AWS Knowledge Hub

English

Tiếng Việt

English

Tiếng Việt

Appearance

Monitoring Strategy

A comprehensive observability strategy is essential for maintaining reliable, performant applications on AWS. This guide outlines best practices for monitoring, logging, and tracing across your infrastructure.

The Three Pillars of Observability

Metrics

What to Monitor:

  • Infrastructure metrics: CPU, memory, disk I/O, network throughput
  • Application metrics: Request rates, error rates, latency (p50, p95, p99)
  • Business metrics: User signups, transactions, revenue
  • Custom metrics: Domain-specific KPIs

Best Practices:

  • Use CloudWatch Metrics for AWS service monitoring
  • Implement custom metrics for application-specific insights
  • Set up metric alarms for proactive alerting
  • Use metric math to create composite metrics
  • Leverage CloudWatch Insights for log-based metrics

Logs

What to Log:

  • Application logs: Errors, warnings, info-level events
  • Access logs: API Gateway, ALB, CloudFront access patterns
  • Audit logs: CloudTrail for API calls and security events
  • System logs: OS-level events, container logs

Best Practices:

  • Centralize logs in CloudWatch Logs or S3
  • Use structured logging (JSON format)
  • Implement log retention policies
  • Enable log encryption at rest
  • Use log groups for logical organization
  • Set up log-based alarms

Traces

What to Trace:

  • Request flows: End-to-end request paths across services
  • Service dependencies: Inter-service communication patterns
  • Performance bottlenecks: Slow operations and database queries
  • Error propagation: How errors flow through distributed systems

Best Practices:

  • Use AWS X-Ray for distributed tracing
  • Instrument applications with X-Ray SDK
  • Trace all external API calls and database queries
  • Use sampling to control trace volume
  • Create service maps for visualization

Monitoring Architecture Patterns

Centralized Monitoring

Pattern:

  • Single CloudWatch account for all metrics and logs
  • Cross-account log aggregation
  • Centralized dashboards and alarms

Use Cases:

  • Multi-account AWS organizations
  • Enterprise environments
  • Compliance requirements

Distributed Monitoring

Pattern:

  • Service-specific monitoring per account
  • Aggregated views for cross-service insights
  • Independent alerting per service

Use Cases:

  • Microservices architectures
  • Independent service teams
  • High isolation requirements

Alerting Strategy

Alert Levels

  1. Critical: Immediate action required (P0 incidents)

    • Service outages
    • Security breaches
    • Data loss events

  2. High: Urgent attention needed (P1 incidents)

    • Performance degradation
    • Error rate spikes
    • Capacity thresholds

  3. Medium: Monitor and investigate (P2 incidents)

    • Warning conditions
    • Trend anomalies
    • Resource utilization

  4. Low: Informational (P3 incidents)

    • Scheduled maintenance
    • Capacity planning
    • Optimization opportunities

Alert Best Practices

  • Avoid alert fatigue: Only alert on actionable conditions
  • Use composite alarms: Combine multiple metrics to reduce noise
  • Implement alert routing: Route to appropriate teams/channels
  • Set up escalation policies: Define clear escalation paths
  • Test alerting: Regularly verify alerts work correctly
  • Document runbooks: Provide clear response procedures

Cost Optimization

Monitoring Costs

  • CloudWatch Metrics: First 10,000 custom metrics free, then $0.30/metric/month
  • CloudWatch Logs: $0.50/GB ingested, $0.03/GB stored/month
  • X-Ray: First 100,000 traces free, then $5.00/1M traces

Optimization Strategies

  • Use metric filters instead of custom metrics where possible
  • Implement log sampling for high-volume applications
  • Set appropriate log retention periods
  • Use S3 for long-term log archival
  • Leverage X-Ray sampling to control trace volume
  • Delete unused dashboards and alarms

Implementation Checklist

  • Define monitoring requirements for each service
  • Set up CloudWatch dashboards for key metrics
  • Configure log aggregation and retention
  • Implement distributed tracing with X-Ray
  • Create alerting rules with appropriate thresholds
  • Document runbooks for common incidents
  • Set up cost budgets for monitoring services
  • Establish on-call rotation and escalation procedures
  • Regular review and optimization of monitoring setup