NEW - You can now accelerate your migration and modernization with AWS Transform. Read [Getting Started](https://docs.aws.amazon.com/transform/latest/userguide/getting-started.html) in the *AWS Transform User Guide*. # Monitoring Application Migration Service Monitoring Application Migration Service Monitoring is an important part of maintaining the reliability, availability, and performance of Application Migration Service and your other AWS solutions. AWS provides the following monitoring tools to watch Application Migration Service, report when something is wrong, and take automatic actions when appropriate: + *Amazon CloudWatch* monitors your AWS resources and the applications you run on AWS in real time. You can collect and track metrics, create customized dashboards, and set alarms that notify you or take actions when a specified metric reaches a threshold that you specify. For example, you can have CloudWatch track CPU usage or other metrics of your Amazon EC2 instances and automatically launch new instances when needed. For more information, see the [Amazon CloudWatch User Guide](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/). + *Amazon CloudWatch Events* delivers a near real-time stream of system events that describe changes in AWS resources. CloudWatch Events allows automated event-driven computing, as you can write rules that watch for certain events and trigger automated actions in other AWS services when these events happen. For more information, see the [Amazon CloudWatch Events User Guide](https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/). + *Amazon CloudWatch Logs* allows you to monitor, store, and access your log files from Amazon EC2 instances, CloudTrail, and other sources. CloudWatch Logs can monitor information in the log files and notify you when certain thresholds are met. You can also archive your log data in highly durable storage. For more information, see the [Amazon CloudWatch Logs User Guide](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/). + *AWS CloudTrail* captures API calls and related events made by or on behalf of your AWS account and delivers the log files to an Amazon S3 bucket that you specify. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred. For more information, see the [AWS CloudTrail User Guide](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/). # Monitoring Application Migration Service with Amazon CloudWatch Monitoring with CloudWatch You can monitor Application Migration Service using CloudWatch, which collects raw data and processes it into readable, near real-time metrics. These statistics are kept for 15 months, so that you can access historical information and gain a better perspective on how your web application or service is performing. You can also set alarms that watch for certain thresholds, and send notifications or take actions when those thresholds are met. For more information, see the [Amazon CloudWatch User Guide](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/). Application Migration Service supports six CloudWatch metrics in the AWS/MGN namespace. Application Migration Service includes the following metrics across all Source servers. The following metrics are dimensionless. | Metric name | Description | | --- | --- | | ActiveSourceServerCount | Number of Source servers that are not archived. | | TotalSourceServerCount | Number of source servers, including those that are archived. | AWS Application Migration Service includes the following metrics by individual source server. The following metrics have a single dimension: **SourceServerID. ** | Metric name | Description | | --- | --- | | LagDuration | The amount of time that has passed since the last consistent snapshot. | | Backlog | The amount of data yet to be synced. | | DurationSinceLastTest | The amount of time that has passed since the last Test instance launch. | | ElapsedReplicationDuration | The cumulative amount of time this server has been replicating for (from which billing information is derived). | # Application Migration Service EventBridge sample events MGN and EventBridge Application Migration Service sends events to Amazon EventBridge whenever a Source server launch has completed, a Source server reaches the READY\$1FOR\$1TEST lifecycle state for the first time, and when the data replication state becomes Stalled or when the data replication state is no longer Stalled . You can use EventBridge and these events to write rules that take actions, such as notifying you, when a relevant event occurs. For more information, see [What is Amazon EventBridge?](https://docs.aws.amazon.com/eventbridge/latest/userguide/what-is-amazon-eventbridge.html) AWS Application Migration Service sends events on a best-effort basis to EventBridge. Event delivery is not guaranteed. # Event samples The following are sample MGN events in EventBridge: **Topics** + [ ## MGN source server launch result ](#eventbridge-event-1) + [ ## MGN source server lifecycle state change ](#eventbridge-event-2) + [ ## MGN source server data replication stalled change ](#eventbridge-event-3) ## MGN source server launch result Emitted when a test or cutover instance launch was completed (successfully or with failure). Possible states (referring to the **state** field within the **details** field): 1. TEST\$1LAUNCH\$1SUCCEEDED 1. TEST\$1LAUNCH\$1FAILED 1. CUTOVER\$1LAUNCH\$1SUCCEEDED 1. CUTOVER\$1LAUNCH\$1FAILED Sample event: ``` { "version": "0", "id": "9da9af57-9253-4406-87cb-7cc400e43465", "detail-type": "MGN Source Server Launch Result", "source": "aws.mgn", "account": "111122223333", "time": "2016-08-22T20:12:19Z", "region": "us-west-2", "resources": [ "arn:aws:mgn:us-west-2:111122223333:source-server/s-12345678901234567" ], "detail": { "state": "*TEST_LAUNCH_SUCCEEDED*", "job-id": "*mgnjob-04ca7d0d3fb6afa3e*" } } ``` ## MGN source server lifecycle state change Emitted when a source server reaches the READY\$1FOR\$1TEST lifecycle state for the first time. Sample event: ``` { "version": "0", "id": "9da9af57-9253-4406-87cb-7cc400e43465", "detail-type": "MGN Source Server Lifecycle State Change", "source": "aws.mgn", "account": "111122223333", "time": "2016-08-22T20:12:19Z", "region": "us-west-2", "resources": [ "arn:aws:mgn:us-west-2:111122223333:source-server/s-12345678901234567" ], "detail": { "state": "*READY_FOR_TEST*" } } ``` ## MGN source server data replication stalled change Emitted when the data replication state becomes stalled, and when data replication state is no longer stalled (not stalled). Possible states (referring to the **state** field within the **details** field): 1. STALLED 1. NOT\$1STALLED Sample event: ``` { "version": "0", "id": "9da9af57-9253-4406-87cb-7cc400e43465", "detail-type": "MGN Source Server Data Replication Stalled Change", "source": "aws.mgn", "account": "111122223333", "time": "2016-08-22T20:12:19Z", "region": "us-west-2", "resources": [ "arn:aws:mgn:us-west-2:111122223333:source-server/s-12345678901234567" ], "detail": { "state": "*STALLED*" } } ``` # Registering event rules You create CloudWatch Events event rules that capture events coming from your Application Migration Service resources. **Note** When you use the AWS Management Console to create an event rule, the console automatically adds the IAM permissions necessary to grant Amazon CloudWatch Events permissions to call your desired target type. If you are creating an event rule using the AWS CLI, you must grant permissions explicitly. For more information, see [Events and Event Patterns](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CloudWatchEventsandEventPatterns.html) in the Amazon CloudWatch User Guide. To create your CloudWatch Events rules: 1. Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/). 1. On the navigation pane, choose **Events, Create rule**. 1. For **Event source**, select **Event Pattern** as the event source, and then select **Build custom event pattern**. 1. Paste one following event pattern into the text area, depending on the event rule you wish to create: 1. To catch all MGN events: ``` { "source": ["aws.mgn"] } ``` 1. To catch all Lifecycle state changes: ``` { "detail-type": ["MGN Source Server Lifecycle State Change"], "source": ["aws.mgn"] } ``` 1. To catch all events relating to a given source server: ``` { "source": ["aws.mgn"], "resources": [ "arn:aws:mgn:us-west-2:111122223333:source-server/s-12345678901234567" ] } ``` 1. For **Targets**, choose **Add target**. For **Target type**, choose your desired target. 1. Choose **Configure details.** 1. For **Rule definition**, type a name and description for your rule and choose **Create rule**. # Logging AWS Application Migration Service with AWS CloudTrail AWS Application Migration Service is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in AWS Application Migration Service. CloudTrail captures all API calls for AWS Application Migration Service as events. The calls captured include calls from the AWS Application Migration Service console and code calls to the AWS Application Migration Service API operations. If you create a trail, you can allow a continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for AWS Application Migration Service. If you don't configure a trail, you can still view the most recent events in the CloudTrail console in **Event history**. Using the information collected by CloudTrail, you can determine the request that was made to AWS Application Migration Service, the IP address from which the request was made, who made the request, when it was made, and additional details. To learn more about CloudTrail, see the [AWS CloudTrail User Guide](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html). ## AWS Application Migration Service information in CloudTrail CloudTrail is activated on your AWS account when you create the account. When activity occurs in AWS Application Migration Service, that activity is recorded in a CloudTrail event along with other AWS service events in **Event history**. You can view, search, and download recent events in your AWS account. For more information, see [Viewing events with CloudTrail Event history](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html). For an ongoing record of events in your AWS account, including events for AWS Application Migration Service, create a trail. A *trail* allows CloudTrail to deliver log files to an Amazon S3 bucket. By default, when you create a trail in the console, the trail applies to all AWS Regions. The trail logs events from all Regions in the AWS partition and delivers the log files to the Amazon S3 bucket that you specify. Additionally, you can configure other AWS services to further analyze and act upon the event data collected in CloudTrail logs. For more information, see the following: + [Overview for creating a trail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html) + [CloudTrail supported services and integrations](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html) + [Configuring Amazon SNS notifications for CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/configure-sns-notifications-for-cloudtrail.html) + [Receiving CloudTrail log files from multiple regions](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html) and [Receiving CloudTrail log files from multiple accounts](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html) All AWS Application Migration Service actions are logged by CloudTrail and are documented in the AWS Application Migration Service API. For example, calls to the `DescribeSourceServers` action to generate entries in the CloudTrail log files. Every event or log entry contains information about who generated the request. The identity information helps you determine the following: + Whether the request was made with root or AWS Identity and Access Management (IAM) user credentials. + Whether the request was made with temporary security credentials for a role or federated user. + Whether the request was made by another AWS service. For more information, see the [CloudTrail userIdentity element](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html). ## Understanding AWS Application Migration Service log file entries A trail is a configuration that allows for the delivery of events as log files to an Amazon S3 bucket that you specify. CloudTrail log files contain one or more log entries. An event represents a single request from any source and includes information about the requested action, the date and time of the action, request parameters, and so on. CloudTrail log files aren't an ordered stack trace of the public API calls, so they don't appear in any specific order. The following example shows a CloudTrail log entry that demonstrates the DescribeSourceServers. ``` { "eventVersion": "1.08", "userIdentity": { "type": "AssumedRole", "principalId": "AAAAAAAAAAAAAAAAAAA", "arn": "arn:aws:sts::1234567890:assumed-role/Admin/user", "accountId": "1234567890", "accessKeyId": "BBBBBBBBBBBBBBBBBBBB", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "AAAAAAAAAAAAAAAAAAA", "arn": "arn:aws:iam::1234567890:role/Admin", "accountId": "1234567890", "userName": "Admin" }, "webIdFederationData": {}, "attributes": { "creationDate": "2021-10-20T14:19:17Z", "mfaAuthenticated": "false" } } }, "eventTime": "2021-10-20T14:19:59Z", "eventSource": "mgn.amazonaws.com", "eventName": "DescribeSourceServers", "awsRegion": "eu-west-1", "sourceIPAddress": "54.240.197.234", "userAgent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36", "requestParameters": { "maxResults": 1000, "filters": {} }, "responseElements": null, "requestID": "d7618669-db08-4b53-bf6e-8a2cd57a677d", "eventID": "436c17a7-3a54-4f4e-815d-4d980339744e", "readOnly": true, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "1234567890", "eventCategory": "Management" } ```