We just raised a $30M Series A: Read our story

What is AWS Monitoring?


What are some best practices to keep in mind for AWS monitoring?

ITCS user
44 Answers

author avatar
Top 5LeaderboardReal User

Stick to AWS services architecture principles to integrate more easily with out-of-the-box monitoring. As an example, instead of deploying your web server on an EC2 instance and expose it directly, you might want to go through ECS with ALB in front of it. This way you'll get HTTP for the service so that you can build on top of it dashboards

Don't hesitate to use Cloudwatch for both metric & log monitoring.

Also, in the case of hybrid clouds, you might want to invest in some external monitoring tools to integrate with AWS/Cloudwatch as well as private cloud/infrastructure monitoring. This way, you can have a single pane of glass and track your migration using service-level KPIs
Here's an article that might be useful about hybrid cloud monitoring: https://www.zen-networks.ma/single-post/How-To-Monitor-Hybrid-Clouds

author avatar
Top 5Consultant

There are a lot of Best practices that need to be done when it comes down to AWS Monitoring. A few of them listed below.
1. Users activity monitoring
Cloud trail and IAM roles monitoring
Activity Monitoring to avoid any inconsequence failures
2. EC2/LB/ASG monitoring
Cloud watch / Insight/ Matrics alerting and monitoring to troubleshoot/and also log forwarder to an external agent for application-level monitoring
3. Metrics of SQS/SNS monitoring
Cloud watch Metrics/ Insight/ Matrics alerting and monitoring to troubleshoot
4. Lambda and SFTP monitoring
Cloud watch Metrics/ Insight/ Matrics alerting and monitoring to troubleshoot

I hope this helps.

author avatar
Top 5LeaderboardReseller

For cloud monitoring we MUST get next information:
- CPU/vCPU metrics (Utilization, min/max Average etc)
- Memory metrics (Utilization, min/max Average etc)
- Volumes metrics
- Ports and interfaces status
- Response Time
- Packet loss and network latency

author avatar

Avoid using the root account, the first account created on the AWS and that has administrative rights, and how monitoring should be established for when it is used.
Force the use of a second authentication factor (MFA - Multi Factor Authentication) to access the AWS console.
Disable access to unused credentials 90 days or more.
Rotation of Access Keys every 90 days or less.
Create strong password policies for IAM users.
Enable CloudTrail on all accounts.
Avoid and monitor the existence of Security Groups (SG) by releasing ingress / inbound access to port 22 or 3389 for any IP address (

Find out what your peers are saying about Zabbix, Microsoft, SevOne and others in Server Monitoring. Updated: September 2021.
542,029 professionals have used our research since 2012.