AWS Assignment– 7

CloudWatch, CloudTrail & CloudFormation

Basic Questions

  1. Enable CloudWatch monitoring for an EC2 instance.
  2. View CPU utilization metrics for your EC2 instance in CloudWatch.
  3. Use the AWS CLI to list available CloudWatch metrics.
  4. Create a CloudWatch alarm that triggers if CPU usage > 70%.
  5. Configure the alarm to send a notification via SNS.
  6. Stop and start an instance to test CloudWatch alarm behavior.
  7. Enable detailed monitoring for an EC2 instance and compare with basic monitoring.
  8. Use the AWS CLI to get the latest CPU metric for an instance.
  9. Create a CloudWatch dashboard and add a CPU utilization widget.
  10. Add memory utilization to the dashboard using CloudWatch agent.
  11. Enable CloudTrail in your AWS account.
  12. Verify CloudTrail is logging events for your EC2 actions.
  13. Use AWS CLI to list the last 5 CloudTrail events.
  14. Find the IAM user who launched an EC2 instance from CloudTrail logs.
  15. Enable multi-region trail in CloudTrail.
  16. Send CloudTrail logs to an S3 bucket.
  17. Create a basic CloudFormation stack to launch one EC2 instance.
  18. Use AWS CLI to deploy the same stack.
  19. Update the stack to add a new Security Group rule.
  20. Delete the CloudFormation stack and verify resources are removed.

Intermediate Questions

  1. Create a CloudWatch alarm to stop an EC2 instance when CPU usage < 5% for 15 minutes.
  2. Configure a CloudWatch alarm to automatically reboot an EC2 instance.
  3. Install and configure the CloudWatch agent on Linux EC2 to send disk metrics.
  4. Use AWS CLI to check disk utilization metrics collected by the CloudWatch agent.
  5. Create a CloudWatch alarm for root disk utilization > 80%.
  6. Export CloudWatch logs to S3 for archival.
  7. Enable VPC Flow Logs and send them to CloudWatch Logs.
  8. Create a CloudWatch Logs group and push custom application logs from EC2.
  9. Set a metric filter on CloudWatch Logs to detect failed SSH login attempts.
  10. Create a CloudWatch alarm on the above filter and trigger SNS notification.
  11. Use CloudTrail to track IAM user activity (who created/modified users).
  12. Enable CloudTrail log file integrity validation.
  13. Create an Athena table to query CloudTrail logs from S3.
  14. Query CloudTrail logs to find all EC2 terminate events.
  15. Create a CloudFormation template to deploy an S3 bucket with versioning enabled.
  16. Add bucket policy in CloudFormation to allow only your IAM user access.
  17. Create a CloudFormation template with Parameters (e.g., instance type).
  18. Launch the template with different parameter values and compare results.
  19. Use CloudFormation Outputs to export Security Group ID.
  20. Reference exported values from another CloudFormation stack.

Advanced Questions

  1. Create a CloudWatch dashboard with CPU, disk, and memory metrics for multiple EC2s.
  2. Configure CloudWatch alarms to automatically recover an unhealthy instance.
  3. Enable CloudTrail event logging for S3 bucket activity (uploads, deletes).
  4. Use CloudTrail logs to detect unauthorized IAM access attempts.
  5. Write a Linux script that downloads CloudTrail logs from S3 and filters EC2 events.
  6. Create a CloudFormation template that provisions a VPC with a public subnet + EC2.
  7. Extend the template to include Security Groups and Internet Gateway.
  8. Add Outputs in CloudFormation to display the EC2 public IP after stack creation.
  9. Enable Stack rollback and test by intentionally giving an invalid parameter.
  10. Final Hands-on Project:
    • Enable CloudWatch + CloudTrail for your account
    • Install CloudWatch agent on Linux EC2 for custom metrics
    • Create alarms for CPU, disk, and failed SSH logins
    • Store logs in S3 and analyze with Athena
    • Create a CloudFormation stack for EC2 + S3 + Security Groups
    • Document monitoring + auditing + IaC best practices