Chapter Six
Monitoring & Management
You cannot operate what you cannot see. These six services provide the metrics, logs, audit trail, configuration history, and cost visibility that turn a running system into an operable one.
Monitoring and management on AWS split into five jobs: telemetry (CloudWatch), audit (CloudTrail), configuration history and compliance (Config), fleet operations (Systems Manager), and cost visibility (Trusted Advisor and Cost Explorer).
The trap is treating observability as something to add after launch. Alarms, log retention, and an audit trail are cheapest to wire in before the first incident — not during it.
Services in This Chapter
Service 40
Amazon CloudWatch
Metrics, logs, alarms, and dashboards for everything in AWS. The default observability backbone — and the trigger source for autoscaling and alerting.
Service 41
AWS CloudTrail
An audit log of every API call in your account — who did what, when, and from where. The forensic record for security and compliance.
Service 42
AWS Config
Tracks resource configuration over time and evaluates it against rules. Answers 'what changed?' and 'is this still compliant?'
Service 43
AWS Systems Manager
Operational hub for fleets — run commands, manage patches, store parameters, and open shell sessions without SSH keys or bastion hosts.
Service 44
AWS Trusted Advisor
Automated checks across cost, security, performance, and service limits, with concrete recommendations. The standing health check for your account.
Service 45
AWS Cost Explorer & Budgets
Visualizes spend, forecasts it, and fires alerts when budgets are exceeded. The first stop for understanding and controlling the bill.