Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real time. You can use CloudWatch to collect and track metrics, which are variables you can measure for your resources and applications. Show
The CloudWatch home page automatically displays metrics about every AWS service you use. You can additionally create custom dashboards to display metrics about your custom applications, and display custom collections of metrics that you choose. You can create alarms that watch metrics and send notifications or automatically make changes to the resources you are monitoring when a threshold is breached. For example, you can monitor the CPU usage and disk reads and writes of your Amazon EC2 instances and then use that data to determine whether you should launch additional instances to handle increased load. You can also use this data to stop under-used instances to save money. With CloudWatch, you gain system-wide visibility into resource utilization, application performance, and operational health. Accessing CloudWatchYou can access CloudWatch using any of the following methods: The following services are used along with Amazon CloudWatch:
Amazon CloudWatch is a monitoring and observability service that provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, and optimize resource utilization. You can utilize various CloudWatch capabilities to monitor the health of your application that is available over the internet, or resides within an Amazon Virtual Private Cloud (Amazon VPC) or in an on-premises network. Utilize CloudWatch Synthetics to create canaries, which are configurable scripts that run on a schedule to monitor the health of your endpoints and APIs. Canaries create Lambda functions in your account that use Node.js or Python as a framework. They check the availability and latency of your endpoints and can store load time data. You can monitor your REST APIs, URLs, and website content, as well as check for unauthorized changes from phishing, code injection, and cross-site scripting. In the following sections, this post provides a solution for customers to monitor the availability and health of their on-premises application using CloudWatch Synthetics. This solution requires Amazon VPC to be connected to the on-premises network either via AWS Site-to-Site VPN or AWS Direct Connect connection. Solution overviewThe following figure shows an architecture diagram for setting up a Synthetics canary to monitor the application inside of an on-premises network. It also shows network traffic flow from the Synthetics canary to the application. The VPC doesn’t have internet access enabled. If the DNS for the private application is hosted in an on-premises network, then the customers can utilize Route53 resolver outbound endpoint to forward DNS requests to the on-premises DNS servers. Solution implementationThe solution consists of the following three parts: PART A. Creating a Heartbeat Canary using CloudWatch Synthetics. PART B. Enabling Hybrid DNS between Amazon VPC and on-premises (optional). PART C. Viewing Canary run metrics. PART A: Creating a Heartbeat Canary using CloudWatch SyntheticsStep 1: VPC connection with on-premisesCreate VPC if one isn’t already configured, and then note the VPC ID, private subnet IDs, and security group IDs for later use when configuring the Synthetics canary. Make sure that this VPC has private connectivity with the on-premises network (where the application is hosted). The private connection can be either Site-to-Site VPN or Direct Connect. If no private connection with on-premises exists, then create one using setting up VPN or setting up Direct Connect in AWS. Step 2: Enable Internet access/VPC endpoints for VPC
Step 3: Configure canary details
Step 4: Configure VPC settings
Step 5: Create canary(This step should take approximately one minute to process. Wait until the canary is created and started.) PART B: Enabling Hybrid DNS between Amazon VPC and on-premises (optional)This part is only needed if you specify a Fully Qualified Domain Name (FQDN) of the application under endpoint URL, and the FQDN can be only resolved by on-premises DNS servers. For testing purposes, you can also specify private IPv4 address of your on-premises application under endpoint URL – see the following figure. Step 1: Create Route 53 Outbound Endpoint
1. IP address #1: i. Availability Zone: <Select-AZ-1> 2. IP address #2: i. Availability Zone: <Select-AZ-1> ii. Subnet: <Private-Subnet-AZ-1> iii. Select Use an IP address that is selected automatically 3. Select Create outbound endpoints. Step 2: Create Route 53 Conditional Forwarding Rules.
1. Name: <outbound-rule-name> 1. <On-Premise-DNS-Server-IP-Address-01>Port: 53 2. Select Add target. 3. <On-Premise-DNS-Server-IP-Address-02>Port: 53 4. Select Submit. PART C: Viewing Canary run metricsNavigate to the canary details page by selecting the canary from the canaries list page. (You should see that the canary is in Running state). The following figure shows the successful configuration of Synthetic canaries that can reach the on-premises application and results in metrics that are populating in near real-time. In addition, the following figure shows the different metrics emitted by CloudWatch Synthetics that can be used to monitor the availability and health of the on-premises application. CleanupConclusionIn this post, we used CloudWatch Synthetics residing in a VPC to route to an on-premises network via a private connection over Site-to-to VPN or Direct Connect. You can also use CloudWatch Synthetics to provide insights into your on-premises application. These insights in the form of metrics and alarms can be utilized in your centralized CloudWatch Dashboard that acts as single view for monitoring AWS and on-premises resources. In addition, you can use CloudWatch Synthetics to monitor individual web pages, multi-page web workflows such as wizards and checkouts, and API endpoints, with metrics stored in CloudWatch. You can set CloudWatch alarms so that you’re notified when thresholds based on performance, behavior, or site integrity are crossed. To learn more about CloudWatch Synthetics, see the CloudWatch Synthetics documentation. About the author: Mankaran Singh is a Solutions Architect with over 5 years of experience working at AWS, where he specializes in networking services. During his free time, Mankaran likes to explore new hiking trails, try new cuisines, and watch sports. |