1. What is CloudWatch?

Amazon CloudWatch is a monitoring and observability service for AWS resources and applications. It collects metrics, logs, and events, providing a unified view of operational health.

Core Concept

CloudWatch is the central monitoring hub for AWS. It collects data from 70+ AWS services automatically: CPU, memory, disk, network, request counts, errors, latency. You can set alarms to trigger actions when thresholds are breached, create dashboards for visualization, and collect custom metrics from your own applications.

2. CloudWatch Metrics


What is a Metric?

  1. A metric is a time-ordered set of data points representing a variable over time
  2. Metrics belong to a namespace (e.g., AWS/EC2, AWS/RDS, AWS/Lambda)
  3. Identified by: namespace + metric name + dimensions
  4. Dimensions: key-value pairs that categorize metrics (e.g., InstanceId=i-abc123)
  5. Retention: 1-sec data kept 3 hours, 1-min data kept 15 days, 5-min data kept 63 days, 1-hour data kept 455 days (15 months)


Default vs Detailed Monitoring

Common EC2 Metrics (Built-in)

Important Warning

EC2 does NOT natively report memory utilization, disk space, or swap usage to CloudWatch. These require the CloudWatch Agent installed on the instance. This is one of the most tested CloudWatch facts on the exam.

CloudWatch Agent

  1. Software installed on EC2 (or on-premises servers) to collect additional metrics
  2. Collects: memory utilization, disk space, swap, per-process metrics, custom app metrics
  3. Also collects logs (sends to CloudWatch Logs)
  4. Configuration via JSON file (SSM Parameter Store recommended for config management)
  5. Uses IAM role for permissions (CloudWatchAgentServerRole)
  6. Works on Linux and Windows


Custom Metrics

  1. Publish your own metrics via the PutMetricData API
  2. Example: application-level metrics like active_users, orders_per_minute, queue_depth
  3. Resolution: Standard (1-minute) or High Resolution (1-second, higher cost)
  4. StorageResolution parameter: 1 (high-res) or 60 (standard)
  5. Use for: business metrics, application KPIs, anything not built-in

3. CloudWatch Alarms


Alarm States

Alarm Actions

Composite Alarms

  1. Combine multiple alarms using AND/OR logic
  2. Reduces alarm noise: only trigger when multiple conditions are true simultaneously
  3. Example: ALARM only when CPU > 80% AND Memory > 90% (composite: both alarms in ALARM state)
  4. Prevents false positives from single-metric spikes


EC2 Instance Recovery

  1. Special alarm action: automatically recover a failed EC2 instance
  2. Trigger: StatusCheckFailed_System alarm
  3. Recovery: instance is migrated to new hardware with same private IP, Elastic IP, metadata, and placement group
  4. Requirements: EBS-backed instance (not Instance Store), same instance type
  5. Alternative: Auto Scaling Group with min=1 (replaces instead of recovers)

4. CloudWatch Dashboards

  1. Custom visualizations of metrics from multiple services and Regions
  2. Global: dashboards can display metrics from any Region
  3. Auto-refresh: configurable interval (10s, 1m, 5m, etc.)
  4. Widgets: line charts, stacked area, number, text, log query results
  5. Shareable: share dashboard URL (anonymous access or authenticated)
  6. Cost: $3/dashboard/month (first 3 free)

Exam Tip

CloudWatch Metrics: "Memory/disk utilization on EC2" = CloudWatch Agent (NOT built-in). "1-minute monitoring" = Detailed Monitoring. "1-second metrics" = High Resolution custom metrics. "Recover failed EC2" = StatusCheckFailed alarm + EC2 Recovery action. "Reduce alarm noise" = Composite Alarms. "Custom business metrics" = PutMetricData API. Metric retention: 15 months for 1-hour data.