AWS CloudWatch Tutorial
1. Creating and Managing CloudWatch Logs
Example 1: Create a Log Group
aws logs create-log-group --log-group-name MyAppLogs
Explanation
Creates a new CloudWatch log group to organize logs.
aws logs create-log-group
The log group name must be unique within the AWS account.
--log-group-name MyAppLogs
CloudWatch uses log groups to manage retention and access policies.
create-log-group
A log group is required before adding log streams.
create-log-group
Example 2: Create a Log Stream
aws logs create-log-stream --log-group-name MyAppLogs --log-stream-name MyInstanceLogs
Explanation
Creates a log stream inside a log group for specific logs.
aws logs create-log-stream
Log streams store sequential log events from applications or services.
--log-stream-name MyInstanceLogs
Used to separate logs from different instances or services.
create-log-stream
A log stream must exist before sending logs to it.
create-log-stream
Example 3: Send Logs to CloudWatch
aws logs put-log-events --log-group-name MyAppLogs --log-stream-name MyInstanceLogs --log-events '[{"timestamp": 1700000000000, "message": "App started successfully"}]'
Explanation
Writes log events to a CloudWatch log stream.
aws logs put-log-events
Each log event requires a timestamp and message.
{"timestamp": 1700000000000, "message": "App started successfully"}
Timestamps must be in Unix epoch milliseconds format.
"timestamp": 1700000000000
Ensures logs are indexed and searchable in CloudWatch.
put-log-events
Example 4: Retrieve Logs from CloudWatch
aws logs get-log-events --log-group-name MyAppLogs --log-stream-name MyInstanceLogs --limit 10
Explanation
Fetches log events from a specific log stream.
aws logs get-log-events
Limits the number of returned logs to 10.
--limit 10
Useful for debugging or monitoring application health.
get-log-events
Can be integrated with automation tools for alerting.
get-log-events
2. Monitoring AWS Services with CloudWatch Metrics
Example 1: List Available Metrics
aws cloudwatch list-metrics --namespace AWS/EC2
Explanation
Lists all CloudWatch metrics for an AWS service.
aws cloudwatch list-metrics
The namespace
AWS/EC2returns EC2 instance metrics.--namespace AWS/EC2
Useful for identifying available monitoring parameters.
list-metrics
Custom namespaces can be used for application-specific metrics.
list-metrics
Example 2: Get CPU Utilization for an EC2 Instance
aws cloudwatch get-metric-statistics --namespace AWS/EC2 --metric-name CPUUtilization --dimensions Name=InstanceId,Value=i-1234567890abcdef0 --start-time 2024-02-10T00:00:00Z --end-time 2024-02-10T12:00:00Z --period 3600 --statistics Average
Explanation
Retrieves CPU utilization statistics for an EC2 instance.
aws cloudwatch get-metric-statistics
Filters by instance ID (
i-1234567890abcdef0).--dimensions Name=InstanceId,Value=i-1234567890abcdef0
Fetches data within a specific time range.
--start-time 2024-02-10T00:00:00Z --end-time 2024-02-10T12:00:00Z
Returns averaged statistics over 1-hour periods.
--period 3600 --statistics Average
Example 3: Create a Custom Metric
aws cloudwatch put-metric-data --namespace "MyAppMetrics" --metric-name "RequestCount" --value 5 --unit Count
Explanation
Sends custom application metrics to CloudWatch.
aws cloudwatch put-metric-data
Uses a custom namespace (
MyAppMetrics).--namespace "MyAppMetrics"
Tracks an application-specific metric (
RequestCount).--metric-name "RequestCount" --value 5
Metric unit defines how data is measured (
Count).--unit Count
Example 4: Set Alarm on CPU Usage
aws cloudwatch put-metric-alarm --alarm-name HighCPUUsage --metric-name CPUUtilization --namespace AWS/EC2 --dimensions Name=InstanceId,Value=i-1234567890abcdef0 --statistic Average --period 300 --threshold 80 --comparison-operator GreaterThanThreshold --evaluation-periods 2 --alarm-actions arn:aws:sns:us-east-1:123456789012:MySNSTopic
Explanation
Creates an alarm to monitor high CPU usage.
aws cloudwatch put-metric-alarm
Triggers when CPU utilization exceeds 80%.
--threshold 80 --comparison-operator GreaterThanThreshold
Evaluates metric over 5-minute intervals.
--period 300 --evaluation-periods 2
Sends notifications to an SNS topic.
--alarm-actions arn:aws:sns:us-east-1:123456789012:MySNSTopic
3. CloudWatch Logs Insights (Log Analysis & Querying)
Example 1: Query Logs for Errors
aws logs start-query --log-group-name MyAppLogs --query-string 'fields @timestamp, @message | filter @message like "ERROR"' --start-time 1700000000000 --end-time 1700000500000
Explanation
Executes a query in CloudWatch Logs Insights.
aws logs start-query
Filters logs containing the word
ERROR.filter @message like "ERROR"
Defines a time range for the query.
--start-time 1700000000000 --end-time 1700000500000
Useful for debugging application failures.
start-query
Example 2: List Active Queries
aws logs describe-queries --log-group-name MyAppLogs
Explanation
Shows running and completed log queries.
aws logs describe-queries
Helps track long-running queries in CloudWatch Logs Insights.
describe-queries
Provides query status and execution time.
describe-queries
Useful for monitoring and optimizing log analysis.
describe-queries
Example 3: Cancel a Running Query
aws logs stop-query --query-id "query-12345678"
Explanation
Stops an active CloudWatch Logs Insights query.
aws logs stop-query
Requires the query ID to terminate execution.
--query-id "query-12345678"
Prevents long-running queries from consuming resources.
stop-query
Useful for troubleshooting and query optimization.
stop-query
Example 4: Get Query Results
aws logs get-query-results --query-id "query-12345678"
Explanation
Retrieves results from a completed query.
aws logs get-query-results
Requires a query ID for fetching data.
--query-id "query-12345678"
Returns log data in a structured format.
get-query-results
Useful for analyzing application errors and performance.
get-query-results