Application Insights is an AWS managed service that can automatically perform discovery on resources and workloads that it supports. After the discovery process is completed, the service will configure a CloudWatch agent, alarms, metrics, and logs based on AWS best practices. The service helps you identify issues and resolve problems with your applications, databases, and workloads. Application Insights will provision the services required to record and visualize real-time application data in your account.
The collected data records what is accessing your services and how they are implemented and consumed. In the background, the services use Kinesis data streams and DynamoDB. The metrics captured include create, modify, and delete API calls for more than 60 AWS services.
Monitoring for this service is in real time. An Application Insights widget will be displayed on the CloudWatch overview home page in the console, and alerts and issues will be displayed on the Application Insights dashboard.
AWS Config is a service configuration tracking service; it records and stores a detailed record of how your services are configured. The service continuously runs in the background and captures all configuration changes to your AWS resources. The management console includes a dashboard that allows for a complete and customizable view of the config status and results, as shown in Figure 5.13. Compliance guidelines can be configured in the Config service and compared to your actual configurations to audit your resource configurations for compliance and adherence to company policies. Config tracks AWS services, on-premise servers, and application changes.
Config is a valuable change management tracking tool that provides a detailed record of all changes. It is also useful for troubleshooting as you can review what changes were made and roll back if necessary.
The configuration data can be analyzed and SNS messages generated based on the metric you define. Also, the data is stored in S3 for other applicants to analyze. The Config web console includes a query engine with preconfigured scripts that can be run, and granular results are returned, as shown in Figure 5.14.
FIGURE 5.14 Config query editor
This chapter examined the AWS monitoring and management services available with a focus on networking. This is a broad subject with many services and features. We focused on CloudWatch as the primary network management application for AWS networking operations. There are many different features and applications that are part of CloudWatch. You learned about the primary CloudWatch features including metrics, monitoring, logging, Metric Insights, and dashboards.
The Transit Gateway Network Manager is used as the management application for the AWS Transit Manager service.
The VPC Reachability Analyzer is an important network troubleshooting utility where you define a source and destination and AWS gives you detailed analysis of the path between the two services and, if there is an issue, where the blockage is occurring.
Next you learned about many of the AWS networking services that provide access logging such as ELB, Route 53, CloudFront, and CloudTrail.
X-Ray is an application tracing service that gives you graphical insight and performance metrics of the interaction between applications. X-Ray Insights adds intelligence to the data using the AWS artificial intelligence services.
You then learned about Flow Logs, what they are, and how they are used to collect and troubleshoot networking issues. Baselines are used to determine what is considered normal activity and can be used to determine if there are issues when metrics exceed their baseline values.
The Inspector service performs security and vulnerability analysis and assessments for EC2 and ECR container instances, applications, network accessibility, and how security is configured for the applications on the instances. Inspector can replace scanning utilities that are generally use-restricted by AWS inside a VPC.
Remember that the Inspector service is an AWS managed service that can automatically perform discovery on resources and workloads that it supports. After the discovery process is completed, the service will configure a CloudWatch agent, alarms, metrics, and logs based on AWS best practices. The service helps you identify issues and resolve problems with your applications, databases, and workloads.