Benchmark: BP01 Monitor all components for the workload
Description
Monitor the components of the workload with Amazon CloudWatch or third-party tools. Monitor AWS services with AWS Health Dashboard. All components of your workload should be monitored, including the front-end, business logic, and storage tiers. Define key metrics, describe how to extract them from logs (if necessary), and set thresholds for invoking corresponding alarm events. Ensure metrics are relevant to the key performance indicators (KPIs) of your workload, and use metrics and logs to identify early warning signs of service degradation. For example, a metric related to business outcomes such as the number of orders successfully processed per minute, can indicate workload issues faster than technical metric, such as CPU Utilization. Use AWS Health Dashboard for a personalized view into the performance and availability of the AWS services underlying your AWS resources.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-well-architected
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select BP01 Monitor all components for the workload.
Run this benchmark in your terminal:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_rel06_bp01
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_rel06_bp01 --share
Controls
- EC2 instance detailed monitoring should be enabled
- API Gateway stage logging should be enabled
- ACM certificates should have transparency logging enabled
- CodeBuild projects should have logging enabled
- ECS task definitions should have logging enabled
- ELB application and classic load balancer logging should be enabled
- Lambda functions CloudTrail logging should be enabled
- OpenSearch domains should have audit logging enabled.
- Database logging should be enabled
- Route 53 zones should have query logging enabled
- S3 bucket logging should be enabled
- S3 buckets object logging should be enabled
- WAF web ACL logging should be enabled