The Elastic Guru

The Elastic Guru is a community of amazing AWS enthusiasts

We're a place where friendly AWS peeps create, read and share content to ignite the curiosity, learning, growth and success in young people.

Create new account Log in
Cover image for CloudWatch or CloudTrail?

CloudWatch or CloudTrail?

helenanders26 profile image Helen Anderson Originally published at ・3 min read

There are a lot of AWS services that start with 'Cloud'.

  • CloudFormation lets you provision infrastructure from a template.
  • CloudFront lets you spread out content so it's close to where your users are.
  • CloudSearch lets you create a search solution for your website or application.

Initially, CloudTrail and CloudWatch sound similar, but there are some key differences to what they do, how they monitor services, and when you might need them in isolation or in combination.

What does CloudWatch do?
When to use CloudWatch
What does CloudTrail do?
When to use CloudTrail
How to use them together?
Getting Started

What does CloudWatch do?

CloudWatch is concerned with the 'what?'

  • Is CPU usage high?
  • Is disk space low?
  • Have billing limits been exceeded?

CloudWatch needs to be turned on and configured but can be used with not only AWS Services but with custom logs as well.

When to use CloudWatch

CloudWatch allows us to see 'what' is happening in real time.

  • CloudWatch Logs: log data from AWS services - CPU utilisation.
  • CloudWatch Metrics: capture variables to monitor - CPU Utilisation over time.
  • CloudWatch Events: trigger an event based on a condition - every hour take a snapshot of a server.
  • CloudWatch Alarms: triggers notifications based on metrics when a defined threshold is breached.
  • CloudWatch Dashboards: create visualisations based on metrics.

Some of the services you can watch are:

What does CloudTrail do?

CloudTrail is concerned with the 'who?'

  • Who made the API call?
  • Which IP address has done something?
  • How did a user access a bucket?

CloudTrail is turned on by default and sends logs to an S3 bucket for further analysis.

When to use CloudTrail

CloudTrail can help with auditing and allows us to start with the problem, and trackback to where the problem began.

It's timestamps and record of 'who' lets us follow the trail to find the cause of any problems.

How to use them together?

Like so many other AWS Services, we can use CloudWatch and CloudTrail together.

In this example, CloudTrail logs an event and CloudWatch triggers an email notification.

Alt Text

1 - First set up CloudTrail to send the logs to CloudWatch.
2 - Set which metrics you would like to measure.
3 - Configure alarms so you know when limits have been reached.

Getting Started

CloudTrail is free of charge BUT the storing of the logs on S3 is not. Check out the Monthly Cost Calculator to find out how much you will be charged given your use case.

Get started with CloudWatch using the free tier. To see if your use case will mean rolling into the paid tier check out the pricing tabs and examples of scenarios where custom metrics are more appropriate.

Useful Links:

This post originally appeared on

Discussion (1)

Editor guide
lee profile image

CloudWatch is such a significant part of everything!