CloudWatch & Config: Effortless Monitoring Mastery

How to effortlessly monitor compliance and how to find the needle in the haystack of log

Published Jan 20, 2024
At the heart of re:Intent 2023, the focal points were the groundbreaking advancements in generative AI and the revolutionary Bedrock service. The effect of these innovations extended to various AWS services, notably transforming Amazon CloudWatch into the ultimate single-pane-of-glass solution for monitoring your Cloud environment and making compliance a little bit easier wit Config enhancements
Now, let's get down to the good stuff — the enhancements that have not just fine-tuned but totally transformed the way we do monitoring. Imagine a world where keeping an eye on things is not just smarter but as easy as having a conversation or more human - friendly:
Amazon Cloudwatch - natural language query generator - Did you ever wonder, how you can create Log insights query, without digging in complex syntax?. Now it is easier than ever. You prompt your question in natural language and NLQG generates the log insights query for you. CloudWatch becomes your responsive companion. Let try the new feature in North Virginia:
  • To try the new feature we go to AWS Cloudwatch in console in us-east-1 -> Log insights -> Query generator and we type the following prompt:

Show me the 10 most denied aws api calls in current account
  • The query generator will do the magic for you and will suggest something following query:

fields errorCode, eventName, userIdentity.userName

| filter errorCode = "AccessDenied"

| stats count(*) as accessCount by errorCode, eventName, userIdentity.userName

| sort accessCount desc

| limit 10
  • The Query generator will not run, before you click on the
Run Query
  • The results are really satisfying
Cloudwatch NLP query
In conclusion the new future makes querying logs more user friendly and more use-case driven. You are focusing on the business need and not how to do it.
AWS Cloudwatch Logs Anomaly detection - How can we identify the root cause, when the volume of the log data is huge? With the Anomaly detection feature this is possible. It summarises the logs and help you find the needle in the haystack. This can even answer to the question what is the root cause of the issue. You can activate it per log group. Usually it takes between 5 minutes and 24 hours depending on the size of the log group
Anomaly detectiion
AWS Config NL Query Processor: Simplifying Resource Compliance
Managing compliance and resource configurations can be complex and time consuming, but not anymore. The AWS Config NL Query Processor allows you to seek information effortlessly by posing questions in plain language. Whether you're in search of compliant or noncompliant resources, encrypted or unencrypted volumes, or secrets with no rotation, simply ask without the need for SQL expertise. And for those who want to take it a step further, advanced queries are now within reach, making the seemingly complex, simple.
If we head to the root account and AWS Config -> Advanced queries -> Query editor -> Natural language query processor (In Preview )and type following prompt in the :

Show me all EC2, that have unencrypted volume
Query processing
Config NLP Query processing
The result is showing the EBS volumes, that are unencrypted, although I asked for instances. On a positive side it is still in preview and I think we are still in the beginning and there are more enhancements, that will ease our day-to-day activities in the coming years. It is definitely a good start and something that I will continue to use.
As we explore these enhancements, it's evident that CloudWatch is not just another monitoring tool; it's a companion in your Cloud journey, adapting to your needs with intelligence and ease. Config is becoming a smarter CMDB for cloud resources. The future of monitoring and compliance is here, and it's not just about data; it's about making data work for you. And this is just the beginning :)