Handy Checklist Useful for AWS Operations
AWS operations team monitors its resources. When the team has good knowledge so they can monitor resources flawlessly.
AWS Operations questions
1. Which AWS Cloud service allows you to gain system-wide visibility into resource utilization, application performance, and operational health?
CloudWatch
2. Which AWS Cloud service enables you to capture information about the IP traffic going to and from network interfaces in your VPC?
Flow log data in CloudWatch
3. Which AWS Cloud service enables governance, compliance, operational auditing, and risk auditing of your AWS account?
CloudTrail
4. Which of the following services acts as a virtual firewall that controls the traffic for one or more instances?
Security Groups
5. Each AWS region is composed of two or more locations that provide you with the ability to introduce high availability, fault tolerance, and/or scale to your applications. What are these locations called?
Availability Zones
Advertisements
6. What AWS Cloud service is designed to give you an easy way to establish a trusted relationship between your Active Directory and AWS?
Active Directory Connector
7. What AWS Cloud service provides a logically isolated section of the AWS Cloud where systems operators can launch AWS resources into a virtual network they defined?
VPC
8. You manage a fleet of web servers hosted on Amazon Elastic Compute Cloud (Amazon EC2). Most, if not all, of the websites, are static in nature. What AWS Cloud service can host a static website, thus replacing servers?
AWS S3
9. In what file are your Access Key and Secret Key stored after executing the AWS configure command?
Credentials
10. How to monitor AWS ECS?
Monitoring
The primary tool used for monitoring your Amazon ECS clusters is AWS CloudWatch.
Amazon CloudWatch collects Amazon ECS metric data in one-minute periods and sends them to Amazon CloudWatch.
Amazon CloudWatch stores these metrics for two weeks. You can monitor the CPU and memory reservation and utilization across your cluster as a whole and the CPU and memory utilization on the services in your cluster.
You can use Amazon CloudWatch to trigger alarms, set notifications, and create dashboards to monitor the services.
Once it’s set up, you can view Amazon CloudWatch metrics in both the Amazon ECS console and the Amazon CloudWatch console.
ECS Console provides 24 hrs View. AWS CloudWatch provides customizable view of services. CloudTrail Log all AWS ECS API calls.
AWS Trusted advisor- You can monitor all AWS resources.
The Amazon ECS console provides a maximum 24-hour view while the Amazon CloudWatch console provides a fine-grained and customizable view of running services.
The other tool available is AWS CloudTrail, which will log all Amazon ECS API calls.
AWS Trusted Advisor is another source for monitoring all of your AWS resources, including Amazon ECS, to improve performance, reliability, and security.
There is no additional cost for using Amazon ECS. The only charges are for the Amazon EC2 instances or AWS Lambda requests and compute time.
Security
With the ECS, you can control the below
- Control who can create task definitions.
- Control who can deploy clusters.
- Control who can access the Amazon EC2 instances.
You can use IAM roles, security groups, and (because these Amazon EC2 instances — are located in an Amazon VPC) network Access Control Lists (ACLs) and route tables to control the access to the Amazon EC2 instances.
