Adrian Cantrill’s SAA-C02 study course, learn.cantrill.io, 60 minutes:
Advanced EC2 Section: ‘System and Application Logging on EC2’, ‘[UPDATE][DEMO] Logging and Metrics with CW agent – part 1’, ‘[UPDATE][DEMO] Logging and Metrics with CW agent – part 2’
System and application logging section started with a brief mention of cloudwatch and its metrics , emphasizing that it accesses metrics that are available on the ‘face’ of the EC2 instance- it does not natively capture data inside an instance. For os level logging or logging from within the EC2 instance, Cloudwatch agent is required. It is a piece of software which runs inside the EC2 instance on the os, captures visible data and sends to cloudwatch or cloudwatch logs. To do this it needs the configuration and permissions necessary to send the data into those products. For permissions, best practice is to create an IAM role with the necessary permissions and then attach the role to the EC2 instance to provide access to Cloudwatch and the Cloudwatch log service. The agent cofiguration configures the metrics and logs to capture, and these are injected into Cloudwatch using log groups- one log group for each file, and a log stream is generated within each log group. There are a number of ways to obtain and store the configurations needed, and the Parameter Store is one such way.
This was followed by a two part demo implementing everything that was summarized in the foregoing paragraph. First a CFN template was run which created all the necessary infrastructure, including the EC2 instance we would use, and then the Cloudwatch agent was installed in the instance, and this was partly due to an IAM role that was created and attached to the EC2 instance. The IAM role contained all the necessary information necessary to allow the agent to collect and transmit data from the os level of the instance as intended.
This was followed by a readthrough of the CCSK study guide which my current mentor wants me to become familiar with as soon as possible. I will be balancing preparing for the CCSK certification exam along with researching possible entry-level jobs and cloud security roles.