Observability is a popular term used to describe how well your team can understand the internals of your production system (not just your applications) by asking questions from the outside.
“Internals” in this context is usually your applications. Apps are important but systems are composed of many moving parts not just your apps or (fancy) microservices. Your infrastructure and other critical tools that your development processes depend on should also be monitored against for changes.
The one that needs the most attention is your cloud provider because it is responsible for most of your infrastructure. In this blog post, we will focus on Amazon Web Services’ (AWS) observability and share what AWS offers for your cloud infrastructure observability.
AWS has categories in the console. Management & Governance is the one that you should be paying attention to if you are looking for infrastructure observability services.
No surprise for AWS users, CloudWatch is one of the most popular services within AWS because it is connected to nearly all services by default. You start using it when you start deploying stuff.
Amazon CloudWatch offers observability for your AWS resources and apps. It is a must used one. For the infrastructure part, it integrates with other services such as Amazon EC2, DynamoDB, S3, ECS, Lambda, and more. These services send critical metrics to CloudWatch. You can then use these 1-minute metrics with up to 1-second granularity. You can dive deep into your logs for additional context. For example, these are some DynamoDB metrics at one-minute intervals:
AWS Systems Manager
AWS Systems Manager is an underrated service. Everyone who uses EC2, S3, or RDS should give it a shot. It is a complimentary service that offers automation for observability. The only problem with Systems Manager is that is capable of offering much more than automation and that makes it hard to master. Using the Systems you can group resources, visualize, and take action. It is your go-to service for operational issues. In the upcoming blog post, we will do a deep dive into each service mentioned here and Systems Manager is the one you should definetely be reading with its many capabilities.
AWS Service Catalog
AWS Service Catalog is critical for big enterprises where resources are governed using an ITSM tool like ServiceNow or Jira Service Desk. It is the bridge between AWS and your internal services team. When a new service needs to be provisioned, the AWS service catalog is integrated with your internal service manager to keep track of changes, contractions, and get the approval for provisioning and deleting resources. As noted in the beginning, this service is useful for bigger companies. If your company is under a thousand employees and doesn’t have an established ITSM tool, you probably don’t need it.
AWS CloudTrail is a must service that needs to be enabled in production by default. This is a recommended practice by AWS, mentioned in the AWS Well-Architected Framework as well. It helps with tracking user activity and API usage in near real-time. This real time change data is critical for compliance and operational auditing. You can get these events streamed into other services within or outside of AWS for further analysis. Other services within AWS also makes use of this data.
The last but not the least important one is AWS Config. Config is one of the most critical services within AWS, especially for companies with compliance requirements. As a complementary, cost-effective, and extended version of AWS Config, at Resmo we also focus on bringing every resource configuration change in one place like AWS Config. The main difference between Config and CloudTrail is that Config offers rule checks and compliance monitoring out of the box.
In this blog post, we covered five native AWS services that helps us with cloud observability. In the upcoming blog posts, we want to do hands-on deep dives for these services. Let us know which one you’d like to learn more about on Twitter and LinkedIn.
And! SIGN UP for our early access program, we are about to go on private launch and make resource configuration monitoring and compliance much easier for every AWS user!