CloudWatch agent AWS CloudTrail CloudWatch Application Signals X-Ray Container insights

(Recommended) Best practices to enhance investigations

As a best practice, we recommend that you enable several AWS services and features in your account that can help CloudWatch investigations discover more information in your topology and make better suggestions during investigations.

CloudWatch agent

We recommend that you install the latest version of the CloudWatch agent on your servers. Using a recent version of the CloudWatch agent enhances the ability to find issues in Amazon EC2 and Amazon EBS during investigations. At a minimum, you should use Version 1.300049.1 or later of the CloudWatch agent. For more information about the CloudWatch agent and how to install it, see Collect metrics, logs, and traces using the CloudWatch agent.

AWS CloudTrail

We recommend that you configure your CloudTrail trails to send management events to CloudWatch Logs. CloudTrail records management events about control plane operations in your AWS account, such as configuring permissions policies and creating, modifying, and updating resources. When CloudTrail events are sent to CloudWatch Logs, CloudWatch investigations can analyze these events in your AWS account to detect changes in your account related to your investigation. For more information, see What is AWS CloudTrail, Creating a trail with the CloudTrail console, Working with CloudTrail trails and Sending events to CloudWatch Logs.

Note

CloudWatch investigations can only analyze CloudTrail events from trails that send events to CloudWatch Logs in the same AWS Region where you conduct the investigation. For cross-account investigations, it will review the CloudTrail trails in each configured account in the same region where you conduct the investigation.

CloudWatch Application Signals

CloudWatch Application Signals discovers the topology of your environment, including your applications and their dependencies. It also automatically collects standard metrics such as latency and availability. By enabling Application Signals, CloudWatch investigations can use this topology and metric information during investigations.

For more information about application signals, see Application Signals.

X-Ray

We recommend that you enable AWS X-Ray. X-Ray collects traces about requests that your applications serve. For any traced request to your application, you can see detailed information not only about the request and response, but also about calls that your application makes to downstream AWS resources, microservices, databases, and web APIs. This information can help CloudWatch investigations during investigations.

For more information, see What is AWS X-Ray

Container insights

If you use Amazon ECS or Amazon EKS, we recommend that you install Container insights. This improves the ability of CloudWatch investigations to find issues in your containers. For more information about the CloudWatch agent and how to install it, see Container Insights.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Integrations with other systems

CloudWatch investigations data retention