How can the requirements be met with MINIMAL management overhead?

By:
In: DOP-C01
Tagged:
With: 1 Comment
A mobile application running on eight Amazon EC2 instances is relying on a third-party API endpoint.The third-party service has a high failure rate because of limited capacity which is expected to be resolved in a few weeks.In the meantime, the mobile application developers have added a retry mechanism and are logging failed API requests.A DevOps engineer must automate the monitoring of application logs and count the specific error messages, if there are more than 10 errors within a 1-minute window the system must issue an alert.

How can the requirements be met with MINIMAL management overhead?

Install the Amazon CloudWatch agent on all instances to push the application logs to CloudWatch Logs. Use metric filters to count the error messages every minute, and initiate a CloudWatch alarm if the count exceeds 10 errors.

Install the Amazon CloudWatch agent on all instances to push the access logs to CloudWatch Logs. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to count the error messages every minute, and initiate a CloudWatch alarm if the count exceeds 10 errors.

Install the Amazon CloudWatch agent on all instances to push the application logs to CloudWatch Logs. Use a metric filter to generate a custom CloudWatch metric that records the number of failures and initiates a CloudWatch alarm if the custom metric reaches 10 errors in a 1-minute period.

Deploy a custom script on all instances to check application logs regularly in a cron job. Count the number of error messages every minute, and push a data point to a custom CloudWatch metric. Initiate a CloudWatch alarm if the custom metric reaches 10 errors in a 1-minute period.

Explanations:

The solution uses CloudWatch Logs and metric filters but does not account for the need to count errors over a 1-minute window specifically. Metric filters work on logs but are not optimized for time-window-based aggregations like the one required here.

Amazon EventBridge is not suitable for counting log entries within a specific time window (like 1 minute). EventBridge is more appropriate for event-driven workflows, not for aggregating and counting log messages.

This option uses the CloudWatch agent to send logs to CloudWatch Logs, then employs a metric filter to count specific error messages and generates a CloudWatch metric. This metric is then used to trigger an alarm, which meets the requirements with minimal overhead.

Deploying a custom script and using cron jobs introduces unnecessary complexity and management overhead. This option involves more manual work and configuration compared to a native CloudWatch solution that would provide automatic monitoring.

2025-10-02

1 Comment

  1. Gregory
    Author

    I draft that the answer is:
    Install the Amazon CloudWatch agent on all instances to push the application logs to CloudWatch Logs. Use a metric filter to generate a custom CloudWatch metric that records the number of failures and initiates a CloudWatch alarm if the custom metric reaches 10 errors in a 1-minute period.

Leave a Reply

Your email address will not be published. Required fields are marked *

9 − 1 =