into the console at 10:03 p.m. that was on 18th of June right so I can see that he hasn't used this account recently it's been about 10 days since the user last login so I can view things like this you know I can see that he performed all these things and just by looking at this I can see that he does not log into the account very much because on the 18th he only performed two tasks and it was just logins and the 17th it was a little bit more tasks so you can see that you know I can see that he authorized security group ingress you know at this time right I can see that he described security groups now let me you know filter by something else let me filter by event name let me filter let's say that I want to see who terminated my instances so let me do this let me go all the way down to terminate terminate instances and I can see all the terminate instances API calls that have been made on my account now I'm the root account here so I'm fine with all these events but then I can see that someone else has been terminating my account right auto-scaling but that's fine because auto-scaling means that you know I had an auto scaling group going on so this time auto-scaling terminated I found right now if I expand one of the events where the root user terminated my ec2 instance one of my ec2 instance I can just click on the expand button then I'll see you know the access key that was you you know things like the region eventid but you know also the source IP address right where did the user execute this terminate instance called from just the source IP is this which means that the user performed the action from this IP address so this could be his home or office you know I could check the previous records and see you know if this is the same IP maybe I've told him not to you know execute things from outside his you know house or our office or something like that so you know I can also check for compliance by checking for things like source IP now if I expand the for example to auto-scaling right all the scaling event if I click on it then you will see that there will be no IP because the source is you know Amazon AWS comm or you know it was one of the services so there's not going to be an IP address so as you can see you know we can expand the events a little bit and see a little bit more details as well so as you can see you know what I get from cloud trail is at what time what user did what right at this time the root user terminated the easy to instance and I sometimes I can even see the resource name and resource type so this is what cloud trail does and really quickly I want to show you that if I go to my trail you know I can set up my trail to go to s3 bucket you know I could centralized my logging from all the reasons to one bucket whatever we saw in here so this is the cloud trail logs right so this is the cloud trail logs now let's move on to cloud watch cloud watch mainly is concerned with what's happening with AWS resources right now in my account so that you can spawned to it right cloud watch has metrics and alarms cloudless also has logs right and cloud watch also has something called cloud watch events let's quickly go to the cloud watch dashboard and see what cloud watch has to offer so this is my cloud watch console you know let me quickly summarize what you get with cloud watch with cloud watch you can create something called alarm you know you can monitor things and you can set an alarm when something happens right you can also have metrics not just the default metrics but also costume metrics now what do I mean by metrics if I go to my ec2 dashboard and you know you must have worked with Amazon ec2 if I click on one of my ec2 instance right this one if I go to the monitoring tab and if I bring this up I can see what's happening with my ec2 instance real-time right I can see that the CPU utilization is somewhere around 20 percent right since last hour I can see that network packets are like thousand you know they're consistent I can see networking and all these things one thing you might have noticed I don't see memory utilization now that's what I meant when I said you can do custom metric these are the metrics I get but then on I can also have a costume metric to monitor my memory utilization of ec2 in fact I have a video where I show you how to measure the memory utilization of ec2 I'm going to be linking that in the description below I'm gonna go to my lambda function and I showed you an example of cloud watch for ec2 now there's also cloud watch for lambda function right cloud watch is integrated with many services so you can also monitor your lambda function with cloud watch right and I can say last seven days I can see how many times this function was invoked only two times so this is not a popular function I can see the duration the errors and all that there you know all those things now I know that this one is a popular one so I can see that you know it's being invoked 30 times and there are no errors right because I would be in trouble if this was in error because this is in production right now so I can see that everything is good over here so I'm you know I'm okay I should not make any changes now when I see errors in here then I see that something is wrong and I need to make some changes right so this is how we can monitor your lambda function with once again this is cloud watch right cloud watch metrics at a glance so but that's metrics right now let's come to logs I think this is where everything is confusing right you know with cloud watch logs you can send application logs for example your web server logs to cloud watch so that you can see what's happening with your web server like who is coming into your web server and things like that you can also use cloud watch logs to monitor or log your lambda function and I think that's one of the coolest use case of cloud watch logs so I'm going to quickly go to my lambda function log so this is what my logs look like if I click on one event I can see you know this is one of the executions of lambda functions and I can see that you know these things happened right so I can I printed something so this is the print statement and you know these things happen I can also see sometimes if they you know if the lambda function failed it will give me an error you know things like that so cloud watch logs you can use cloud wash logs to log your application right you can send your application - cloud watch to summarize cloud trail is concerned with who did what on your account right who did who dominated your ec2 instances right cloud watch is concerned with what's happening to your ec2 instances you know what's the CPU utilization what's the memory utilization right going back you know cloud watch is concerned with what's happening in your AWS resources what's happening with your AWS resources cloud really is concerned with who did what on your AWS account right so I hope that clears everything if you have any questions please ask them in the comment section if you like this video please press that like button and subscribe to my channel I also have some udemy courses you're free to check them out I'm gonna link those courses in the description if you browse through my channels you will see some free udemy course coupons floating around so you're happy to you know you're welcome to do that as well if you want I'm gonna see you in the next video thank you so much for watching
Info
Channel: CloudYeti
Views: 62,357
Rating: undefined out of 5
Keywords: aws, kms, amazon web services, aws certified solutions architect associate level, aws developer exam, aws cloudtrail, cloudwatch, aws simple, cloudwatch vs cloudtrail, cloud computing, aws tutorial, aws training, aws cloud, cloud, cloud computing 2019
Id: SRCS820Tr8c
Channel Id: undefined
Length: 14min 41sec (881 seconds)
Published: Wed Jun 27 2018
Related Videos
Performing a Security Assessment of the Cloud using the Risk Management Framework: A Case Study
Amazon Web Services
24K
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS Tutorial | Edureka
edureka!
120K
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Beginners | Simplilearn
Simplilearn
330K
How to install the AWS CLI on macOS in 2021
99th Cloud
1.7K
Monitoring Resources on AWS: CloudWatch Metrics and Dashboards
Springfield Amazon Web Services User Group
48K
AWS re:Inforce 2019: Implementing Your Landing Zone (FND210)
Amazon Web Services
25K
AWS - CloudWatch Logs
AWS Training Center
50K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.