Introduction

In cloud environments, security, monitoring, and seamless integration between services are crucial.
AWS provides various tools to achieve these goals, including CloudTrail for auditing, CloudWatch for monitoring, SNS (Simple Notification Service) for messaging, and SQS (Simple Queue Service) for decoupled communication.

• This blog deals with the following:
• Enabling CloudTrail to track EC2 instance start/stop events.
• Using CloudWatch to monitor events.
• Setting up an SNS topic, subscribing to it, and sending messages.

Getting Started with!

Enabling CloudTrail to Monitor EC2 Events

AWS CloudTrail provides a history of API calls made within an AWS account, helping track changes and security-related events.

Steps to Enable CloudTrail:

• Navigate to the AWS CloudTrail console.
  

• Click on Create Trail and provide a name (e.g., EC2-Monitoring-Trail).

• Select Apply trail to all regions for comprehensive tracking.

• Choose an S3 bucket to store logs or create a new one.
  

• Enable CloudWatch Logs to send logs for monitoring.

• Click Create Trail.

Monitoring an EC2 Start/Stop Event:

• Start or stop an EC2 instance from the EC2 console.
• Go to CloudTrail > Event History and filter by Event Name: StartInstances or StopInstances.
• Verify that the event is logged with details like user, time, and instance ID.
  

Creating an SNS Topic and Sending Notifications

AWS SNS (Simple Notification Service) allows sending notifications to multiple subscribers.

Steps to Create an SNS Topic and Subscribe:

• Navigate to AWS SNS.
  

• Click Create Topic and choose Standard type.
  

• Provide a name (e.g., DemoTopic) and create the topic.

Click Create Subscription, select:

• Protocol: Email or SMS.
• Endpoint: Your email or phone number.
• Confirm the subscription via the email/SMS received.
  

Sending a Message to SNS:

• Open the SNS topic and click Publish Message.
• Enter a subject and message body.
• Click Publish Message and verify the notification.
  

Receiving the mail:

• Once the message is published to the SNS topic, all subscribed endpoints (e.g., email, SMS) will receive the notification.
• Check your email inbox (or spam folder if not found).
• You should see an email with the subject and message body that was entered while publishing the SNS message.
  

Note: If you configured SNS with CloudWatch Alarms, you would receive an email automatically when the monitored event occurs (e.g., EC2 instance state change). Check the above CloudWatch Alarms.

Setting Up CloudWatch for Monitoring

AWS CloudWatch helps monitor AWS resources and applications in real time.

Steps to Monitor EC2 Events with CloudWatch:

• Navigate to AWS CloudWatch.
• Go to Logs > Log Groups and check if CloudTrail logs are available.
  

Create a CloudWatch Alarm:

• Click Alarms > Create Alarm.
  

• Select EC2 Instance State Change as the metric.
  

• Set a threshold (e.g., NetworkIn).
  

• Choose an SNS topic for notifications.
  

• Click Create Alarm.
  

Getting Notified:

• Once the CloudWatch alarm is triggered, AWS SNS sends a notification to the subscribed email address.
• The email contains details about the alarm, such as its name, the reason it was triggered, and a link to view it in the AWS Management Console.
  

Conclusion

By following these steps, we successfully:

• Enabled CloudTrail to audit EC2 events.
• Configured CloudWatch to monitor instance state changes.
• Created an SNS topic to send notifications.
  These AWS services enhance security, monitoring, and integration in cloud environments. Implementing them ensures better visibility, automated alerts, and efficient communication between applications.